Theft, manipulation, or handling of data: the number of attacks on PC, laptop, tablet etc. is growing. Computer criminality is by its very nature a grey area of criminality. For fear over their reputation, for example, companies often do not report attacks. In many cases, however, victims are unaware they are the target of a cyberattack. Luckily, the hackers are not always successful - But what should we do if they do cause damage?
Whether its networks like Tor or the public internet – as the first step in fighting criminals, fast, highly-available hardware resources sufficient to meet regulatory requirements are essential. The State Office of Criminal Investigation in Düsseldorf is equipped with a cybercrime system that is evaluating an ever-growing volume of data. The faster the data stream is distributed in the system, the faster data of any format can be analyzed and evaluated with a higher hit rate. The result: faster access to the alleged criminals. To do this T-Systems has implemented an innovative and modern high-speed storage solution in conjunction with Dell that fulfils all requirements of the North-Rhine Westphalia police in terms of security, performance, and administration.
The new system is 540 times faster than the previous installation. At the start of the work day, the data from the last 24 hours is complete. The system fully conforms to basic BSI protection. A significant module of HiPoS – hybrid integrative platform of police special networks – is a Big data Enhanced Analytics SysTem (B.E.A.S.T) – a fast, highly secure and capable cybercrime forensics and analysis system. The new evaluation process using B.E.A.S.T. enables queries to a database comprising six billion data records in approximately one to three seconds. This speed enables the forensic methods applied by experienced agents to now lead to results every second, where previously weeks or months were required.
The future looks bleak: by using the skilled exploitation of quantum mechanics phenomena, a quantum computer would break many established encryption methods in a short period of time, which would take today's conventional computers billions of years to calculate. Transmitting passwords and other sensitive data on the internet could become a high security risk. Security researchers are therefore searching for an antidote to the risk posed by quantum computers. According to scientists, companies should switch to new encryption methods of post-quantum cryptography. After all, today's data traffic is possibly already at risk. Hackers could intercept and store sensitive information in an encrypted form today, so they can crack it using a quantum computer in ten years – or sooner.
Cryptography experts recommend choosing a key length of 256 bit for symmetrical algorithms such as AES (Advanced Encryption Standard). Asymmetrical cryptography, such as RSA and processes on elliptical curves, must be replaced with new processes that are secure against attacks by quantum computers. To crack these would in turn require correspondingly large quantum computers to be developed. However, companies could in the future also implement hybrid processes, combining a current encryption method with a new post-quantum algorithm. Telecommunications companies are testing both post-quantum algorithms and new crypto algorithms which are themselves based on quantum mechanics phenomena.
If attackers are successful, a rushed response can be counterproductive. Tracks are covered. The attacker could inadvertently infiltrate deeper into the IT systems. Therefore, keep calm if you detect an attack and bring in an incident handler at an early stage before traces of the attacker are unintentionally obscured. A digital forensics expert secures the scene of the crime and looks between bits and bytes for valuable clues as to the sequence of events. A false step can cause disastrous consequences and further escalate the damage.
But IT forensics also investigate cases when IT administrators notice the IT systems are behaving differently to normal. For example, if the book keeper stumbles across transfers for which there are no invoices, or the managing director is surprised their company has for some time been underbid on every tender offer, or if a competitor brings an innovation to market which is strikingly similar to the company's own inventions.
The tasks of the incident handler are to identify and limit the level of damage, to locate the perpetrators and their motives, and to analyze their approach. The gateways are then locked and countermeasures are introduced. What is crucial is that an IT forensics expert comes up with provable facts that can be used in a court of law. Otherwise, the judiciary will reject the digital proof in a later case, or run into problems when claiming for the resulting damages with your insurance company.
When it comes to an attack, every minute counts and correct handling is essential for success. Many companies do not have sufficient resources to handle cyber security incidents effectively themselves.
Our T-Systems incident response team is there for you around the clock. We analyze the situation, rectify the damage and get your systems back to normal operation. Due to specializing in cyber-attacks, and our many years of experience in the field of IT security, we have the necessary tools and experts to guarantee your IT security.
The process of IT forensic analysis is standardized, and methodologically always follows the same approach. This is the only way to ensure evidence is secured that can be used in a court of law. First of all data carriers, memory images, and log data is secured. The evidence must not be allowed to be changed or even destroyed. For this reason everything is documented and photographed to safeguard the evidence. For example, details about what the environment looks like or where each cable is plugged into the laptop may become significant later. The most important thing at the start is to create a reliable basis for further investigations.
Where did the initial infection happen? How did the virus spread in the company network? Where did it come from? Did it come from inside or outside? Who is among the victims and what is the extent of the damage? An IT forensics expert works closely with the affected company – they need access to log files, hard drives, laptops, mobile phones, network data and plans, or emails with headers. To do this, the forensics expert collects statements from those affected to paint a picture, therefore cooperation based on trust is important. They then create a fully forensic copy of the hard drive or secure the laptop.
A cyber attack is usually only noticed when damage has already occurred. A specialized investigator who recognizes such attacks at an early stage can help. An IT forensic expert protects companies from cyber attacks, advises on precautions and helps if a hacker has struck.
(video in german)
Having an emergency plan increases the probability of employees correctly reacting in exceptional circumstances.
We support your digital transformation with industry-specific consultation, first-class cloud services, digital solutions, and strong systemic security. With us, advanced industry expertise meets a perfectly integrated solution from a single source. Let's power higher performance – together!