CERT-BWL warns of phishing wave after worldwide compromise of MS Exchange servers

Ulm University

The following warning notice from the CERT-BWL (BITBW) dated 22.03.2021 for your information and attention:

The effects of the global attack on e-mail servers (Exchange vulnerability) at the beginning of March are currently leading to phishing e-mails being sent, which are even more difficult to recognize as such than they already are. The aim may be to obtain access data (user name and password) to internal networks or accounts of country employees.

As reported in the media, an enormous number of e-mail systems worldwide were successfully attacked in March. On the bright side, the University of Ulm's email server uses different software and is not affected. Vulnerability scans have also not detected any other affected servers at the university.

BUT: Some federal agencies, municipalities and state-related institutions (including universities) are affected by the attack, as are occasional government contractors from the private sector. In the aftermath of the attack, it is now increasingly apparent that genuine e-mails and addresses stolen by the attackers are being used by our communication partners to send targeted malicious code or, above all, so-called "phishing e-mails" to institutions of the state administration.

The following notice is therefore issued to protect against these attacks:

  • Check carefully whether emails that direct you to external sites are really intended for you.
  • Do not enter any access data of your official user accounts (such as the Windows workstation or the kiz account) on websites you do not know.

If in doubt, contact the CISO of the university or the information security officers of the kiz. If you notice strange behavior or even a phishing attack, report this directly to the helpdesk of the kiz.

Basically: Use different passwords for each access / platform. This reduces the risks in the event that a pair of access data becomes known or is tapped, as not all user accounts would be equally affected. If you suspect that an account has been published or "phished", change your password immediately and report the incident.

To help you manage multiple passwords, you can use the "KeePass" password manager.