BSI and BKA warn of cyber attacks over Christmas

From the experience of the two federal agencies, cyber criminals prefer to use long weekends, vacations and vacation periods, times when companies are usually less responsive, to infiltrate malicious code.

BSI and BKA cite several reasons for the increase in security risk, especially during the Christmas holidays. Overall, the BKA has already seen a significant increase in ransomware attacks and cyber attacks in 2021.

Thin staffing levels on public holidays mean that most attacks can only be detected (too) late in affected companies. As a result, countermeasures can no longer be initiated. Criminals therefore take advantage of vacation periods and long weekends to carry out their attacks.

In addition, the BSI has identified several thousand vulnerable MS Exchange servers in recent months. Despite the provision of updates, these are still not fully patched and therefore easy for criminals to attack.

Emotet has further increased the risk of cyber attacks. After Emotet was initially rendered harmless by an internationally coordinated takedown at the beginning of 2021, the malware has been resurgent for several months and is increasingly being spread via spam emails. The BSI believes that waves of Emotet attacks are likely, especially during the Christmas season.

In some cases, criminals also send spam emails to spread Emotet via Exchange servers that have already been compromised. Even if the vulnerabilities in Exchange servers were patched quickly in March 2021 when they became known, criminals could still have obtained the access data before then. The access data can currently be bought by criminals on black markets on the Internet. If companies suspect a compromise, they can find help on the BSI website.

BSI and BKA are not only focusing on prevention to reduce risks, but are advising companies to increase their detection and response capabilities. To reduce the risk during the Christmas holidays, it is important that companies check that all patches for MS Exchange Server are fully installed.

In addition, it is important that sufficient backups are in place to secure data assets and that companies practice their disaster recovery plans.

 

If you have questions about the security strategy for your company – contact us. We will support you with the development of solutions suitable for you.