Information Assurance MELANI

Information Assurance MELANI

Federal IT Steering Unit FITSU Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI https://www.melani.admin.ch/ INFORMATION ASSURANCE SITUATION IN SWITZERLAND AND INTERNATIONALLY Semi-annual report 2018/I (January – June) 8 NOVEMBER 2018 REPORTING AND ANALYSIS CENTRE FOR INFORMATION ASSURANCE MELANI https://www.melani.admin.ch/ 1 Overview / Content 1 Overview / Content .............................................................................................. 2 2 Editorial................................................................................................................. 5 3 Key topic: vulnerabilities in the hardware ....................................................... 6 3.1 Spectre and Meltdown ..................................................................................... 6 3.2 Why this design error? .................................................................................... 6 3.3 Possible solutions ........................................................................................... 7 3.4 Possible developments.................................................................................... 8 4 Situation in Switzerland...................................................................................... 9 4.1 Espionage ........................................................................................................ 9 Spiez Laboratory name misused as sender of "Olympic Destroyer" ........................... 9 4.2 Industrial control systems ............................................................................. 11 Open systems on the net - threat or "daily business"? ............................................. 11 4.3 Attacks (DDoS, defacements, drive-bys) ....................................................... 14 Apophis Squad activities in Switzerland ................................................................... 14 4.4 Social engineering and phishing ................................................................... 15 Phishing .................................................................................................................. 15 Calls on behalf of banks .......................................................................................... 16 GDPR phishing ....................................................................................................... 16 Espionage attacks via the calendar ......................................................................... 17 Supposed prizes - chain letters in the name of IKEA, Milka and Co ......................... 18 From the internet to the real world - when attackers make personal visits ................ 18 "Look alike" domains ............................................................................................... 19 Email addresses for sale ......................................................................................... 20 4.5 Data leaks....................................................................................................... 22 Swisscom sales partners lose customer data .......................................................... 22 The use of stolen data ............................................................................................. 23 Passwords for sextortion ......................................................................................... 23 Credential stuffing with old passwords ..................................................................... 24 4.6 Crimeware ...................................................................................................... 24 4.7 E-banking Trojans in Switzerland .................................................................. 26 "Retefe" und social engineering ............................................................................... 26 "Dridex" and offline payment software ..................................................................... 27 "Gozi ISFB" and drive-by dissemination ................................................................... 28 Page 2 of 61 5 Situation internationally ................................................................................... 29 5.1 Espionage ...................................................................................................... 29 "Sofacy" linked to various incidents ......................................................................... 29 VPN filter - at least 500,000 devices affected ........................................................... 30 Attack on the German Federal Government network ............................................... 31 Attacks on energy providers .................................................................................... 32 Attackers focus on "Cisco's" "Smart Install" ............................................................. 33 5.2 Industrial control systems ............................................................................. 35 VW and Audi infotainment systems hacked ............................................................. 35 Cryptominers at European wastewater facility.......................................................... 36 "Hide'n Seek" - IoT botnet with peer-to-peer function ............................................... 36 5.3 Attacks (DDoS, defacements, drive-bys) ....................................................... 37 "Memcached DDoS" attack ..................................................................................... 37 Banks' internal systems remain the target of cybercriminals..................................... 39 5.4 Data leaks....................................................................................................... 39 DHS privacy leak..................................................................................................... 39 "Exactis" data leak .................................................................................................. 40 5.5 Preventive measures ..................................................................................... 40 Member behind the Carbanak/Cobalt attacks arrested............................................. 40 Cyber Europe 2018 - preparing for the next cyber crisis ........................................... 41 Lazarus C&C server take over ................................................................................. 42 6 Trends and outlook ........................................................................................... 42 6.1 The use of data in attacks .............................................................................. 42 6.2 Networked medical devices, health data and patient dossiers ..................... 44 6.3 Speed before security? - even in the future, not everything can be entrusted to mobile communications. ........................................................................... 45 The known problems with the SS7 protocol in the case of 2G and 3G ...................... 45 LTE makes things better, but is still far from perfect ................................................. 46 Will 5G finally close the vulnerabilities? ................................................................... 46 Network security alone does not protect .................................................................. 47 7 Politics, research, policy .................................................................................. 48 7.1 Switzerland: parliamentary procedural requests........................................... 48 7.2 Political cyperspace developments - current status ..................................... 52 7.3 GDPR and Data Protection Act ...................................................................... 53 8 Published MELANI products............................................................................ 54 Page 3 of 61 8.1 GovCERT.ch Blog .......................................................................................... 54 8.2 MELANI newsletter......................................................................................... 54 Data leaks, crimeware and attacks on industrial control systems – topics in the MELANI semi-annual report .................................................................................................. 54 Wieder vermehrt betrügerische Anrufe bei Firmen ................................................... 54 8.3 Checklists and instructions ........................................................................... 54 9 Glossary ............................................................................................................. 55 Page 4 of 61 2 Editorial Dear reader, Historically, Switzerland was born out of trusted relationships between leaders of early Cantons who collaborated to defend against threats they had in common. This original example of trust among communities resulted in the successful long-term development of a safe and secure society. Today trust continues to play a central role in the safety and security of our digital society. The concept of "trust groups" of like-minded people has become important in every industry sector. These are groups of people working together to defend and fight against cyber threats Dr. Bruce Nikkel and cybercriminal activity common to the group. Head of Cybercrime Intelligence & Forensic Investigation, UBS Chairman of the European FI-ISAC Trust groups can be ad-hoc communities of like-minded Professor of Digital Forensics, Berner Fachhochschule individuals who meet to discuss technical threats

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    61 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us