In October 2017, the internet services company Yahoo! had to admit that a hacker attack in 2013 affected the data of all users of this service. It is thus likely that more than 3 billion data sets were leaked. The incident is considered to be the world's largest data leak to date. In Switzerland, data leaks at Swisscom, with 800,000 data sets, and at dvd-shop.ch, with 70,000 data sets, were the main issues in the second half of 2017. In the key topic of the current semi-annual report, MELANI examines the repercussions of such data leaks, data protection aspects and the issue of how those affected should be informed.
Crimeware still very active
The use of crimeware, especially encryption and e-banking Trojans, remained widespread in the second half of 2017. The data from MELANI/GovCERT shows that Downadup, also known as Conficker, is still one of the most widespread malwares in Switzerland, even though a patch for the security vulnerability exploited has been available for more than ten years.
Attacks on industrial control systems
Industrial control systems are at the heart of not only numerous critical infrastructures such as energy supply, but also many medical technology devices such as MRI scanners and pacemakers. The failure of such devices can be life-threatening for patients in extreme cases. This semi-annual report addresses the challenges associated with security updates for medical devices and deals with possible security vulnerabilities concerning pacemakers.
The 26th MELANI semi-annual report is published at: