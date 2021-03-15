D.he recently discovered cyberattack on Microsoft’s e-mail and Exchange servers has only been described as the work of a group of hackers with ties to the Chinese government. But it now takes on a new shape. Because the vulnerabilities are increasingly being exploited by hackers whose goal is not espionage, but ransom. With such so-called ransomware attacks, cyber criminals lock themselves into third-party systems, lock them up and demand a lot of money from their victims. If those affected refuse to pay, their often valuable data is lost. The consequences are often catastrophic, with damage quickly running into the millions of euros.

Tom Burt, the Vice President responsible for security at Microsoft, said in an interview with the FAZ: “This second wave of attacks is aimed at profit, and the attackers are cyber criminals, not state actors.” Burt went on to explain that there has only been one so far small number of ransomware victims. The cybersecurity company Mandiant announced over the weekend that it expected an increase in attacks aimed at money in the near future. Vice President John Hultquist said these ransomware criminals could disrupt business operations and pose an even greater risk than espionage hackers.

Cyber ​​blackmailers are something of a nightmare for many companies and IT security agencies. The reason: They can wreak havoc on vital infrastructures such as healthcare, water and electricity supply. Often they proceed without much scruples, only rarely can they be grasped. The specialists from the German Federal Office for Information Security (BSI) warned last week that it was a matter of time before blackmailers tried to exploit the latest vulnerabilities in Microsoft systems.

A race

In addition to the current ransomware threats, Microsoft and the Taiwanese security company Devcore, which was involved in uncovering the vulnerabilities, are now also determining how hackers were actually able to access the highly sensitive analysis data on the vulnerabilities, which were still unknown until the beginning of the year. After weeks of testing, Devcore discovered the first gaps in December, analyzed them for four weeks and reported them to Microsoft at the beginning of January. As a result, Microsoft developed programs to close the gaps and made them available as updates or so-called patches for various local Exchange servers.

Shortly before the official announcement of the holes and the associated release of the patches by Microsoft in the night of March 3rd, the attacks had really escalated. The number of attacks skyrocketed within two days. That was very unusual, said Burt. After the spies, it was clear that the blackmailers came into play. Has the data about the weak points and the vulnerability of the Exchange server leaked out? And if so: how and by whom?



Crime scene: The processor on the board of a computer. It is targeted by hackers when they want to hijack a computer’s system.

:



Image: AP





Microsoft announced on the weekend that on March 1, 400,000 Exchange servers were affected. Among them was the European banking supervisory authority Eba. The number has now fallen significantly again, to 100,000 on March 9 and now 82,000. Tom Burt said, “We’ve been winning this race for a few days, but we still have quite a way to go.”

One thing is clear: since the outbreak of the corona pandemic, hacking attacks have increased sharply worldwide. The Washington Center for Strategic and International Studies estimates damage and costs of just under $ 1 trillion in 2020 alone, almost twice as much as in 2018 and three times more than in 2013. Two of the most serious attacks occurred during the past three months .