DAX companies are preparing for a possible wave of attacks.
(Photo: Moment / Getty Images)
Dusseldorf The large German corporations are arming themselves for a wave of cyber attacks. A security hole in the widespread program snippet Log4j means that almost all large companies could be affected. Germany’s highest cybersecurity authority, the BSI, has declared the highest level of alert.
DAX companies such as Volkswagen, SAP and Deutsche Telekom are taking countermeasures. “Since the critical gap became known, Deutsche Telekom has been analyzing its own systems, but also those of customers it looks after,” said a Telekom spokesman.
“Since we temporarily take systems offline in the course of tests and updates, there may be delays,” announced the company representative. He urged all customers to import necessary security updates quickly in order to close possible security gaps.
Europe’s largest software company SAP appeared in a list of affected companies. “We are currently taking suitable measures to protect our customers worldwide and, depending on the situation, provide regular updates,” said SAP.
Top jobs of the day
Find the best jobs now and
be notified by email.
Software AG, Germany’s second largest software company after SAP, also appeared in a list of affected companies. The company stated that it immediately initiated the security procedures to remedy the vulnerability and informed the customers. “This event showed that our security processes are working and effective.” The second largest German software manufacturer did not publish details of the affected products and available updates.
Survey in Germany: Companies are increasing security measures
Europe’s largest car manufacturer Volkswagen and the airline Lufthansa said in a survey by the Reuters news agency that they have increased their internal security measures and are closely monitoring the situation. So far, however, no attempted attacks have been recorded.
Lufthansa called together a special force to check all systems and applications. Infineon, Deutsche Bank and Continental also stated that they have not yet registered any attacks, but that they want to remain vigilant. According to its own information, Eon has been implementing various measures since Friday to minimize the risk of IT weaknesses.
Germany’s largest shipping company Hapag-Lloyd said the cybersecurity team had already reacted and adjusted the IT systems accordingly. “We remain alarmed and of course we will continue to keep a very close eye on current developments.”
The security warning issued by the BSI specifically applies to the Log4j Java library. This software element is widespread and has an impact on countless other products. In addition, the vulnerability can be exploited without difficulty. This would allow attackers to take over the affected system completely. There are already mass scans in Germany and around the world, as well as attempted and successful attacks.
The BSI had already warned of a threat from the malware “Emotet” at the beginning of December and spoke of a “threatening scenario”. The situation could be problematic, especially during the Christmas holidays, when the IT departments were thinned out and companies could not react quickly. According to the BSI, 144 million new malware variants were detected last year, an increase of 22 percent compared to the previous year.
The government in Canada was forced to take a drastic step. It took around 4,000 government agency websites off the Internet in order to forestall possible attacks. “We faced a threat that was 10 out of 10 on a risk scale,” said Éric Caire, Minister of Finance and Digital Transformation, on Sunday. The pages would be revised and should be accessible again as soon as possible.
With agency material
More: Red warning level: security vulnerability endangers the IT of numerous companies