Thinking like the «bad guys» for a secure cyberspace

As Scientific Project Manager at armasuisse Science and Technology (S+T), Dr. Alain Mermoud is responsible for Technology Monitoring and Forecasting. Together with Dr. Mathias Humbert, responsible for Privacy and Machine Learning at armasuisse S+T, he is organising the Cyber-Defence Campus Conference from November 3 – 4 in Lausanne.

Is it common practice in the cyber world to align yourself to the «bad guys» processes?

Of course, the police does the same. A good policeman also thinks: «What would the thief do?» Or if you want to make your house safe from burglars, you also have to consider whether they will come in through the window, or through the roof, etc. In addition to my job at armasuisse, I’m also active as an intelligence officer in the Swiss armed forces. The principle is exactly the same there – you have to think like «red» in order to decide what you can do best as «blue». As a defender, it definitely helps to think like an attacker.

So the best cyber specialists are former hackers?

One can say that many cyber-security specialists come from a hacking background. This doesn’t mean that they have a criminal past, as there is such a thing as ethical hacking. The decisive factor is how the knowledge and motivation are used. That’s the difference between «white hat» hackers – the «good guys» and «black hat» hackers, the «bad guys», if you like.

You talk about threat intelligence and open source platforms. Can you explain more about these?

There are various platforms – such as MISP or Open Threat Exchange – on which ethical hackers, as well as companies, can exchange information on potential dangers. One example is MELANI-NET, on which an exchange of information on critical infrastructures, such as hospitals, the SBB or banks, takes place every day.

Source and full article : armasuisse S+T

Coronavirus and cybercrime in Switzerland

The coronavirus has turned our everyday lives upside down, and society has found itself in an extraordinary situation. The inherent uncertainty has meant that people need more information and protection, not to mention new working conditions – and criminals are cleverly exploiting this situation. When the lockdown hit, the internet all of a sudden became the virtual solution to almost everything. As the registry for .ch domains, the IT infrastructure provider for universities and a multi-sector CERT, SWITCH has a good overview of the cybercrime occurring in the shadow of the rapid rise of the digital economy.

[…] One development that could be established, though, was a rise in the number of phishing attacks on Swiss internet users working from home. The fact that people are working outside the largely protected network at their regular place of work has only made these attacks easier to carry out. The attacks that SWITCH-CERT has observed were deliberately aimed at higher education staff and users of Swiss IT service providers such as web hosting services. Fraudsters then often abused the web hosting access credentials they got their hands on to host additional phishing sites on the existing domain names and web servers. Fortunately, these compromises were identified and eliminated quickly. Various hosts have warned their customers of the attacks, and MELANI (the Reporting and Analysis Centre for Information Assurance) has also reported a spike in phishing activities.

[…] The rise in cybercrime connected with the coronavirus pandemic highlights yet again just how fragile the internet infrastructure really is. Applying security standards such as DMARC and DNSSEC should therefore be given urgent priority to strengthen digital Switzerland’s resilience for the future and thus make it more difficult for scammers to carry out image-damaging cyber attacks.

Source and full article : Switch

La Confédération se penche sur le partage d’information cyber

Lors de sa séance du 13 décembre 2019, le Conseil fédéral a adopté le rapport «Obligation de déclarer les incidents graves affectant la sécurité des infrastructures critiques: solutions possibles». Ce rapport décrit les principales questions qui se posent au sujet de l’introduction d’obligations de déclarer et présente plusieurs modèles possibles pour la mise en œuvre de telles obligations. Le Conseil fédéral se fondera sur les résultats de ce rapport pour prendre, d’ici à fin 2020, des décisions de principe sur l’introduction d’obligations de déclarer.

En Suisse, il n’existe pas d’obligation générale de signaler les cyberincidents. Les informations sur les cyberincidents concernant des infrastructures critiques telles que l’approvisionnement en énergie, la télécommunication et les secteurs des finances et des assurances s’échangent sur une base volontaire par l’intermédiaire de la Centrale d’enregistrement et d’analyse pour la sûreté de l’information (MELANI). Vu l’évolution rapide des cyberrisques, il faut se demander si cet échange volontaire est suffisant pour identifier à temps les menaces dans tous les secteurs. C’est pourquoi la Stratégie nationale de protection de la Suisse contre les cyberrisques prévoit l’examen d’obligations de notifier dans ce domaine. En outre, le Parlement a transmis un postulat (17.3475 Graf-Litscher) qui charge le Conseil fédéral de présenter un rapport sur les possibilités d’introduire des obligations de signaler les incidents de sécurité affectant les infrastructures critiques

Source : Bund