Ten years of MELANI: a review and look at current cyber threats in 20th semi-annual report

Berne, 30.04.2015 - The Reporting and Analysis Centre for Information Assurance MELANI has celebrated its tenth anniversary. Therefore, the 20th semi-annual report does not merely focus on the main events of the second half of 2014, which concerned primarily incidents of blackmail and attacks on poorly protected systems. The report published today also takes a look at the development of cybercrime over the past decade.

The Reporting and Analysis Centre for Information Assurance MELANI has been operational since 1 October 2004. There has been tremendous development in the internet since then, as well as in the types of threats seen in cyberspace.

Ten years of MELANI

There has been a massive increase in both the number of internet users and the number of platforms and services over the past ten years. New services and applications have produced further opportunities to find vulnerabilities and to exploit them too. This has also had an impact on criminal structures and has been exploited accordingly. Recent years have seen the development of a veritable underground market where everything needed for an attack can be obtained. At present, various states are also keenly interested in using the internet for espionage and surveillance methods. Compared with the first MELANI semi-annual report from 2005, however, it is obvious that the topics have largely remained the same: the spotlight was already on targeted espionage attacks, phishing, DDoS, defacement and social engineering back then.

New ransomware in the second half of 2014

The ransomware scene became even more diverse in the second half of 2014. Following on from CryptoLocker, a new piece of malware known as SynoLocker emerged. Significantly, the attackers only had to exploit a security vulnerability in a specific file server in order to trigger an infection with SynoLocker. It took more effort to cause an infection with CryptoLocker, as the Trojan could not be planted without first having user interaction such as password entry. With the Trojan, attackers infiltrate the system and encrypt files in order to extort money from the victims.

In addition, a new extortion trend is moving towards hackers accessing sensitive data, encrypting it and then threatening the affected company with disclosure if a specific sum of money is not paid. In other cases, it even happens that the whole database of a website is encrypted, making it unusable until the extorted amount is transferred.

Poorly protected systems – not just a risk for operators

At first glance, attacks on poorly protected systems such as webcams, wireless networks and content management systems for the creation of websites cause damage only for the operator or person responsible for the content. It is often forgotten that compromised systems can be used for phishing, spreading malware and sending spam, including with contaminated attachments or links to malicious websites. This semi-annual report describes concrete examples and gives recommendations for preventing imminent dangers.

Complete connectivity: smart and safe?

There is a continuously growing trend toward using smartphones to control everyday items, cars and homes remotely. Even people's mental state is being carried over to the internet with the use of health apps. However, all of this convenience means that people are also exposed to the dangers and risks of the internet and should protect themselves accordingly. The second MELANI semi-annual report for 2014 gives an insight into the possible threats lurking in our new smart world. 

Address for enquiries

Max Klaus, Deputy Head of MELANI, Federal IT Steering Unit FITSU
Tel. 058 463 45 07


Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)

General Secretariat DDPS