Once again, a security incident has the IT world in a tizzy. This time it is several security holes in the widely used mail server Microsoft Exchange that have triggered the disaster. In Germany alone, at least 10,000 Exchange servers were initially affected. Through the aforementioned security holes, an attacker can gain administrator rights on an Exchange server, which gives him access to all emails processed there. According to press reports, a hacker group from China known as Hafnium is said to have used these vulnerabilities for numerous attacks worldwide. It is not yet clear what damage they caused. Meanwhile, Microsoft has provided security updates that are supposed to fix the problem.
In the meantime, it has become known that hafnium has also attacked at least three federal authorities. However, with reference to the welfare of the state, the federal government is still keeping under wraps which institutions these are and what exactly happened. The choice of words alone, however, suggests a serious threat. After all, the term “welfare of the state” has already been used by the Federal Constitutional Court, which ruled in 2009 that this term was linked to “existential security and secret protection concerns” as well as “information requiring secrecy”.
Regardless of this, the Exchange hack and the Hafnium attacks show once again: it is becoming more and more important to reliably protect emails from unauthorised access. Even if the operator of a mail server does everything right, a security gap in the software used can throw a spanner in the works. For confidential data, email encryption is therefore a must. However, an encryption gateway connected to the server, as is used in many places, is often not sufficient. Because if – as in this case – the attacker has access to the mail server, gateway protection is as good as useless. Instead, end-to-end encryption is necessary, which takes place on the client.
A proven client-based email encryption solution that provides end-to-end security is GreenShield from cryptovision. GreenShield is particularly suitable for public authorities that process VS-NfD data. As one of the few email encryption products on the market, GreenShield has the VS-NfD approval required for this purpose.
When it comes to secure email communication in the public authority environment, you are definitely on the safe side with GreenShield.