No sector is immune to cyber attacks

The half-yearly report of the National Cyber Security Centre NCSC makes it clear: Swiss companies in all sectors are also at risk.

Ransomware attacks all sectors 
All sectors worldwide are affected by attacks by cyber criminals via ransomware campaigns. It is also the most acute threat to organisations and companies in Switzerland.

Double blackmail in the healthcare sector 
Numerous institutions in the Swiss healthcare sector were attacked in the first half of the year. Often this was done using double blackmail (double extortion). This was the case with the "LockBit 2.0" ransomware, which copies a victim's sensitive data and encrypts it on the systems. Organisations were therefore faced with two challenges. Their servers were encrypted, and, at the same time, they had data leaks. So it wasn't just the institutions that were affected, but also the patients because it was not uncommon for their sensitive data to end up on the Darknet.

The situation is different in the transport and logistics sector. Here, the criminals aim to disrupt business activities as much as possible to extort a ransom payment from the attacked companies and organisations. In the case of Swissport, business continuity management and backups limited the impact on other companies.

The University of Neuchâtel was also affected by a ransomware attack in 2022. Perhaps the only positive aspect was accelerating the implementation of planned new security measures. These measures include repeated penetration tests and better early detection of attacks.

How will this develop?
The number of ransomware attacks is expected to continue to rise this year and increasingly affect critical infrastructure. Cybercriminals continue to develop their ransomware strategies, which, in addition to technological advances, means that the threat of ransomware to all types of organisations worldwide is increasing.

In addition to cybersecurity measures that protect systems against malware infections in general and, therefore, also against ransomware, some steps can be used behind the first line of defence. Researchers have found 'weak points' in some ransomware that can be exploited to prevent at least the final encryption of data.

DDoS attacks against websites and services 
DDoS attacks against websites persist in Switzerland and abroad as in the past. In the first half of 2022, Swiss SMEs were also affected. These attacks can be carried out for blackmail, to harm competing companies, and for political reasons. In addition to the data transmission rate, factors such as packets per second (pps) and requests per second (rps) should be considered. Cloudflare, for example, recorded an attack of 26 million requests per second, launched by a small, high-performance botnet consisting of only 5,067 devices.

Data protection requires data security 
A data leak is an unpleasant situation for everyone involved. No one wants to reveal personal or protection-worthy content without being asked or having to tell someone that this has happened to their data. However, data leaks occur regularly due to poorly protected or poorly maintained systems, human error or attacks with criminal intent. 

It is also possible that, in the case of a ransomware attack, the perpetrators remove data from a system as another option for blackmail. In such cases, the persons concerned may also be threatened by the criminals afterwards. This is known as triple blackmail: if the hacked company does not want to pay anything for decryption or to prevent the publication of the data, the blackmailers may address the persons concerned directly, either through the threat of publication or in the form of a personal social engineering attack. This poses a risk, especially for sensitive personal data such as patient data.

The full report can be found at ncsc.admin.ch

Daniel Gsponer