Acquiring data illegally, whether through hacking or
phishing, was on the increase again last year. The attempts
to steal company, client or credit-card data which are made
public usually concern attacks against large companies.
However, these particularly high-profile attacks are only
the tip of the iceberg, as the MELANI semi-annual report
published today shows.
Multiplication of attacks against SMEs
In the first half of 2012, numerous large companies were
once again the target of cyber attacks involving the theft
of client data - mainly usernames and passwords, but also
credit-card data. Among those affected were LinkedIn,
Global Payments, Yahoo and Twitter. However, from a study
carried out in 2011 it is clear that these attacks account
for only a small proportion of the total. Of the 885
incidents investigated worldwide, 75% of attacks were
perpetrated against small and medium-sized enterprises
(SMEs) with fewer than 1,000 staff. This can be explained
by the fact that SMEs are not as familiar with the ins and
outs of information security as larger companies are. This
also means an increase in the possibilities for attack.
Phishing hampers client communication
Phishing attacks are observed on a daily basis in
Switzerland. In most cases, e-mails deceive a company's
clients into revealing their username, password or
credit-card details. Attacks via telephone - known as voice
phishing - have also increased over the past six months.
Here the victim is misled into believing an ICT support
provider is on the line. The aim here is to convince the
victim to give the supposed provider remote access to his
or her computer. The attacker thereby gains access to all
data such as credit-card information, for example.
The victims are not the only ones adversely affected by
such attacks. For companies and their client communication,
it is becoming increasingly difficult to prove to clients
in their own communications that the sender is authentic.
The cyber component of the Middle East conflict
The violent upheaval of the Arab Spring was accompanied by
a cyber conflict which continues on to this day. Many
different ways are tried to infiltrate not only e-mail
accounts, but also social network groups, in order to
obtain information on planned activities and the identities
of the persons involved, as well as other useful data.
Furthermore, on a regular basis websites are brought down,
documents belonging to the state or to individuals are
stolen, and malware is used for sabotage purposes.
National strategy to protect Switzerland from cyber risks
On 27 June 2012, the Federal Council adopted a national
strategy to protect Switzerland from cyber risks (NSC). The
Federal Council thereby took account of various
parliamentary proposals calling for stronger measures
against cyber risks. The strategy should allow businesses
and the authorities to work together more closely.
Moreover, the following objectives should be achieved:
early identification of virtual threats and dangers;
improved resilience of critical infrastructures; and an
effective reduction of cyber risks such as cyber crime,
cyber sabotage and cyber espionage. The measures as defined
in the strategy are to be implemented by the end of 2017,
and a yearly progress report on implementation status is to
be submitted to the Federal Council. Coordination of
strategy implementation has been entrusted to the Federal
IT Steering Unit (FITSU) and MELANI.
International cooperation in Europe
In order to fight cyber crime successfully also at the
international level, on 28 March 2012 the European
Commission proposed to set up a new European Cybercrime
Centre at Europol, the European law enforcement agency
headquartered in The Hague. The centre is scheduled to
begin operations on 1 January 2013.
Max Klaus, Deputy Head of MELANI
Federal IT Steering Unit FITSU
Tel. 031 323 45 07