The toothbrushes attack

She is at home in the bathroom, but is part of a large-scale cyber attack. The electric toothbrush is programmed with Java and criminals have unknowingly installed malware on it, just like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes can simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage are caused.

This example, which seems like a Hollywood scenario, actually happened. It shows how versatile digital attacks have become. Stefan Zuger says:

Zuger is responsible for system technology at the Swiss branch of cybersecurity specialist Fortinet, based in Dietlikon, Zurich. If Baby monitor, webcam or even the electric toothbrushit doesn’t matter at all.

Zuger describes another example: A restaurant about to host a wedding party receives an email. Shipped from the address of the local flower shop that organizes the decoration. Attached is a photo of what it should look like. But the email does not come from the flower shop, but from cyber criminals who have hidden malware in the image. Now all an employee has to do is click on the photo and the system is infiltrated.

No one is too uninteresting for cybercriminals

The number of attacks is also increasing in Switzerland. Last year, nearly 50,000 cyber incidents were reported to the Federal Cybersecurity Office (BACS, formerly NCSC), approximately 43 percent more than the previous year. And on a global level, the attacks have reached a scale that is almost unimaginable, as data from Fortinet shows. The company is a global leader in cybersecurity and monitors the global threat landscape. All around Fortinet records 100 to 200 billion events or attack points – per day.

Although many of them come from the same source, the criminals strike in different places at the same time. According toüger, the huge number shows how highly automated cybercrime works:

This can be seen impressively in an experiment that Zuger and his team recently conducted. They connected a computer to the Internet without any protection and saw how long it took for it to become infected. It wasn’t even twenty minutes.

The message from this: no person or device is of little importance to criminals. Everyone must protect themselves. “Otherwise, sooner or later you will become a victim – or your own device will be misused for attacks,” is Zuger’s sobering conclusion.

The trick of accessing a website with a large number of hacked devices at the same time, causing it to collapse due to overload, is known in technical jargon as a ‘DDoS attack’. This method is currently very popular. Servers at Swiss government offices were recently attacked during the World Economic Forum – in retaliation for the participation of Ukrainian President Volodymyr Zelensky. A group close to Russia claimed responsibility for the attack.

“We are seeing a sharp increase in politically or activist motivated cyber attacks,” said Achim Freyer, Fortinet’s Swiss boss. A development that worries experts. Because the state or state-affiliated groups would have “almost unlimited resources.” With the rapid development of artificial intelligence (AI), we are seeing a huge upgrade in both attack and defense techniques. “The arms race is in full swing,” Freyer said.

This is confirmed by a recently published report from the British Cyber ​​Security Center. He concludes that AI will increase the scale and impact of malicious cyber activities in the near future. Thanks to intelligent assistance, the barrier to entry is lowered: it becomes easier for relatively inexperienced people to hack into systems. AI also makes it possible to target victims more specifically.

This can be seen, for example, in phishing, where criminals use fake emails or text messages to convince their victims to reveal personal data or download malware: with artificial intelligence, these attacks will become much more sophisticated and difficult to detect. Any information a person shares on social networks can be used to create a profile. For example, the attackers know where you went on holiday and can use this information to send a fake credit card statement, for example.

The insidious thing about cyber attacks is that they usually go unnoticed for a long time. Hackers often extract data for a long period of time without using it against those who have been robbed. Because the criminals are not looking for quick profits, but rather control over data, devices and systems, Freyer explains. “Only when they have achieved this will they strike.” In extreme cases, months or years would pass until then.

But as discouraging as this may sound, Stefanüger says there is still reason for optimism. “Even as a private individual you can protect yourself against many things with relatively simple means.”

How to protect yourself