The Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) have warned of an increased risk of cyber attacks on companies and organizations for the coming Christmas holidays. The cause of the danger is, on the one hand, a wave of spam messages infected with the dangerous Emotet malware. In addition, the BSI and BKA observe that the criminal scene, which specializes in blackmail software (ransomware), is currently wooing fellow campaigners.
The risk continues to be exacerbated by poor protection against cyber attacks in companies and organizations. Many servers in the Microsoft Exchange communications platform are still vulnerable. The BSI sees this as a threatening scenario and requested those responsible to implement appropriate IT security measures. Microsoft recognized the security gaps a long time ago and closed them with updates. However, these must also be installed by the IT managers.
BSI President Arne Schönbohm said that holidays, vacation times and weekends in particular had been used repeatedly for such attacks in the past, as many companies and organizations would then be less responsive. “Now is the time to implement appropriate protective measures!”
BKA President Holger Münch said: “The threat posed by ransomware challenges us more than ever.” A significant increase in the number of cases of attacks with ransomware is emerging in 2021. “The fact that Emotet is back in circulation after the malware infrastructure has been broken up at the beginning of 2021 shows the dynamism in this area of crime.” The active public promotion of hacker groups for their criminal business model ” Cybercrime as a Service “once again underlines the professionalism and degree of networking of our counterparts.”
In view of the threat situation described, the BSI and BKA advise companies and organizations to be better off about possible attacks prepare. In particular, functional data backups should be kept available. Emergency concepts would have to be prepared and practiced. Schönbohm and Münch called on companies and private individuals affected by cyber attacks to file a criminal complaint with their local police station or the Central Contact Points Cybercrime (ZAC) to deliver. This is the only way to recognize the real extent of this crime phenomenon. (dpa / rw)