Hacker attacks on Microsoft could affect hundreds of thousands of email servers.
According to an expert, Germany is likely to be particularly affected.
In the meantime, the US company has responded.
Update from March 8, 2021:
The European Banking Authority (EBA) in Paris has become a victim of the security gap in Microsoft's Exchange e-mail service.
As a "precautionary measure", the systems were switched off, the EBA said.
It is therefore still unclear whether data may have been leaked.
So far there has been no evidence, the authority said on Monday.
An investigation has been launched.
Hacker attack on Microsoft: Up to 300,000 companies affected
Last week Microsoft held a state-backed Chinese hacker group called "Hafnium" responsible for attacks on its e-mail service and published updates for Exchange.
According to a report by cybersecurity expert Brian Krebs, 30,000 organizations and companies in the US alone could be affected by the "unusually aggressive" hacker attack.
On Friday, the Federal Office for Information Security (BDI) called for the patches provided by Microsoft to be installed “immediately”.
According to information from IT service provider Shodan, tens of thousands of Exchange servers in Germany can be attacked via the Internet and are very likely already infected with malware, the authority said.
Microsoft: Hack attack leads to "extremely critical" threat situation - Germany is also badly affected
The Federal Office for Information Security (BSI) classified the threat situation last week as extremely critical.
Hackers would be able to access data or install additional malware.
According to the BSI, tens of thousands of Exchange servers in Germany can be attacked via the Internet "and there is a high probability that they are already infected with malware".
First report from March 7, 2021
Washington / Munich
- Tens of thousands of corporate, government and educational institutions around the world have fallen victim to hacker attacks.
That comes from reports from the US media.
The background is a security vulnerability that became known a few days ago.
A security update has been available for the vulnerability in Microsoft's Exchange Server software since last Wednesday.
But it has to be installed by the customer.
On Friday, the Federal Office for Information Security (BSI) warned thousands of German companies to fill the gap quickly.
Hacker attack on Microsoft: Numbers of affected e-mail servers vary widely
The information on the number of people affected varied widely in the reports.
There could be more than 250,000 victims worldwide, the
Wall Street Journal
wrote over the
weekend, citing an informed person.
A former US official familiar with the investigation told Bloomberg financial services that they knew of at least 60,000 affected e-mail servers.
The well-connected IT security specialist Brian Krebs and the computer
magazine Wired
reported 30,000 hacked email systems in the United States alone.
"In an international comparison, German * companies are particularly hard hit by this Microsoft Exchange gap," said Rüdiger Trost from the IT security company F-Secure on Sunday.
"The reason: German companies fear the cloud and therefore often operate services such as Exchange locally."
Hacker attack on Microsoft: Cyber attack apparently originated in China
Microsoft warned on Wednesday that the four previously not publicly known security holes are being exploited by alleged Chinese hackers.
The hacker group, which Microsoft calls “Hafnium”, wanted to use the vulnerabilities to tap information in the USA * in particular.
The goals were, among other things, research on infectious diseases as well as universities, law firms and companies with defense contracts.
The attacks were targeted and Microsoft had no evidence that private customers were also attacked.
According to the reports, however, unsecured systems have been attacked on a broad front since the vulnerabilities were announced.
According to Microsoft, the 2013, 2016 and 2019 Exchange server versions are affected. Exchange is used by many companies, authorities and educational institutions as an e-mail platform.
In the event of a successful attack via the vulnerabilities, it is possible to access data from the e-mail system.
Microsoft was made aware of the security gaps by IT security researchers.
(dpa) * Merkur.de is an offer from IPPEN.MEDIA
