A new wave of cyberattacks is threatening companies across Germany, with the State Criminal Police Office of North Rhine-Westphalia reporting that cybercriminals are exploiting Microsoft 365, particularly email and document management systems, as initial attack vectors.

According to the police, the attackers are hijacking email accounts to send malicious emails containing dangerous attachments and links. These attacks pose significant risks to all connected companies, customers, and communication partners.

'Several companies have already been protected from further attacks like ransomware encryption and associated extortion. Otherwise, such cyberattacks regularly cause damages in the millions,' the police noted in their press release.

They further warned that if a company's IT systems are affected by these Office 365 attacks or if employees have clicked on suspicious links or entered their login data, there is a high risk to the company's IT systems. This risk also applies to files downloaded from well-known platforms or large cloud service providers.

In response to these threats, Microsoft recently updated its guide on how to respond to compromised email accounts. They recommend resetting the user's password and enabling multi-factor authentication, among other measures.