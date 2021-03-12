As many as 60,000 computer systems in Germany were exposed to a flaw that allows unauthorized users to access systems in Microsoft Corp’s e-mail software, the head of the country’s cybersecurity watchdog said on Wednesday.
More than half of the vulnerabilities were addressed following a warning last weekend by the German Federal Office for Information Security (BSI), but about 25,000 systems still need to be fixed, BSI president Arne Schoenbohm said.
“The warning has worked. In Germany, many [Microsoft] Exchange servers have been secured by downloading patches,” Schoenbohm said in a statement. “Every vulnerable system is one too many and can lead to harm.”
Photo: AP
The flaw appears to have been widely exploited by hackers and affected more than 20,000 US organizations. The EU’s banking regulator and the Norwegian parliament have also been hit.
In a 14-page report on the Microsoft vulnerability, the BSI said that the behavior of hackers exploiting it had changed sharply since it was publicly revealed.
Initially, most targets had been think tanks, universities, non-governmental organizations, law firms and defense companies — mostly in the US.
“Now, these exploits are being deployed at mass scale against thousands of targets — apparently worldwide,” the report said.
At least 10 different hacking groups were using the latest flaw in Microsoft’s e-mail server software to break into targets around the world, researchers at cybersecurity company ESET said.
In Germany, two federal authorities have been affected by the hack, the BSI said, declining to say which.
The BSI said it had been contacted since the weekend by about 100 companies ranging from small businesses to leading companies seeking guidance, well above the usual number.
“We are in touch with all computer emergency response teams in [Europe] and abroad, especially the Cybersecurity and Infrastructure Security Agency in the United States,” the BSI said, adding it was also in close contact with Microsoft.
