cyber threats: situation national and international
TRANSCRIPT
![Page 1: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/1.jpg)
httpwwwthebciorgindexphphomeswiss-chapter-home
1
CYBER THREATS SITUATION NATIONAL AND INTERNATIONAL
05042017
Max Klaus Deputy Head Reporting and Analysis Centre for information Assurance MELANI
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 2: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/2.jpg)
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 3: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/3.jpg)
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 4: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/4.jpg)
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 5: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/5.jpg)
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 6: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/6.jpg)
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 7: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/7.jpg)
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 8: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/8.jpg)
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 9: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/9.jpg)
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 10: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/10.jpg)
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 11: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/11.jpg)
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 12: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/12.jpg)
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 13: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/13.jpg)
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 14: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/14.jpg)
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 15: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/15.jpg)
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 16: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/16.jpg)
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 17: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/17.jpg)
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 18: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/18.jpg)
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 19: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/19.jpg)
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 20: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/20.jpg)
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 21: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/21.jpg)
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 22: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/22.jpg)
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 23: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/23.jpg)
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 24: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/24.jpg)
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 25: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/25.jpg)
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 26: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/26.jpg)
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 27: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/27.jpg)
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 28: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/28.jpg)
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 29: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/29.jpg)
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 30: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/30.jpg)
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 31: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/31.jpg)
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 32: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/32.jpg)
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 33: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/33.jpg)
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
![Page 34: Cyber threats: Situation national and international](https://reader034.vdocuments.site/reader034/viewer/2022051521/5aabf1ee7f8b9a893c8b4841/html5/thumbnails/34.jpg)
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15