Up to 60,000 computer systems exposed in Germany to Microsoft flaw - BSI

More than half of the vulnerabilities were addressed following a warning last weekend by the Federal Office for Information Security (BSI), but around 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said.

Published - March 11, 2021 11:35 am IST

 BSI said the behaviour of hackers exploiting it had changed sharply since it was publicly revealed.

BSI said the behaviour of hackers exploiting it had changed sharply since it was publicly revealed.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

As many as 60,000 computer systems in Germany were exposed to a flaw that allows unauthorized users to access systems in Microsoft Corp's email software, the head of its cybersecurity watchdog said on Wednesday.

More than half of the vulnerabilities were addressed following a warning last weekend by the Federal Office for Information Security (BSI), but around 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said.

"The warning has worked. In Germany, many Exchange servers have been secured by downloading patches," Schoenbohm said in written comments to Reuters. "Every vulnerable system is one too many and can lead to harm."

The flaw appears to have been widely exploited by hackers and affected more than 20,000 U.S. organisations. The European Union's banking regulator and the Norwegian parliament have also been hit.

In a 14-page report on the Microsoft vulnerability, the BSI said the behaviour of hackers exploiting it had changed sharply since it was publicly revealed.

Initially, most targets had been think tanks, universities, non-governmental organisations, law firms and defence companies- mostly in the United States.

"Now, these exploits are being deployed at mass scale against thousands of targets - apparently worldwide," the report said.

At least 10 different hacking groups were using the latest flaw in Microsoft's mail server software to break into targets around the world, according to researchers at cybersecurity company ESET.

Also Read : White House says Microsoft email hackers have ‘large number of victims’

In Germany, two federal authorities have been affected by the hack, the BSI said, declining to say which.

The BSI said it had been contacted since the weekend by around 100 companies ranging from small businesses to leading companies seeking guidance, well above the usual number.

"We are in touch with all Computer Emergency Response Teams(CERT) in Europa and abroad, especially the Cybersecurity and Infrastructure Security Agency (CISA) in the United States," the BSI said, adding it was also in close contact with Microsoft.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.