Security gaps are in focus
The reporting and analysis center Melani has presented its 22nd semi-annual report. Once again, spectacular cyber incidents occurred worldwide: The focus was on various DDoS attacks, attacks using phishing, and attacks on industrial control systems, among others. The latest Melani semi-annual report focuses on the handling of security breaches.
The Reporting and Analysis Center for Information Assurance (Melani) shows in the current half-year report The report lists the most important cyber incidents in the second half of 2015, both nationally and internationally. The security gaps, which often exist due to a lack of updates, play a major role and are therefore the focus of this half-year report.
Focus topic: Dealing with security vulnerabilities
All Internet users, whether private individuals or companies, are equally and constantly exposed to potential cyber dangers. Security gaps are particularly often exploited. In the past year Mitre, the organization for security research, has around 6,500 new vulnerabilities in its database. However, this is probably only the tip of the iceberg, as many security vulnerabilities are not even publicized or have not been reported to Mitre. The semi-annual report shows why security gaps exist and what efforts are underway as countermeasures.
Industrial control systems in focus
Great mobility and orders placed online that should be delivered as early as tomorrow place great demands on transport companies and logistics. To meet the ever-increasing demands, the control systems used today are often controlled and maintained remotely. However, such systems are often vulnerable because physical access to them is not sufficiently secured, the systems and the security mechanisms used are outdated, or because publicly known standard passwords are used. If these systems have been successfully hacked, they can be easily manipulated.
2500 reported phishing cases on antiphishing.ch
Whether by means of forged e-mails with the logo of the federal administration, infected PDF files or infected advertisements on websites: Phishing continues to be a popular method of attack. In order to better channel the reports regarding phishing and analyze them more efficiently, Melani launched the antiphishing.ch portal in summer 2015. Around 2,500 phishing sites were reported via the portal last year.
DDoS attacks still topical
In the second half of 2015, extortion was once again a popular way to make a quick financial gain in the cyber world. In addition to the numerous types of encryption malware, DDoS attacks were again used to try to disrupt the availability of websites and then extort money from a victim. After the "DD4BC" group was primarily active with DDoS attacks in mid-2015, an "Armada Collective" group emerged in the second half of the year. The current semi-annual report shows how the DDoS attacks work and how companies can protect themselves against them.
Source: Reporting and Analysis Centre for Information Assurance Melani
