Like an earthquake that is followed by a tsunami, the recently discovered compromise of Outlook Exchange systems will likely cause a new flood of fraud by e-mail, a phenomenon that is already at an all-time high.
Initially, the hack was a state-sponsored espionage operation likely ordered by China, so the hackers’ original goal was to collect proprietary information from specific companies and government agencies. But as soon as Microsoft had announced a patch for the exploit, cyber-criminals jumped on the bandwagon and began probing for bugs to use them for their own purpose: to extract money from businesses.
Companies who have chosen to self-administer their Exchange servers (as opposed to those in the MS cloud) must now be on high alert for the coming fraud and raise awareness among their employees, especially in payment departments.
In the U.S. alone, 30,000 Exchange systems are affected by the hack. In Germany, authorities have said that 6 government ministries and 9,000 private companies are affected.
Here are our Top Tips again, as published a week ago before this latest e-mail hack became public:
If you encounter e-mails that are suspicious, or just somehow „off“, here is a recent blogpost on our Quick Check service (in German):
Note: This hack afflicts only those Exchange systems that are locally self-administered by the client company – as opposed to those administered by Microsoft in the cloud. For a 16-step list of first response actions when your systems are infected, click here.
About the author:
Sebastian Okada has been a fraud investigator for 17 years. He heads Corporate Trust’s department for Investigations & Prevention | White-Collar Crime
Ph. +49 (89) 599 88 75 80