​Semi annual report 2/2014 of the Reporting and Analysis Centre for Information Assurance MELANI

The Reporting and Analysis Centre for Information Assurance MELANI has celebrated its tenth anniversary. Therefore, the 20th semi-annual report does not merely focus on the main events of the second half of 2014, which concerned primarily incidents of blackmail and attacks on poorly protected systems. The report also takes a look at the development of cybercrime over the past decade.

Ten years of MELANI

There has been a massive increase in both the number of internet users and the number of platforms and services over the past ten years. New services and applications have produced further opportunities to find vulnerabilities and to exploit them too. This has also had an impact on criminal structures and has been exploited accordingly. Recent years have seen the development of a veritable underground market where everything needed for an attack can be obtained. At present, various states are also keenly interested in using the internet for espionage and surveillance methods. Compared with the first MELANI semi-annual report from 2005, however, it is obvious that the topics have largely remained the same: the spotlight was already on targeted espionage attacks, phishing, DDoS, defacement and social engineering back then.

New ransomware in the second half of 2014

The ransomware scene became even more diverse in the second half of 2014. Following on from CryptoLocker, a new piece of malware known as SynoLocker emerged. Significantly, the attackers only had to exploit a security vulnerability in a specific file server in order to trigger an infection with SynoLocker. It took more effort to cause an infection with CryptoLocker, as the Trojan could not be planted without first having user interaction such as password entry. With the Trojan, attackers infiltrate the system and encrypt files in order to extort money from the victims.

In addition, a new extortion trend is moving towards hackers accessing sensitive data, encrypting it and then threatening the affected company with disclosure if a specific sum of money is not paid. In other cases, it even happens that the whole database of a website is encrypted, making it unusable until the extorted amount is transferred.

Poorly protected systems – not just a risk for operators

At first glance, attacks on poorly protected systems such as webcams, wireless networks and content management systems for the creation of websites cause damage only for the operator or person responsible for the content. It is often forgotten that compromised systems can be used for phishing, spreading malware and sending spam, including with contaminated attachments or links to malicious websites. This semi-annual report describes concrete examples and gives recommendations for preventing imminent dangers.

Complete connectivity: smart and safe?

There is a continuously growing trend toward using smartphones to control everyday items, cars and homes remotely. Even people's mental state is being carried over to the internet with the use of health apps. However, all of this convenience means that people are also exposed to the dangers and risks of the internet and should protect themselves accordingly. The second MELANI semi-annual report for 2014 gives an insight into the possible threats lurking in our new smart world.

http://www.melani.admin.ch/dokumentation/00123/00124/01597/index.html?lang=en