IT security expert Abdelkader Cornelius: why Switzerland is a “top target” for hackers

class=”sc-29f61514-0 jbwksb”>

An attack by a hacker on the IT company Xplain from Interlaken caused a stampede in Bundesbern. The company’s software is used by the police, courts and other federal and cantonal authorities. During the attack, the hackers stole sensitive data from administration and authorities, which can now be viewed on the Darknet.

Therefore, on June 28, the Federal Council hastily created a “Data Outflow” task force. It is clear that the scale of the data theft by the Russian hacker gang Play is much more serious than previously communicated. Federal Councilor Karin Keller-Sutter said for the media: “That should worry you.” The analysis of the deployed crisis management team will probably take weeks or even months.

The attack on Xplain took place at the end of May. Because the company refused to pay the ransom, the extortionist gang posted all the stolen data to the dark web in early June – they can be accessed by tech-savvy people with just a few clicks.

Several million files

The amount of data is enormous. Almost a terabyte of data is currently accessible. We are talking about several million files. The problem with this: Xplain is not just a company. The IT company programs internal security applications. According to the Federal Council, Xplain is a central IT service provider for “national and cantonal authorities”.

The National Center for Cybersecurity (NCSC) initially said cryptically that “operational data” had actually been leaked. In fact, data from the Aargau Bureau for Migration and Integration, for example, has been largely leaked, as reported by the NZZ. These include lists of thousands of foreigners living in Switzerland with full details of their residence permits and work permit information.

The SBB security service Transsicura has also been affected by the data theft. It contains information on issued warnings, restraining orders, evictions – each with personal details about the suspect. Data has also been leaked from the Federal Police Service (Fedpol). They work very hard to estimate the extent of the damage.

Other extortion attacks on Swiss companies have faded into the background. The extortion group Cl0p has attacked two companies in recent days: the construction company Marti AG, Switzerland’s largest construction company, and the health insurance company ÖKK. In both cases, it is unclear what data the blackmailers managed to get hold of. The Marti construction company declined to comment on the observer. An ÖKK spokesperson confirmed the attack, but assured: “Our core health data system has not been compromised.”

DDoS attacks: Russian harassment

Switzerland has been under digital fire for weeks: the attacks reached a momentous climax on the day Ukrainian President Volodymyr Zelensky addressed the Federal Assembly via video transmission. Within a day, specialists registered about 500 DDoS (Distributed Denial of Service) attacks on Swiss websites. Due to a huge flow of data, the websites collapse and are no longer accessible.

Behind this wave of attacks is No Name, a Russian hacking group that is clearly politically motivated. A slew of cities, several cantons, Geneva Airport, Zurich Transport, Swiss ID (Post), Switzerland Tourism, Bank Julius Baer, ​​Heliswiss, Ruag, the Bankers Association and others were affected. The hacker group wrote on its Telegram channel that if Switzerland continues to support the regime in Ukraine, they will “visit the country and blow up the entire internet infrastructure”.

“New vulnerabilities come to light every day”

Observer: Mr. Cornelius, Switzerland is currently under attack by unprecedented Russian hackers. What happens now?
Abdelkader Cornelis: It’s actually frightening what’s happening right now. Two things are happening at the same time: on the one hand, we have politically motivated hackers from Russia because of the war in Ukraine, there are no financial interests behind it. On the other hand, we have their “colleagues” from the cybercrime world. These attackers are financially motivated. These two groups support each other, one hand washes the other. Based on the success of the politically motivated hackers, the ransomware actors see how easy it is to penetrate infrastructure in Switzerland.

Why is Switzerland an interesting destination?
Other Western countries are also affected. Anyone who supports Ukraine in any way will be targeted by Russian hackers. But Switzerland is also a very lucrative destination from a financial point of view.

Why?
Because many well-known and therefore valuable companies have their headquarters here. The hackers know that there is also a lot of money to be made here. In the eyes of the attackers, Switzerland is certainly a top target.

It seems that the attacks are getting more intense, more aggressive?
This can be illustrated by the example of the extortion gang Play. They are responsible, among other things, for the attacks on the media group NZZ and on software supplier Xplain. Here we see a whole new dimension of these attacks: the hackers were able to steal data from the customers of the blackmailed companies. This is deadly.

One has the impression that new extortion gangs are popping up all the time.
Yes, the attacker scene is constantly changing. Gangs disappear, merge, form alliances or go into battle with each other. A new player has recently appeared on the Russian-speaking scene. Calling himself a broker, he has opened an online store on the dark web: he sells what is known as initial access – in other words, nothing more than usernames and passwords for entire corporate networks. This dealer currently has 38 companies from around the world on offer – new ones are added every day. He also currently provides access to four Swiss companies.

How much does entry into a Swiss company cost?
For $700 you buy access to the network of a Swiss construction company with 200 employees. This gives you access to more than 100 company computers.

Where did this dealer access the business from?
On the one hand, there are currently a very large number of security gaps in the products of the world’s leading software companies. For example, so-called remote accesses are used, ie applications with which users can, for example, gain access to company networks in their home office. There is a huge shortage in this area. There are even manufacturers who have advised their customers to buy new devices because the products in use can no longer be properly protected. Second, there are thousands of vulnerabilities in devices running Microsoft software. The problem here: Unfortunately, many networks do not update or only update with a long delay.

Why are critical security vulnerabilities in corporate networks not immediately fixed?
Many places lack the necessary technical expertise and personnel. Many companies’ IT departments are so overloaded with work that they can’t keep up. New vulnerabilities are revealed every day. But there is not only a lack of resources, but also of competences and responsibilities.

Is there a difference between companies and governments?
Yes, the situation is much worse in government agencies and in the regulatory environment than in the private sector. However, the attackers do not differentiate between their targets anyway. Wherever they can invade, they do. Whether for companies or governments.

Recently, Russian hackers attacked dozens of cities, several cantons and other authorities within hours. Should we just watch such attacks helplessly?
No, we are not powerless. Such attacks were “Distributed Denial of Service” attacks. Massive amounts of data requests are sent to servers until they crash. There are measures to fend off such DDoS attacks. You can arm yourself against it. But that costs money. Unfortunately, many authorities are ill-prepared for such attacks.

Do we have a false sense of security in Switzerland because we think hackers are not interested in Switzerland? I think it’s a mixture of ignorance and thinking that a city or a canton is too unimportant for a hacker attack. The cybercriminals don’t see Switzerland as a neutral country, nor as a safe haven that you shouldn’t attack because you might benefit from it yourself. Switzerland is as attractive a target for criminals as Germany, Austria, the US or other Western countries.

Source:Blick