A recent wave of cyberattacks is posing significant threats to companies in Germany, as warned by the State Criminal Police Office of North Rhine-Westphalia. Cybercriminals are exploiting Microsoft 365, particularly targeting its email and document management services as initial attack vectors. By taking over email accounts, these perpetrators are sending malicious emails that appear legitimate, as they contain no language errors and often include real past conversations. This makes it easier for recipients to trust and click on links or open attachments, leading to immediate IT system attacks, data loss, theft, and further phishing attacks.
The cybercriminals have been observed specifically searching for information from the early days of the COVID-19 crisis, including VPN access data for non-public IT networks. This allows them to gain direct access to companies’ IT infrastructures and access sensitive documents within emails. The police report highlights that several companies have been protected from further ransomware attacks and extortion, but warns that such attacks typically cause millions in damages. The risk is heightened if employees have clicked on suspicious links, entered login data, or downloaded files from large cloud services.
Additionally, the police emphasize that cybercriminals continuously update their malicious attachments, potentially evading detection by existing virus scanners. The press release did not detail the specific techniques used by the hackers or provide detailed mitigation strategies. However, Microsoft has updated its guide on responding to compromised email accounts, recommending steps such as resetting passwords and enabling multi-factor authentication. These measures are crucial in preventing attackers from maintaining control over compromised accounts. Microsoft rebranded its Office suite to Microsoft 365 in late 2022, and this recent spate of attacks underscores the ongoing need for vigilance and robust cybersecurity measures.
Reference:
