According to dpa, the Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) warn of an increased risk of cyberattacks over the Christmas holidays, especially for companies and organizations. The cause of the danger is, on the one hand, a wave of spam messages infected with the dangerous Emotet malware. BSI and BKA observed that the blackmail software cyber gangs are currently wooing fellow campaigners.
The risk is exacerbated by poor protection against cyber attacks in companies and organizations. Many Exchange servers are still vulnerable. Just this week, the BSI warned of 12,000 more vulnerable Exchange servers that it tracked down in Germany. The BSI once again calls on those responsible to implement appropriate IT security measures: Microsoft recognized the security gaps a long time ago and closed them with updates. However, these must also be installed by the administrators.
BSI President Arne Schönbohm commented that holidays, vacation times and weekends in particular had been used repeatedly for such attacks in the past, as many companies and organizations would then be less responsive: “Now is the time to implement appropriate protective measures!”
BKA President Holger Münch said: “The threat posed by ransomware challenges us more than ever.” In 2021, there will be a significant increase in the number of cases of attacks with ransomware. “The fact that Emotet is back in circulation at the beginning of 2021 after the malware infrastructure has been smashed shows the dynamism in this area of crime. The active public promotion of hacker groups for their criminal business model” Cybercrime as a Service “underlines once more the professionalism and degree of networking of our counterparts. ” The criminal group behind Emotet has been active again since mid-November this year, distributing new malware.
In view of the threat situation, the BSI and BKA advise you to be better prepared for possible attacks. In particular, companies and organizations should keep functional backup copies. It is advisable to prepare and practice the emergency concepts. Companies and private individuals affected by cyberattacks should file a criminal complaint with their local police station or the Central Contact Point Cybercrime (ZAC), demand Schönbohm and Münch. This is the only way to recognize the actual extent of this type of crime.