Up to 60,000 computer systems exposed in Germany to Microsoft flaw - BSI

Reuters2021-03-11

By Andreas Rinke

BERLIN, March 10 (Reuters) - As many as 60,000 computer systems in Germany were exposed to a flaw that allows unauthorized users to access systems in Microsoft Corp's

email software, the head of its cybersecurity watchdog said on Wednesday.

More than half of the vulnerabilities were addressed following a warning last weekend by the Federal Office for Information Security $(BSI)$, but around 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said.

"The warning has worked. In Germany, many Exchange servers have been secured by downloading patches," Schoenbohm said in written comments to Reuters. "Every vulnerable system is one too many and can lead to harm."

The flaw appears to have been widely exploited by hackers and affected more than 20,000 U.S. organisations. The European Union's banking regulator and the Norwegian parliament have also been hit.

In a 14-page report on the Microsoft vulnerability, the BSI said the behaviour of hackers exploiting it had changed sharply since it was publicly revealed.

Initially, most targets had been think tanks, universities, non-governmental organisations, law firms and defence companies - mostly in the United States.

"Now, these exploits are being deployed at mass scale against thousands of targets - apparently worldwide," the report said.

At least 10 different hacking groups were using the latest flaw in Microsoft's mail server software to break into targets around the world, according to researchers at cybersecurity company ESET.

In Germany, two federal authorities have been affected by the hack, the BSI said, declining to say which.

The BSI said it had been contacted since the weekend by around 100 companies ranging from small businesses to leading companies seeking guidance, well above the usual number.

"We are in touch with all Computer Emergency Response Teams $(CERT)$ in Europa and abroad, especially the Cybersecurity and Infrastructure Security Agency (CISA) in the United States," the BSI said, adding it was also in close contact with Microsoft.

(Additional reporting by Raphael Satter, Writing by Douglas Busvine; Editing by Bernadette Baum)

((douglas.busvine@tr.com; +49 30 220 133 562;))

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment