German association BITKOM puts annual losses from criminal activity at around €203 billion
cybercriminals with a new service called Fischfang. The idea is to identify vulnerabilities in corporate IT before attackers exploit them.
The service is run from the Fischfang platform, which was developed by TD. It analyses and evaluates a company’s attack surface – in real time, automatically – for example by constantly repeating routine tests.
Timing is all
As this is far faster than anything data analysts could hope to achieve from manual processes, TD is looking to buy that most valuable of commodities – time.
With more powerful computers and faster networks, attackers can exploit weaknesses, on a large scale, within hours. There are 4 billion IPv4 Internet addresses in the world, which can be scanned for a specific vulnerability within 15 minutes to scan all the addresses for a specific vulnerability.
Analysis by Rand Corporation showed it takes an average of 22 days for attackers to exploit a known vulnerability but more than a hundred days for companies to come up with a patch.
Little observability
The German industry association BITKOM puts annual losses from technology theft, data, espionage and sabotage at around €203 billion. The WannaCry ransomware encrypted 200,000 computers in 150 countries in 2017 which had failed to patch their systems.
Estimates range from a few hundred million to four billion dollars in damage. The ransomware attack on the Anhalt-Bitterfeld district administration last October also had serious consequences. Citizens’ services were limited to didn’t work at all for 207 days afterwards.
According to TD, one of the issues is that organisations often do not have a proper overview of their IT. Employees use laptops, tablets, smartphones or watches. New applications and software features are added regularly.
New technology like 5G and multi-cloud infrastructure also create new opportunities for companies and also new potential gateways, with attackers always looking for the weakest link.
Main systems can be brought down by a vulnerability in an apparently insignificant access point.
Platform approach
Hence the Fischfang platform constantly update graphics from its fishing expeditions to show the IT landscape. TD says it does not need any previous knowledge of an organisation to do this, but calls on AI from the start.
The platform lists hardware and software products running on the systems. The report it generates also provides information about a company’s domains and IP addresses.
Telekom also uses ‘fishing on its own systems – the platform supports the Group’s Cyber Emergency Response Team (CERT). With data determined by Fischfang, TD also checks whether the General Data Protection Regulation (GDPR) is being complied with. Cookie notifications and a legal imprint must also be in place. This ensures compliance and avoids fines.
Telekom’s Head of Security, Thomas Tschersich, says, “Modern corporate IT is unmanageable and unfortunately offers a sea of attack opportunities. With manual labour alone, cybersecurity can no longer keep up. Fishing buys our customers important time. The platform provides oversight and fishes out identified vulnerabilities.”