UPDATED 22:29 EST / DECEMBER 08 2016

INFRA

German steel conglomerate ThyssenKrupp hacked in corporate espionage case

German steel and elevator conglomerate ThyssenKrupp AG has had trade secrets stolen following a hack of its systems earlier this year.

The company said in a statement Thursday that it had been targeted by attackers located in Southeast Asia engaged in what was described as “organized, highly professional hacker activities.”

ThyssenKrupp‘s internal security team discovered the breaches in April and traced them back to February. The hackers stole project data from ThyssenKrupp’s plant engineering division. The exact nature of the data that was stolen or the extent of the theft remains unclear.

Investigations so far have found that none of ThyssenKrupp’s other operations, in particular its ship and submarine-building Marine Systems group, production systems handling power plants and blast furnaces, were affected.

According to DarkReading, ThyssenKrupp’s computer emergency response team and chief information officers from all business groups have been involved in the response, and all affected systems have been repaired. The company has begun around-the-clock monitoring of its networks for new attacks.

SiliconANGLE spoke to a number of security experts about the hack and all agreed on one thing: These corporate espionage attacks are becoming far too common.

“This breach, unfortunately, sounds similar to many others: hackers infiltrate a corporate network – and potentially the facilities themselves – and gain insider access for months, resulting in sensitive data loss,” Exabeam Inc. Chief Executive Officer and Founder Nir Polak explained. “It’s all too common. This breach highlights how difficult it can be to spot insider, i.e. valid identity-based attacks, since the access to data looks normal. The user is using his valid ID and password, or entering the building with a working badge. This lack of context is what is driving the use of behavioral analytics, which goes beyond ‘can access’ to ‘should access.’ Without that context, these attacks will only grow in scope and frequency.”

Jake Olcott, vice president at security ratings firm BitSight Technologies Inc. added that the news should be a wake-up call.

“Manufacturers hold some very sensitive trade secrets, both for themselves and their customers,” he said. “As is becoming the case more and more, hackers are infiltrating third parties in the supply chain in order to obtain sensitive data. This event should be a wake-up call to anyone sharing sensitive information, including plans or intellectual property, to have a thorough understanding of their partner’s cybersecurity performance.”

Image credit: Dortmund2008/Wikimedia Commons/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU