Why the internet of things (IoT) could cause a power cut
Berne, 30.04.2019 - IoT devices can be misused to a large extent for cyber attacks, successful blackmail attempts (e.g. fake sextortion) as well as money transfer fraud with Office 365 access data and the main topic "Dealing with purchased risks in hardware and software". The 28th semi-annual report of the Reporting and Analysis Centre for Information Assurance (MELANI) published on 30 April 2019 deals with the most important cyber incidents of the second half of 2018 in Switzerland and abroad.
The rapidly advancing digitalisation can only be mastered with corresponding hardware and software. The market is clearly dominated by US companies, with China in the fast lane and isolated global players in hardware and software, for example from Korea, Russia or Germany. The potential access to ICT manufacturers by the respective host countries leads to questions about how to deal with these risks properly. The 28th semi-annual MELANI report is dedicated to this problem in the key topic and deals with other current topics such as those described below.
Household appliances as triggers for a power failure
With the Internet of Things (IoT) all kinds of devices such as heaters and air conditioners are connected to the internet for remote control. This is practical, but also involves certain risks. According to a study published by Princeton University in 2018, it is quite possible that malicious actors could hack inadequately protected IoT devices, merge them into a botnet and misuse them for cyber attacks, such as a power failure. The semi-annual report highlights the problems and contains recommendations.
Extortion using fake sextortion
Since March 2018 countless fake sextortion emails have been circulating. In an email, the attackers claim to have compromising images showing recipients looking at pornographic websites. As "proof" for the authenticity of the claim, passwords or mobile phone numbers from previous data leaks are often mentioned in the email. The semi-annual report deals with this problem and shows the development of the various fake sextortion waves.
Office 365-access data used for transfer fraud
With over 100 million monthly users, Office 365 accounts have become a popular target for attackers. In the second half of 2018, so-called wire fraud occurred with Office 365 access data obtained in this way. This is what happens when fraudsters search for existing electronic invoices in compromised accounts, then copy them, add a different IBAN and redeliver them.
Address for enquiries
Max Klaus, Deputy Head of the Reporting and Analysis Centre for Information Assurance MELANI
Federal IT Steering Unit FITSU
Tel. 058 463 45 07
Federal IT Steering Unit (ab 01.01.2021: Digitale Transformation und IKT-Lenkung)
General Secretariat DDPS