The German government hack: Would you have recognized it earlier?

According to the most recent information, attackers access into the high security IT Network of the German government had gone unnoticed for several months. The attackers gained access to confidential documents in what had previously been considered a highly secured environment. The investigation is currently ongoing.
Why did it take so long to discover the breach? Attackers leave clues behind regardless of what they do. With common security measures such as antivirus and intrusion protection systems (IPS), these clues are often not recognizable. In this case tools are needed that are not just signature-based, but rather target types of activities such as unusual usage of operating system tools or clues in the registry.

These tools can help to earlier recognize and defend against ever more complex attacks. SECUINFRA relies on products from Nextron Systems GmbH, using their APT scanner technologies to automate searches for clues left behind in an attack, known as indicators of compromise (IOC).
With the help of these and similar tools, our forensic investigators are able to perform in-depth analysis of compromised systems, going far beyond what can be obtained from system logs.
Through our new partnership with Nextron Systems GmbH, we are able to expand our services in the areas of compromise assessment and endpoint forensics. Our customers benefit from efficient service and save precious time in the identification and analysis of successful cyber-attacks.
Don’t let attackers roam around your infrastructure for months unnoticed. Contact us at dfir@secuinfra.com.
 

by