View
112
Download
1
Embed Size (px)
Citation preview
httpwwwthebciorgindexphphomeswiss-chapter-home
1
CYBER THREATS SITUATION NATIONAL AND INTERNATIONAL
05042017
Max Klaus Deputy Head Reporting and Analysis Centre for information Assurance MELANI
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Mandate
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 3
Protect swiss critical infrastructures from cyber-attacks
Protection of swiss critical infrastructures onlypossible in close co-operation with the private industry Public Private Partnership
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
General framework
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
bull No mandatory disclosure of cyber
attacks in Switzerland
bull Subsidiarity
bull No right of command outside of the
federal government
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Organization
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 7
MELANI
FDF FITSUDirection and Strategy
GovCERTchTechnical Analysis
DDPS FISMELANI OICIntelligence analysis
Closed Constituency (in alphabetical order)
bull Armamentbull Chemistry and pharmazeuticalsbull Energybull Financebull Governmentbull Health Carebull Industrybull Insurance Companiesbull Rescue Servicesbull Telecommunicationbull TransportationLogistics
Open ConstituencySME population
wwwmelaniadminch
Internation network
- Interpol- Europol
Vendors
EGC EuropeanGovernmentCERTs
Foreign Countries- CPNI- BSI- A-SIT-
High Tech Crime Units- Club de Berne
Science and research
FIRSTForum of Incident Responseand Security Teams
Swiss Cyber Experts
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Public products (14)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Public products (24)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Public products (34)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Public products (44)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 4
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
How did threats change
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 11
gt100 years ago
derstandardat
10 years ago
augsburgerallgemeinede
today
jdpowercom
bull Instruments becoming more and more modern
bull Networked pupolation
bull Awareness
tomorrow
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Threat level national and international
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 12
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Actors
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 13
Script Kiddies
Hacktivism
Terrorism
Organized Crime
Insiders
State Actors
Secret Services
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Jobsharing in the hacker industry
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 14
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
How attacks work
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 16
CriminalVictim
Internet
Another
criminal
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
At the beginning of the evil Social engineering
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 17
httpswwwyoutubecomwatchv=F7pYHN9iC9I
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
DDoS attacks
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 18
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Protonmail (12)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 19
httpswwwyoutubecomwatchv=F7pYHN9iC9I
Bots
Command amp Control Server Armada Collective
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Protonmail (22)
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 20
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
The Black Monday 2016
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 21
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
DDoS Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 22
Proactive
bull Identify business critical services
bull Agree counter-measures with your provider
Reactive
bull laquosit outraquo
bull IP geo filtering
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 23
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
CEO Fraud
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 24
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
CEO Fraud Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 25
bull Make clear payment directives
bull Do not share internal information
bull Ask your management in case of doubt
bull Be careful with mails from people pretendingto know you
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Crypto Trojans
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 26
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Wanna Cry Timeline
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 27
150520170830 Uhr
140520171500 Uhr
140520171100Uhr
130520171000 Uhr
120520171700 Uhr
120520171630 Uhr
120520171230 Uhr
150420171404201714032017
MS Security Bulletin
MS17-010
Shadow Brokers
Leak
Scan forvulnerable
systems
Media Problems at
Telefo-nicaES
Information to Closed
Constituency
NHS UK confirms
problems in hospitals
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update to
ClosedConstituency
Situation Update on
MELANI Website
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Wanna Cry in numbers
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 28
230rsquo000 incfected devices 150 countries
bull 204 infections
bull Only private individuals and SME no CI operators
bull 12-15052017 24 (at least 30 on duty)
bull about 100 media requests answered
bull Countless requests from private individualsSME answered
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Crypto Trojans Recommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 29
bull Backup your data regularly
bull Disconnect external devices from yourPCnetwork when backup is complete
bull Check the backup quality from time to time
bull Try to recover your datawwwnomoreransomorg
bull Do not pay any ransom
bull Inform MELANIfedpol and report the attackto the cantonal police in charge
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Table of Contents
1 Reporting and Analysis Centre for Information Assurance
2 Threat LevelEvolution situation (nationalinternational) Actors
3 Cyber-Attacks Selected examples
4 ConclusionsRecommendations
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Conclusions
bull IT is a double edged sword It offers great possibilities but there are also threats
bull The organized crime has great possibilities (know-how money etc)
bull Most hackers want to make money or steal information
bull The weakest chain link will be attacked Unfortunately in most cases thisis the human being
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Recommendations proactive
The usual first
bull Use strong passwords change your passwords regularly
bull Firewall (blacklistingwhitelisting etc)
bull Updates
bull Backups
bull etc
But
bull Technical measures are insufficient
bull Consider organizational stuff such as BCM Crisis Communication etc
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
Recommendations reactiveCrucial question
Block infected systems yes or no
Where you can ask for help
bull CI operators replymelaniadminch (best effort)
bull Private individuals SME fedpol (httpswwwcybercrimeadminch)
Anonymos reports are possible (MELANI and fedpol)
Prosecution
bull Private individuals cantonal police at your living place
bull Companies cantonal police at your headquarter
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 6
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15
THANK YOU FOR YOUR ATTENTIONAND NOW QampA
01032018 httpwwwthebciorgindexphphomeswiss-chapter-home 15