A recent investigation by the State Criminal Police Office of North Rhine-Westphalia has revealed that many companies are currently affected by cyberattacks on Office 365 (email and document management). These attacks also pose risks for connected companies in the corporate network as well as for their customers and communication partners.

Unknown perpetrators take over email accounts and then send messages in the name of the affected companies. These emails contain dangerous attachments or links. The emails look genuine as they do not contain any language errors, but often contain real previous conversations. As soon as a recipient clicks on the links, the IT system can be attacked immediately, resulting in data loss or the theft of data as well as further attacks, such as phishing attacks.

The perpetrators also search the email accounts they take over for information from the early days of the coronavirus crisis, particularly VPN access data for non-public IT networks. This information enables the perpetrators to gain direct access to the IT infrastructure of companies. They can also access documents in emails.

Thanks to investigations by the North Rhine-Westphalia State Criminal Police Office, some companies have already been protected from further attacks such as encryption by ransomware and the associated blackmail. Such cyberattacks otherwise regularly cause damage running into millions.

If your company IT is affected by such Office 365 attacks or if employees have clicked on suspicious links or entered their access data, there is a high risk to your IT systems. This also applies if files have been downloaded from well-known platforms or cloud services from large providers. The perpetrators are constantly updating their dangerous attachments so that existing virus scanners may not always be able to detect them.

Current developments clearly show how important comprehensive security concepts and raising employee awareness are.

In order to adequately counter online criminals, the Cybercrime Competence Centre was set up at the North Rhine-Westphalia State Criminal Police Office (LKA NRW) in 2011 with investigation commissions for outstanding procedures and experts in computer forensics. It also focuses on advising companies on cyber security issues.

Company managers who discover that they have been the victim of a cyberattack can contact the staff at the Cybercrime Competence Center's Single Point of Contact (SPoC) directly. The experts can be reached by telephone on 0211/ 939-4040 or by email at %20cybercrime.lka [at] polizei.nrw.de (cybercrime[dot]lka[at]polizei[dot]nrw[dot]de). Interested parties can also find further information on the Cybercrime Competence Center of the State Criminal Police Office of North Rhine-Westphalia at https://polizei.nrw/artikel/das-cybercrime-kompetenzzentrum-beim-lka-nrw.

In addition, the Federal Office for Information Security (BSI) provides important tips on cyber security: www.bsi.bund.de "10 tips on cyber security for companies"