The French budget minister has confirmed that the ministry of economy,
finances and industry has been the victim of a ‘spectacular' cyber
attack since the end of last year.
François Baroin said that the attacks came from addresses located
outside of France. Patrick Pailloux, director general of the French
National Agency for IT Security, said that it was the first attack to
have targeted the French state on such a scale.
According to reports, hackers used a Trojan to infiltrate systems
having used spear phishing messages that were sent to French
government workers. The news of this attack followed reports that
South Korean government and private sector websites had come under
attack from distributed denial-of-service (DDoS) attacks.
Mark Darvill, director of AEP Networks, said that it was no surprise
that a G20 member has become the target of cyber attack, as attackers
are often professionals seeking access to specific pieces of
information.
“All government departments and every private contractor that protects
high profile events or infrastructure must be made to adhere to the
highest levels of security. Without a scaled-up approach to cyber
defence, national security is left open to compromise and sensitive
information is at the mercy of those who have the technical knowledge
to launch these targeted attacks,” he said.
Ross Brewer, vice president and managing director of international
markets at LogRhythm, said: “As hackers become more sophisticated in
their attempts to steal data, government bodies and indeed entire
states are increasingly at risk.
“Traditional methods such as anti-virus solutions and firewalls are
not infallible and they simply are not enough to ensure network
security. Nation states therefore need to accept the inevitability of
data breaches and take new courses of action to prevent similar
incidents, which are both dangerous and embarrassing for the afflicted
organisation.
“Since the attacks began in December and have only just been blocked,
the hackers have enjoyed a substantial holiday period during which to
obtain confidential information. This delay in identifying and putting
a stop to the breach is unacceptable and the provisions taken to
ensure the security of the French systems are quite clearly
insufficient.”
No comments:
Post a Comment