Phishing attacks on the rise – 16th MELANI semi-annual report

Berne, 02.05.2013 - Increasingly sophisticated methods of phishing to attack e-banking accounts; massive DDoS attacks on US banks; the latest on cyber conflict in the Middle East; and the information we do not know we are revealing while surfing the net: these are the focus areas of the second semi-annual report for 2012 from the Reporting and Analysis Centre for Information Assurance (MELANI), published today.

The second half of 2012 was marked by numerous, sometimes spectacular cyber attacks on companies and government offices both at home and abroad.

Traces on the Internet – the data users divulge when visiting a website

It is common knowledge that many users of Facebook, XING and other social networks intentionally divulge information about themselves on a voluntary basis. What we do not know about, however, is the data that is being collected on the Internet. In this semi-annual report, a number of measures and tools are described which allow us to at least partially limit, for example, the ability of advertisers to construct profiles of our surfing habits.

Phishing is becoming increasingly sophisticated

The motivation for many cyber attacks is based on making money. Hence the predilection for phishing attacks on users of e-banking applications. As security measures make it technically harder for criminals to attack online accounts, increasingly they rely on sophisticated phishing methods. Typically the potential victim receives a phone call from someone claiming to be working for a bank, and they will be asked to provide their access data – such as login and password – for the purposes of improving security. Moreover, in the second half of 2012 phishing websites with https:// addresses were observed, i.e. Internet sites using data which is encrypted and thus supposedly transmitted securely.

Massive DDoS attacks against US banks

Attacks designed to block websites – known as Distributed Denial of Service (DDoS) attacks – for a long time were considered to be acts of vandalism, and the general public was largely unaware of their existence. The situation has now changed: ever more DDoS attacks are being used as a means for extortion, to damage competitors, as a tool for revenge or for political acts. And so, time after time, there are DDoS attacks that aim to attract maximum attention. In the second half of 2012 there were some massive attacks on US banks. Although an Islamic group of hackers claimed to have been motivated by the publication of the Mohammed video, the US trade embargo on Iran was also cited by various sources as a possible cause.

Cyber conflict in the Middle East

With the advent of "Gauss", for the first time we saw allegedly state-sponsored spy software, exhibiting the typical characteristics of an online trojan: for about nine months transactions in Lebanese banks in particular were spied upon and reported to the attackers.On 15 August 2012, malware called "Shamoon" paralysed the office network of Saudi state oil company Saudi Aramco. Western experts speculate that Iran, whose energy exports had come under major pressure as a result of international sanctions, could be behind the attack, with the aim of preventing Saudi Arabia from increasing its gas and oil production.

Address for enquiries

Max Klaus, Deputy Head of MELANI
Federal IT Steering Unit FITSU
Tel. 031 323 45 07


Federal Department of Defence, Civil Protection and Sports

Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)

General Secretariat DDPS