- Jul 22, 2014
- 2,525
ThyssenKrupp acknowledges attack, claims defense is 'virtually impossible'
German steel maker ThyssenKrupp AG on Thursday said trade secrets were stolen in a cyber-attack earlier this year.
The company characterized the incursion in a statement as "a professional attack, apparently from the Southeast Asian region."
The attackers sought to steal technological and research data related to ThyssenKrupp's Business Area Industrial Solutions, a division responsible for the design, construction, and service of industrial plants and associated systems.
A company spokesperson, in an email to The Register, said that "data fragments have been stolen," but declined to confirm additional details presented in a Reuters report.
The company said it doesn't have an estimate about the extent of the intellectual property loss, apart from "certain project data in an operative engineering company." No further information about the nature of this project has been disclosed.
Germany's Federal Office for Information Security (BSI) did not immediately respond to a request for comment.
According to Reuters, the attack was detected in April and is believed to have started in February. The company reportedly delayed publicizing the attack in order to address the issue across its facilities all at once.
In its statement, ThyssenKrupp said the attack was not attributable to security failings or to human error. It went to far as to claim that it couldn't have mounted a successful defense against skilled attackers.
"Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks," the company said.
More in the link above...
On one side they say said it was virtually impossible to defend, on the other "ThyssenKrupp said affected IT systems have been updated and are now subject to ongoing monitoring to detect subsequent attacks".....
German steel maker ThyssenKrupp AG on Thursday said trade secrets were stolen in a cyber-attack earlier this year.
The company characterized the incursion in a statement as "a professional attack, apparently from the Southeast Asian region."
The attackers sought to steal technological and research data related to ThyssenKrupp's Business Area Industrial Solutions, a division responsible for the design, construction, and service of industrial plants and associated systems.
A company spokesperson, in an email to The Register, said that "data fragments have been stolen," but declined to confirm additional details presented in a Reuters report.
The company said it doesn't have an estimate about the extent of the intellectual property loss, apart from "certain project data in an operative engineering company." No further information about the nature of this project has been disclosed.
Germany's Federal Office for Information Security (BSI) did not immediately respond to a request for comment.
According to Reuters, the attack was detected in April and is believed to have started in February. The company reportedly delayed publicizing the attack in order to address the issue across its facilities all at once.
In its statement, ThyssenKrupp said the attack was not attributable to security failings or to human error. It went to far as to claim that it couldn't have mounted a successful defense against skilled attackers.
"Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks," the company said.
More in the link above...
On one side they say said it was virtually impossible to defend, on the other "ThyssenKrupp said affected IT systems have been updated and are now subject to ongoing monitoring to detect subsequent attacks".....
