The French budget minister has confirmed that the ministry of economy, finances and industry has been the victim of a ‘spectacular' cyber attack since the end of last year.
François Baroin said that the attacks came from addresses located outside of France. Patrick Pailloux, director general of the French National Agency for IT Security, said that it was the first attack to have targeted the French state on such a scale.
According to reports, hackers used a Trojan to infiltrate systems having used spear phishing messages that were sent to French government workers. The news of this attack followed reports that South Korean government and private sector websites had come under attack from distributed denial-of-service (DDoS) attacks.
Mark Darvill, director of AEP Networks, said that it was no surprise that a G20 member has become the target of cyber attack, as attackers are often professionals seeking access to specific pieces of information.
“All government departments and every private contractor that protects high profile events or infrastructure must be made to adhere to the highest levels of security. Without a scaled-up approach to cyber defence, national security is left open to compromise and sensitive information is at the mercy of those who have the technical knowledge to launch these targeted attacks,” he said.
Ross Brewer, vice president and managing director of international markets at LogRhythm, said: “As hackers become more sophisticated in their attempts to steal data, government bodies and indeed entire states are increasingly at risk.
“Traditional methods such as anti-virus solutions and firewalls are not infallible and they simply are not enough to ensure network security. Nation states therefore need to accept the inevitability of data breaches and take new courses of action to prevent similar incidents, which are both dangerous and embarrassing for the afflicted organisation.
“Since the attacks began in December and have only just been blocked, the hackers have enjoyed a substantial holiday period during which to obtain confidential information. This delay in identifying and putting a stop to the breach is unacceptable and the provisions taken to ensure the security of the French systems are quite clearly insufficient.”