In a new episode of “Breaking Lab”, presenter and science journalist Jacob Beautemps takes his viewers into a world that is otherwise only known from headlines: serious cyber attacks, digital blackmail, targeted sabotage.
The starting point is a digital “true crime” case. In June 2017, malware spread in Ukraine, causing the cyber attack with the highest financial loss of all time. Within a few hours, the attack jumped across borders and continents. Production lines all over the world are at a standstill, logistics systems are failing, and thousands of computers are unusable. The estimated damage is around $10 billion.
But how could this happen – and how can companies protect themselves better today? To show this, Jacob visits one of the largest cyber defense centers in Europe, namely the Deutsche Telekom Security Operations Center (SOC) in Bonn.
NotPetya: Wake-up call via malware
In the video, Jacob reconstructs the attack by the “NotPetya” malware, which initially primarily affected companies and institutions that used a certain Ukrainian accounting software in 2017. From there, the attack spread uncontrollably – including to international corporations such as the producer of the most famous black and white cookies, the second largest container shipping company in the world, and a global pharmaceutical company.
The case shows that a single, supposedly local attack can have global consequences due to technical and organizational weaknesses.
24/7 protection in the Security Operations Center
To prevent such scenarios, Deutsche Telekom operates its Security Operations Center (SOC) in Bonn – possibly the largest cyber defense center in Europe. Several billion security-relevant data from around 250,000 sources come together here every day.
A highly automated, learning platform – i.e. AI-based systems – analyzes these data streams in real time. On average, this results in 40,000 to 60,000 alarms per minute. The AI first filters and evaluates these indications, sorts out false reports and prioritizes critical incidents.
But despite all the automation, cybersecurity remains teamwork. The SOC is staffed around the clock by experts who check for anomalies that the AI cannot clearly assess, initiate countermeasures in the event of confirmed attacks, or monitor and support customer systems – for example from companies, hospitals or authorities.
The Bonn SOC works in conjunction with other centers in 13 countries. Especially against the backdrop of the geopolitical situation and, in this context, state-controlled attacks, this international cooperation is an important component in identifying new tactics at an early stage.
Threat Intelligence: Investigative work in cyberspace
Telekom spokesman Christian Fischer explains what role so-called threat intelligence plays. In other words, the systematic collection and evaluation of information about attackers, their motives, tools and methods.
Specialized teams with different roles work in the background:
- Pentester – the “internal Hackers” who attack systems on behalf of finding vulnerabilities
- Forensic scientists – the digital investigators who trace incidents and secure traces
- Threat hunters – Data hunters who actively search for previously unknown attacks
Honeypots are an important tool. These are digital decoy traps that specifically attract attackers and record their behavior in detail. The globally respected platform Telekom’s T-Pot combines various honeypot concepts. By using AI – for example in the “Galah” and “Beelzebub” modules – worthwhile attack targets can be simulated particularly realistically and attackers can be kept in the “wrong system” for longer.
AI as a game changer in cyber defense
Artificial intelligence is not just a buzzword in SOC, but an integral part of daily work. Learning systems support, among other things, the evaluation and prioritization of alarms, the search for phishing websites and the creation of situation reports in the event of security incidents.
The AI recognizes patterns that would hardly be visible to humans in the mass of data and constantly learns from new attacks. At the same time, people remain in control: critical decisions, setting priorities and classifying the situation remain the responsibility of the experts.
The big but: There is no such thing as 100 percent security
As powerful as AI-powered defense and threat intelligence are today, there is no such thing as absolute protection.
For companies and institutions, this means that what matters is how well they are prepared and how quickly they can detect attacks, contain them and restore their systems. Network segmentation, regular updates, clear restart plans and practiced crisis processes are just as important as modern technologies.
The video gives insights into technology that you don’t normally see because it’s in data centers. It also shows how practical AI assistants – such as those on the AI phone – are revolutionizing our everyday lives. It’s worth taking a look.
About the moderatorJacob Beautemps is a well-known science journalist and influencer in German-speaking countries. With his YouTube channel “Breaking Lab” he inspires a wide audience with technology and science topics, which he explains in a clear, well-founded and entertaining way. His goal: to make complex connections understandable.
