Thousands of German companies have been targeted by hackers.
But many companies take far too long to close the security gaps, warns the BSI.
Munich - German companies are apparently hardly afraid of intruders into their mail servers.
This emerges from a current overview by the Federal Office for Information Security (BSI).
According to this, despite an urgent warning from the BSI from the beginning of March, a total of 10,720 mail servers in this country are not protected against a gaping security hole.
"That is still a hell of a lot," warned BSI boss Arne Schönbohm to the
time
.
The BSI had previously urged companies to secure their Microsoft Exchange servers with appropriate security updates and issued the highest security warning level since 2014.
But so far the response has been unexpectedly low.
Microsoft: Complex updates
According to experts, German companies are particularly hard hit by the Microsoft Exchange gap in an international comparison, according to industry circles.
However, sealing the security gaps is not a trivial matter.
As a rule, the system administrators would first have to install older patches on the computers and strictly observe the correct order.
This makes the process very laborious.
In many companies, the Exchange servers have not been regularly patched with the necessary updates for a long time.
Therefore, the process for many companies is now very complex and protracted.
Webshells should enable later control of the networks
For the hackers, this improves the chances of successful attacks.
Many have now installed so-called webshells behind the firewalls, with the help of which they can later access from the outside and take full control.
From security circles it is said that one must therefore prepare for a new flood of so-called ransomware attacks in the coming months.
Hackers automatically encrypt all data they can find in a network and only release it after paying a ransom.
Exchange is used by many companies, authorities and educational institutions as an e-mail and collaboration platform.
In the event of a successful attack via the vulnerabilities, it is possible to access data from the e-mail system.
Microsoft suspects Chinese hackers behind the attack
Microsoft warned at the beginning of March that the four previously not publicly known security holes are being exploited by alleged Chinese hackers.
The hacking group, which Microsoft calls "Hafnium", wanted to use the vulnerabilities primarily to access information in the USA.
The goals were, among other things, research on infectious diseases as well as universities, law firms and companies with defense contracts.
They were targeted attacks.
According to the reports, however, unsecured systems have been attacked on a broad front since the vulnerabilities were announced.
According to the BSI, countless companies in Germany are also affected by the attack, including authorities.