BSI: Six federal authorities affected by cyber attack on Exchange

display

Bonn (dpa) - According to the Federal Office for Information Security (BSI), six federal authorities are also affected by the widespread cyberattacks on Microsoft's e-mail programs.

"There was a possible compromise in four cases," said a security warning.

The BSI did not want to say publicly which institutions are involved.

Help has been offered to the authorities concerned and has already been active in individual cases.

The BSI published a first security warning last Friday.

"Affected are organizations of all sizes," it says there.

In the case of 9,000 companies and other institutions, the Federal Office estimated the threat posed by the cyber attackers who were already exploiting the vulnerability to be so high that they were warned of the danger by post.

display

Microsoft was made aware of the security gaps by IT security researchers in January.

The software company then began to develop an update for its Exchange program.

The attackers initially selected a few targets, but in February they switched to adding back doors to tens of thousands of e-mail servers on a large scale every day, said the head of the IT security company Volexity, Steven Adair.

According to experts, German companies are more severely affected than average by this Microsoft Exchange gap in an international comparison, because they operate Exchange in-house or rented data centers themselves.

The Exchange Server versions 2013, 2016 and 2019 used were all affected by the security vulnerability - and some of them were backed up with a delay by the update.

The vulnerabilities did not exist in cloud versions of Microsoft's e-mail service.

Exchange is used by many companies, authorities and educational institutions as an e-mail and collaboration platform.

In the event of a successful attack via the vulnerabilities, it is possible to access data from the e-mail system.

The attack was usually automated.

The attackers were able to install their own control software on the servers.

Affected servers can then be checked remotely.

display

© dpa-infocom, dpa: 210309-99-747933 / 2

Blog entry from Microsoft

Technical details on security vulnerabilities

display

Message from the BSI

Blog entry by Brian Krebs