Computer user (symbol picture): The malware Emotet is back in circulation
Photo: Jochen Tack / IMAGO
The Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) have warned of an increased risk of hacker attacks on companies and organizations for the coming Christmas holidays.
The cause of the danger is therefore, on the one hand, a new wave of spam, which is expected in connection with the Emotet Trojan, which has recently been in circulation again.
On the other hand, the BSI and BKA observe that the criminal scene, which specializes in blackmail software, is currently wooing fellow campaigners.
BSI President Arne Schönbohm had already described Emotet as the "king of malware" in 2019.
The BKA once called the Trojan, which is often used in the course of so-called ransomware attacks, "the most dangerous malware in the world".
The BSI and the BKA are also concerned about the sometimes poor protection against cyber attacks in companies and organizations.
At least 13,000 servers of the Microsoft Exchange communication platform in Germany are still vulnerable, it is said.
The BSI sees this as a threatening scenario and requested those responsible to implement appropriate IT security measures.
Microsoft recognized the security gaps in this case a long time ago and closed them with updates.
However, these updates must also be installed by the IT managers.
Hackers also use the holidays
BSI President Schönbohm said that holidays, vacation times and weekends in particular had been used repeatedly for such attacks in the past, as many companies and organizations would then be less responsive.
It is now time to implement the necessary protective measures.
BKA President Holger Münch said: "The threat posed by ransomware challenges us more than ever." In 2021, there will be a significant increase in the number of cases of attacks with ransomware.
The fact that Emotet was back in circulation at the beginning of 2021 after the malware infrastructure was smashed shows the dynamism in this area of crime, according to Münch.
"The active public advertising of hacker groups for their criminal business model› Cybercrime as a Service ‹underlines once more the professionalism and degree of networking of our counterparts."
Among other things, the BSI and BKA urgently advise companies to keep functional backups.
Emergency concepts would have to be prepared and practiced.
Companies and private individuals affected by attacks should also file criminal charges with their local police station or with the Central Contact Point Cybercrime (ZAC).
This is the only way to recognize the real extent of this crime phenomenon.
mbö / dpa