Germany says cyber threat greater than expected

CERT-LatestNews Malware ThreatsCybercrime ThreatsStrategic
There is growing conviction the NotPetya attack is more harmful than initially believed.

There is growing conviction the NotPetya attack is more harmful than initially believed.

Germany’s BSI federal cyber agency said on Friday that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week.

Analyses by computer experts showed that waves of attacks had been launched via software updates of the M.E.Doc accounting software since April, the BSI said in a statement.

That meant companies that used the software might have been infected by the malicious software, even if there were no obvious signs of a breach, BSI said. Data backups carried out after 13 April should also be viewed as compromised.

“Some German firms have seen production and other critical processes laid still for over a week,” BSI president Arne Schoenbohm said. “It has resulted in millions of euros of damage, and this in a case where Germany got off lightly.”

BSI last week said more than a dozen German companies had been affected by the virus which has been dubbed NotPetya by some experts, all via a subsidiary in Ukraine.

  See also

The Ukrainian software firm used to launch the global cyber attack said all computers sharing a network with its infected accounting software had been compromised by hackers.

The German statement added to the growing conviction among experts that the global attack was more harmful than initially believed. The virus took down thousands of computers in dozens of countries, disrupting shipping and businesses.

German security officials are still investigating the origin of the virus and do not have reliable data to confirm a claim by the Ukrainian government that Russia was behind the attack.

Chancellor Angela Merkel hosted Russian president Vladimir Putin and other world leaders in Hamburg last week, but there had been little public discussion about cyber security.

Schoenbohm said the latest attacks were at least harmful as the WannaCry ransomware attacks seen in May.

The agency said it had information making clear that significant efforts were required to restore business processes once infected.

“We must continue to increase Germany’s resilience in the wake of cyber attacks,” Schoenbohm said.

The agency urged German companies to separate networks that had the M.E. Doc software installed, to increase network surveillance and to look for any signs of compromise.

Password changes and software updates for all infected networks were crucial, the agency said, noting companies should also review administrative settings for networks.

Enjoyed this story? Subscribe to ITWeb’s Security News newsletter.

Copyright 2017 Reuters Limited. All rights reserved. Republication and redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Our comments policy does not allow anonymous postings. Read the policy here