Global attack on Microsoft’s email platform ‘Exchange Server’
‘Immediate action is necessary,’ demanded the Federal Office for Information Security (BSI). Hackers attacked Exchange servers via several security vulnerabilities.
What had actually happened?
During the night of 2 to 3 March, Microsoft announced that security vulnerabilities had been discovered on the Exchange Server email platform, which hackers had exploited on a large scale for data espionage.
Microsoft then provided unscheduled updates (known as patches), comprehensive information and additional tools, not only to close the security gaps, but also to determine whether hackers had already successfully penetrated the system.
A week later, Microsoft released further patches to close the security gaps.
The BSI declared this to be the highest IT threat level in category 4/red and provided comprehensive information about the events.
According to experts, the IT threat situation is extremely critical. Due to the failure of many services, normal operations cannot be maintained.* As it later became known, the security vulnerabilities had been known for some time, one of them since at least the beginning of January. This gave the attackers plenty of time to analyse and exploit these vulnerabilities.
German companies were and remain particularly vulnerable to attacks because, compared to other countries, they tend to operate important services locally rather than in the cloud (provision of IT services via the Internet).
The following chart (as of 8 March 2021) illustrates the scale of the systems affected:
Source: CERT-Bund
What effects were felt?
If attackers manage to penetrate the systems, not only can data be stolen or encrypted, but all internal and external communication can be brought to a standstill, as email services may have to be partially restricted or even temporarily shut down.
Companies and public authorities were thus cut off from the outside world, and their very existence could be threatened, as communication is one of the aspects essential for survival.
What measures should be taken?
- The most important measure is to install all necessary patches.
- All systems must be examined to determine whether they have been compromised.
- If your system has been compromised, the GDPR requires you to report this immediately to the Lower Saxony State Commissioner for Data Protection.
- Keep up to date with the latest information and publications on this topic.
- Consult an IT security expert for support.
Outlook – what happens next?
Despite all the measures recommended by the BSI and Microsoft, the all-clear cannot be given. The systems must be checked by the responsible IT administrators and
Service providers continue to be closely monitored.
Microsoft itself is still keeping quiet about the effects and incidents.
It can be assumed that a statement will be issued shortly.
If you require assistance, please contact cit:
Michael Rode – Senior Consultant
Tel. +49 531 180 59 500 E-Mail: m.rode@cit-net.de
