Data leaks, crimeware and attacks on industrial control systems – topics in the MELANI semi-annual report
Berne, 26.04.2018 - The 26th semi-annual report of the Reporting and Analysis Centre for Information Assurance (MELANI), published on 26 April 2018, addresses the most important cyber incidents of the second half of 2017 both in Switzerland and abroad. Among other things, the focus is on the widespread use of crimeware and attacks on industrial control systems in the medical technology sector. The spate of data leaks and their repercussions are examined in the main topic.
In October 2017, the internet services company Yahoo! had to admit that a hacker attack in 2013 affected the data of all users of this service. It is thus likely that more than 3 billion data sets were leaked. The incident is considered to be the world's largest data leak to date. In Switzerland, data leaks at Swisscom, with 800,000 data sets, and at dvd-shop.ch, with 70,000 data sets, were the main issues in the second half of 2017. In the key topic of the current semi-annual report, MELANI examines the repercussions of such data leaks, data protection aspects and the issue of how those affected should be informed.
Crimeware still very active
The use of crimeware, especially encryption and e-banking Trojans, remained widespread in the second half of 2017. The data from MELANI/GovCERT shows that Downadup, also known as Conficker, is still one of the most widespread malwares in Switzerland, even though a patch for the security vulnerability exploited has been available for more than ten years.
Attacks on industrial control Systems
Industrial control systems are at the heart of not only numerous critical infrastructures such as energy supply, but also many medical technology devices such as MRI scanners and pacemakers. The failure of such devices can be life-threatening for patients in extreme cases. This semi-annual report addresses the challenges associated with security updates for medical devices and deals with possible security vulnerabilities concerning pacemakers.
Address for enquiries
Max Klaus, Deputy Head of the Reporting and Analysis Centre for Information Assurance MELANI,
Federal IT Steering Unit FITSU,
Tel. 058 463 45 07,
Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)
General Secretariat DDPS