Overnight, a German government spokesperson confirmed they are investigating a security breach of its defence and interior ministries’ private networks. A notorious Russian hacking group known as Fancy Bear, or APT28, is being widely blamed in German media. Matthias Maier, Security Evangelist at Splunk commented below.
Matthias Maier, Security Evangelist at Splunk:
“This disclosure from the German Interior Ministry highlights that every organisation can be targeted and hacked, regardless of its sector or industry. What continues to be key is how prepared organisations are to respond if all prevention techniques that have been deployed fail.
In this instance the authorities, supported by specialists, need to investigate what happened over a year ago in their environment to identify how the attacker got in, what the weak point was, what was accessed and what systems might have been compromised. Hopefully, the organisation has collected and stored all log data from its entire digital infrastructure in order to put these pieces of the puzzle together.
The reports so far in the news have indicated that the detection happened in December and it continues to be investigated, highlighting the complexity involved in such a process. It also demonstrates the need for log data to be held in a centralised platform where it can be searched and analyzed quickly by multiple stakeholders in an investigation.”