In its current semi-annual report, the Reporting and Analysis Centre for Information Assurance (MELANI) outlines the main cyber-related incidents of the second half of 2015 at the national and international levels. Security vulnerabilities, which are often caused by a lack of updates, play a major role here and are therefore the key topic of the report.
Key topic: handling security vulnerabilities
All internet users, be it private individuals or companies, are equally exposed to potential cyber threats at all times. Security vulnerabilities are exploited particularly often for this. MITRE, the security research organisation, recorded some 6,500 new vulnerabilities in its database in 2015. This is probably just the tip of the iceberg, however, as many security vulnerabilities are not disclosed at all or were not reported to MITRE. The semi-annual report shows why security vulnerabilities arise and what measures are being taken to counter them.
Targeting of industrial control systems
Greater mobility and online orders with next-day delivery are creating huge challenges for transport companies and logistics. In order to satisfy the ever-increasing demands, the control systems used are often managed and maintained remotely nowadays. However, these systems are often vulnerable, because physical access to them is insufficiently protected, the systems and the security mechanisms used are obsolete or publicly known passwords are used. If an attacker succeeds in hacking into them, they can be easily manipulated.
2,500 phishing incidents reported on antiphishing.ch
Phishing continues to be a popular method of attack, regardless of whether it is carried out using infected PDF files, infected ads displayed on websites or bogus emails bearing the logo of the Federal Administration. MELANI launched the antiphishing.ch website in the summer of 2015 to better channel and more efficiently analyse reports concerning phishing. About 2,500 phishing sites were reported to MELANI via the website in 2015.
DDoS attacks still an issue
Extortion in cyberspace continued to be a popular method for obtaining rapid financial gain in the second half of 2015. Aside from the numerous types of encryption malware, DDoS attacks were again used to disrupt website availability and subsequently extort money from the victim. Although DD4BC was the group primarily responsible for the DDoS attacks observed in the middle of 2015, a group known as Armada Collective emerged in the second half of the year. The latest semi-annual report describes how DDoS attacks work and how companies can protect themselves from them.
The 22nd MELANI semi-annual report is published at