MELANI report: Website security in focus

In its 21st edition, the semi-annual report of the Reporting and Analysis Center for Information Technology MELANI has changed its appearance and now features a new focus topic.

In the current issue, the topic of "Website Security" forms the first focus. In addition, an editorial will in future deal with central aspects of the semi-annual reports.

Focus topic "Website security

Content management systems (CMS) are increasingly being used to create and update Internet presences. These have the advantage that people without special expertise can create and update a website. However, people often fail to install the security updates of the CMS systems, even though these would usually be available. In the first half of 2015, this omission led to the discovery of several security vulnerabilities: In Switzerland, 70% of all websites that had the CMS software WordPress installed had security vulnerabilities.
MELANI shows how CMS systems can be operated securely.

Espionage: Switzerland also affected

In the first half of 2015, a well-known IT security service provider published details of the "Duqu2" espionage software. This made it public that the target of the espionage was, among other things, the nuclear negotiations with Iran. The last rounds of negotiations took place in Lausanne, Montreux, Geneva, Munich and Vienna. In Switzerland, the Office of the Attorney General of Switzerland is conducting criminal proceedings in this regard.

Phishing still a big issue

Phishing, the illegal acquisition of information such as user names, codes, one-time passwords, etc., is still a very big issue. MELANI observes more or less large-scale phishing campaigns almost daily. There are virtually no limits to the attackers' imagination: supposed emails from banks, fake tax forms, or even exploiting the current refugee problem in the Balkans are just a few examples of the perpetrators' modus operandi.

The report can here as PDF be obtained.