DDoS attacks – massive increase in Switzerland too – 17th MELANI semi-annual report
Berne, 29.10.2013 - The biggest DDoS attack in the history of the Internet, e-banking attacks using smartphone trojans and numerous targeted espionage attacks all constitute the focus of the 17th semi-annual report published today by the Reporting and Analysis Centre for Information Assurance (MELANI). MELANI also published today security recommendations for industrial control systems and content management systems.
The first half of 2013 was characterised above all by the reporting of the Internet surveillance methods used by some of the intelligence services, which was disclosed by the informer Edward Snowden. However, there were also other occurrences concerning the Internet which were of importance in recent months and which MELANI lists in today's semi-annual report.
Massive DDoS attacks also in Switzerland
In the past few years, a steady increase in DDoS attacks (distributed denial of service) has been observed. In the case of DDoS attacks, a large number of computers send requests to a website with the goal of disabling it. Compared with previous years, the intensity of these attacks has clearly increased, however. This was how the non-profit organisation Spamhaus, based in Switzerland, suffered one of the biggest DDoS attacks in the history of the Internet. In the case of yet another attack on a third party, the DNS server (domain name system) of the SWITCH foundation was fraudulently used for DDoS attacks. In the current semi-annual report, measures to protect one's own DNS infrastructure from being misused are highlighted.
Smartphone trojans on the rise
With the continual increase in smartphones, there has been no let-up in the trend towards spreading malware via these appliances. The focus of the attackers is mainly on the Android operating system. A smartphone trojan targeting Swiss e-banking clients was also discovered during investigations. The report analyses this trojan and provides simple tips on how smartphones can be protected.
Targeted espionage attacks – numerous cases published
In the first half of 2013, reports about professional targeted espionage attacks emerged in rapid sequence. Since government players are generally suspected of being behind these attacks, the attacks also gave rise to numerous political statements. These espionage attacks are no longer isolated events. Interest in third-party data is constant and as a result the pressure to protect sensitive data is constant as well.
Security recommendations for industrial control systems
For some time now, industrial control systems are increasingly being used in applications beyond industry as well, such as home automation. Investigations indicate that these systems are often badly protected and relatively unimpeded access from the Internet in one form or another is possible. In order to provide support, MELANI has today published eleven security recommendations as to how these control systems can be better protected.
Content management systems as a problem zone
Nowadays, a website can be set up by simple means without significant technical know-how. Content management systems (CMSs) are often used for this purpose. The widespread use of these systems makes them interesting for cybercriminals as well. Vulnerabilities are sought and unfortunately they are found as well. The most important measures which a website administrator can follow in order to operate a CMS as securely as possible are listed in the semi-annual report.Address for enquiries
Max Klaus, Deputy Head of MELANI
Federal Strategy Unit for IT
Tel. 031 323 45 07
max.klaus@isb.admin.ch
Documents
Publisher
Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)
http://www.fitsu.admin.ch
Federal Department of Defence, Civil Protection and Sports
http://www.vbs.admin.ch
