German authorities have expressed serious concern about the threat of large-scale cyber attacks that target approximately 17,000 (about 37%) of all Microsoft Exchange servers in the country. The Federal Information Security Department (BSI) has issued a warning about the potential “mass disruption of regular operations” in the IT sector, labeling the situation as “critical for business.”
The primary reason for the alarm stems from the “catastrophic” security situation surrounding the use of Microsoft Exchange, a crucial communication tool for many German companies and organizations. In 2021, nearly half of Exchange servers in Germany were compromised and equipped with backdoors. Currently, more than a third of all existing systems are deemed “highly vulnerable,” with over half classified as “vulnerable.”
The BSI is directing attention not towards Microsoft, but towards system administrators, whom they believe have not implemented well-known and essential security measures. According to Heise, a mere 15% of servers in Germany are operating on the latest version of Exchange, with many still running on outdated and susceptible versions, some of which are no longer supported by Microsoft.
Schools, universities, clinics, medical offices, care services, medical institutions, law firms, tax consultants, local authorities, and medium-sized businesses are particularly at risk of cyber attacks, including data encryption followed by extortion attempts, as cautioned by the BSI.
The agency is urging organizations to take immediate action, such as removing outdated Exchange versions, applying all security patches and cumulative updates, and enabling advanced protection mechanisms.