High time for protective measures
“We see clear signs of an increasing threat from Emotet as well as vulnerable MS-Exchange instances and the resulting ransomware attacks in Germany. Holidays, vacation times and weekends in particular have been used repeatedly for such attacks in the past, as many companies and organizations then are less reactive, “says Arne Schönbohm, BSI President. “Now is the time to implement appropriate protective measures!”
Ransomware attacks are usually carried out in stages. After an infection of the target system, for example by Emotet or by exploiting existing vulnerabilities, other malware variants are reloaded in a further step. They are used to spread in the infected networks and finally to encrypt the systems. These processes are often carried out by different groups of perpetrators who operate in service models.
With this model, the Federal Criminal Police Office speaks of “Cybercrime as a Service”. Successful attacks with ransomware can take on dimensions that threaten the very existence of any company, which is why the BSI has published a separate cyber security warning on this threat situation and also sent it to its target groups.
Cybercrime as a Service
“The threat posed by ransomware challenges us more than ever. In 2021 there will be a significant increase in the number of cases of attacks with ransomware,” said Holger Münch, President of the Federal Criminal Police Office.
The fact that Emotet was back in circulation after the takedown in early 2021 shows the dynamism in this area of crime. “The active public advertising of hacker groups for their criminal business model” Cybercrime as a Service “underlines once more the professionalism and degree of networking of our counterparts.”
Second weak point: Microsoft Exchange
In addition, the BSI has observed that numerous vulnerable MS Exchange instances in Germany can again be reached via the Internet. The reason for this is often the operator’s inadequate patch behavior – i.e. the closing of security gaps. However, the BSI is also aware of several cases in which the patches that were installed did not provide the desired protective effect. The security authority has also warned of the dangers posed by vulnerable MS Exchange servers.
In view of the threat situation described, the BSI and BKA advise strengthening detection and reaction capabilities in addition to preventive measures. In particular, functional backups should be kept and emergency concepts prepared and practiced. The BSI has the most important ones for this First aid measures in the event of an IT security incident compiled.
Regardless of this, the following applies: Affected companies such as private individuals should file criminal charges with your local police station or the central cybercrime contact points for companies, advise both authorities. This is the only way to recognize the actual extent of this crime phenomenon and to take action against the perpetrators. (sg)