21st MELANI semi-annual report covers key topic of website security
Berne, 29.10.2015 - The 21st MELANI semi-annual report is dedicated to incidents such as espionage attacks, including those which affected Switzerland, the ever-present phishing attacks and the key topic of website security. The key topic is one of several innovations which the semi-annual report underwent.
To simplify reading, the semi-annual report of the Reporting and Analysis Centre for Information Assurance (MELANI) was restructured and the layout was modified. MELANI has also used the start of the second decade of its existence to redesign its logo. Another innovation is the addition of a key topic which in future will have an extensive chapter dedicated to it. In the current issue, website security is the first such key topic. Furthermore, core aspects of the semi-annual reports will be examined in an editorial in future.
Key topic: website security
Content management systems (CMS) are increasingly being used for creating and updating websites. They have the advantage that people who do not have any specialist knowledge can use them to create and update a website. However, a step frequently omitted in this process is the installation of security updates for the CMS systems, despite these generally being available. Due to this omission, several security vulnerabilities were discovered in the first half of 2015: in Switzerland, 70% of all websites which had installed the CMS software Wordpress had security vulnerabilities. MELANI reveals how CMS systems can be operated securely.
Espionage: Switzerland also affected
In the first half of 2015, a well-known IT security provider published details on the Duqu2 espionage software. It was thereby made known that the target of the espionage included the nuclear negotiations with Iran. The last rounds of talks took place in Lausanne, Montreux, Geneva, Munich and Vienna. In Switzerland, criminal proceedings are being conducted by the Office of the Attorney General in this regard.
Phishing still a major topic
Phishing, the illegal acquisition of information such as usernames, codes, one-time passwords, etc. continues to be a major topic. MELANI observes large-scale phishing campaigns almost every day. There are hardly any limits to the imagination of the attackers: alleged e-mails from banks, bogus tax forms or even the exploitation of the current refugee problem in the Balkans are just a few examples of the modus operandi of the perpetrators.
Address for enquiries
Max Klaus, Deputy Head of MELANI
Federal IT Steering Unit FITSU
Tel. 058 463 45 07