Archive

Archive

Media

Rainer Knirsch

0 Comments

News from cybersecurity: Telekom is now "fishing" for vulnerabilities

  • Telekom service automatically finds vulnerabilities in company IT 
  • Artificial intelligence assists in analyzing and sorting out bycatch
  • DSGVO complied with? Imprint and cookies there? Fishing saves fines
A fishing net bulging with fish as a symbol for found security holes.

Hackers more often without prey: Telekom is hunting down cybercriminals with a new service. © Deutsche Telekom/ iStock/ bksrus; Montage: Evelyn Ebert Meneses

Hackers more often without prey: Telekom is hunting down cybercriminals with a new service. "The new service is called "Fischfang. It identifies vulnerabilities and technical details in corporate IT before attackers exploit them. Behind the new service is the Fischfang platform developed by Telekom. It analyzes and evaluates a company's attack surface. It does this in real time and automatically. For example, the platform runs recurring test routines. For data analysts, that would be a lot of manual work.  In the race against attackers, defenders thus gain valuable time.

After analysis, "fishing" uses graphics to create an overview of the IT landscape and keeps it continuously up to date. It does not need any prior knowledge of the company's organization to do this. The platform lists which hardware and software products are running on the systems. The report generated also provides information about domains and IP addresses that belong to the company. Artificial intelligence helps sort out beforehand. 

Modern corporate IT offers a sea of attack opportunities

Telekom's head of security Thomas Tschersich says, "Modern corporate IT is unmanageable and unfortunately offers a sea of attack opportunities. With manual labor alone, cybersecurity can no longer keep up. Fishing buys our customers important time. The platform provides oversight and fishes out identified vulnerabilities."

In 15 minutes, hackers are already catching on

Cyber criminals are causing massive damage to the German economy. The industry association BITKOM puts the annual loss due to theft of technology and data, espionage and sabotage at around 203 billion euros. The WannaCry ransomware encrypted 200,000 computers in 150 countries in 2017. Many had not installed the available patch. Estimates range from a few hundred million to four billion dollars in damage. The ransomware attack on the Anhalt-Bitterfeld district administration last October also had serious consequences. Afterwards, citizen services functioned only to a limited extent or not at all for 207 days. 

Three things always play into hackers' hands

Organizations often do not have a sufficient overview of their IT. Employees use laptops, tablets, smartphones or watches. New applications and software features are added regularly. Technology trends such as 5G or multi-cloud create new opportunities for companies, but also new potential gateways. Attackers always look for the weakest link. To damage a main system, a vulnerability in a supposedly insignificant access point is enough.

More and more providers are making security vulnerabilities in their products and services public. This has been observed by the security experts of the open source platform "Snyk". In recent years, 88% more companies reported corresponding vulnerabilities. Rezilion's security researchers currently count more than 15 million vulnerable systems openly available on the web.

Time works for the hacker. An analysis by the Rand Corporation showed that it takes an average of only 22 days for attackers to exploit a known vulnerability. In contrast, many companies need more than a hundred days before they can prevent something worse with a patch, according to the U.S. think tank. With increasingly powerful computers and faster networks, attackers can exploit gaps on a large scale within hours. There are four billion IPv4 Internet addresses in the world. It now takes technology just 15 minutes to scan all the addresses for a specific vulnerability.

Fishing saves data protection fines

Telekom also uses "fishing" for its own systems. The platform supports the Group's Cyber Emergency Response Team (CERT).  With the help of the data determined by "Fischfang," Telekom also checks whether the General Data Protection Regulation (GDPR) is being complied with.  Cookie notifications and a legal imprint must also be in place. This saves high fines.

About Deutsche Telekom: Deutsche Telekom Group profile

Person looks at the smartphone.

Fight with us dangerous SMS

Report harmful text messages to our experts - and increase cyber security for everyone.

FAQ