Hackers use Microsoft to hack
Microsoft hack: Many German companies could be affected
The number of possible victims of an attack on Microsoft email software fluctuates and yet reveals its global significance. The Wall Street Journal speaks of 250,000 victims worldwide. The financial service Bloomberg a former US official familiar with the investigation said at least 60,000 e-mail servers were known to have been affected.
What could that happen?
Cyber security expert Brian Krebs wrote on his website on Friday that the attackers had exploited a security hole in the Microsoft software company's Exchange email service, stolen emails and infected computers with programs that would allow remote control.
White House spokeswoman Jennifer Psaki spoke of a "current threat". "Everyone who uses these servers must act now," said Psaki and advised to install an available security update as soon as possible. "We fear that there will be a large number of victims."
The Microsoft loophole became known days ago. According to Microsoft, the Exchange Server versions 2013, 2016 and 2019 are affected. The vulnerabilities did not exist in cloud versions of Microsoft's e-mail service.
A security update has been available for the vulnerability in the Exchange Server since last week. However, it must first be installed by the customer himself. On Friday, the German Federal Office for Information Security (BSI) warned around 9,000 companies to fill the gap quickly. "The actual number of vulnerable systems in Germany is likely to be significantly higher," warned the authority, which is responsible for IT security for the federal government, among other things.
"In an international comparison, German companies are particularly hard hit by this Microsoft Exchange gap," said Rüdiger Trost from the IT security company F-Secure on Sunday. "The reason: German companies fear the cloud and therefore often operate services such as Exchange locally." It is now a race against time.
Attackers from China
The hacker group called "Hafnium" by Microsoft is, according to the company, a "very accomplished and highly developed player". In the past, according to Microsoft, hafnium was primarily aimed at organizations and institutions in the United States. Affected were therefore "research institutions for infectious diseases, law firms, universities, defense companies, political think tanks and non-governmental organizations". The group is based in China, but operates mainly through rented virtual private servers in the USA.
The attackers initially selected a few targets, but in the end they went over to automatically adding back doors to tens of thousands of e-mail servers on a daily basis, said the head of the IT security company Volexity, Steven Adair, at Bloomberg.
The IT expert Krebs writes that the number of attacks "increased dramatically" after Microsoft's security update. "At least 30,000 organizations in the United States, including a significant number of small businesses, city and regional governments, have been attacked in the past few days by an unusually aggressive Chinese cyber espionage unit focused on email theft."
Rüdiger Trost from the IT security company F-Secure assumes that the attackers are now overwhelmed because they cannot immediately exploit all open networks. Therefore, a back door will be installed for later. "So we will see a lot of data leaks and extortions due to this exchange gap in the coming months," said Trost.
nm / hb (dpa, afp)
- Can you understand world history
- How many tons can a container contain?
- Are metal studs better than wood
- Are kitchen workers
- Have you ever met a Bollywood star
- What are some problems in preschool education
- The Australian government pays for job seekers
- Why do so many restaurant workers smoke
- Do you mind what to eat?
- What is the deputy sales representative TELE
- When does Canada celebrate its national day?
- What is heterosexism
- Can India be a developed country 3
- Biggest country in the world
- Do students studying humanities get jobs
- How do you explain the Saudade to someone
- How do people buy shoes online
- Why do employers not give a salary?
- Is education more important than sport
- How is Rahul Dravid from the field
- What does the slang term stacked up?
- Reading singers music
- What problems do you have with Square
- How to make items in China
- Which MBTI type gets the best ideas?
- Why do Maharashtrians support Shiv Sena
- What is the national fruit of Kenya
- How were emergency numbers decided
- When did Englishmen come to Canada?
- How dirty are public toilets actually
- How do composers write symphonies
- What is a modern relationship
- Why do Pakistani people speak Punjabi
- How much do braces cost in Germany