From the point of view of the Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) there is an increased risk of cyber attacks on companies and organizations for the upcoming Christmas holidays. The threat of ransomware via Emotet is increasing in particular.
The reason for this is the renewed dispatch of Emotet spam as well as the active public solicitation of ransomware groups for criminal associates. The continued vulnerability of many Microsoft Exchange servers in Germany also increases this risk. The BSI sees this as a threatening scenario and urgently advises companies and organizations to implement appropriate IT security measures.
Emotet spam and Exchange server vulnerability
Arne Schönbohm, BSI President: “We see clear signs of an increasing threat from Emotet as well as vulnerable MS Exchange instances and the resulting ransomware attacks in Germany. Holidays, vacation times and weekends in particular have been used repeatedly for such attacks in the past, as many companies and organizations are then less responsive. Now is the time to implement appropriate protective measures! "
Ransomware attacks are usually carried out in stages. After an infection of the target system, for example by Emotet or by exploiting existing vulnerabilities, other malware variants are reloaded in a further step. They are used to spread in the infected networks and finally to encrypt the systems. These processes are often carried out by different groups of perpetrators who operate in service models. The Federal Criminal Police Office speaks of this model as “Cybercrime as a Service”. Successful attacks with ransomware can take on dimensions that threaten the very existence of any company, which is why the BSI has published a separate cyber security warning on this threat situation and also sent it to its target groups (Resent sending of Emotet spam).
Ransomware: Cybercrime as a service is on the rise
Holger Münch, BKA President: “The threat posed by ransomware challenges us more than ever. In 2021, there will be a significant increase in the number of cases of attacks with ransomware. The dynamic in this area of crime shows that Emotet is back in circulation after the takedown in early 2021. The active public promotion of hacker groups for their criminal business model "Cybercrime as a Service" underlines once more the professionalism and degree of networking of our counterparts. "
In addition, the BSI has observed that numerous vulnerable MS Exchange instances in Germany can again be reached via the Internet. The reason for this is often the operator's inadequate patch behavior - i.e. closing security gaps. However, the BSI is also aware of several cases in which the patches that were installed did not provide the desired protective effect. The BSI has also warned of the dangers posed by vulnerable MS Exchange servers.
Recommendation: have backups and contingency plans ready
In view of the threat situation described, the BSI and BKA advise strengthening detection and reaction capabilities in addition to preventive measures. In particular, functional backups should be kept and emergency concepts prepared and practiced. The BSI has put together the most important first aid measures in the event of an IT security incident. Regardless of this, the following applies: Affected companies such as private individuals should file criminal charges with your local police station or the Central Cybercrime Contact Points for Companies (ZAC). This is the only way to recognize the real extent of this crime phenomenon and to take action against the perpetrators.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.