SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part II

In the previous article, we were looking for inspiration on how to raise security awareness in Aristotle’s approach to artistic communication between actor and audience. His Theater of Illusion with its catharsis momentum gave us some insights on how to manufacture communications measures in order to achieve a learning process by proxy.

In the present article, we’re going to have a closer look at Brecht’s more modern concept of Epic Theater. The German playwright strives to move away from the Theatre of Illusion, from identification and purification, towards the active re-evaluation of reality by the audience.

Continue reading


1 Comment

The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part I

There is a lot of drama surrounding the subject of security awareness. Whether it is because of the limited resources available in the face of ever-increasing demand, or the fact that awareness measures are still largely the responsibility of technically trained security experts – one could say that security awareness is surrounded by an air of tragedy.

How can you get users to manage data and devices securely? People have long wondered how to craft a message that moves people (to do something) – since well before the invention of advertising or awareness campaigns. It’s the same problem that lies at the heart of artistic communication between actor and audience. This article is, therefore, not about drama in the proverbial sense, but rather about literary drama as a work of art (of the theatre). Can literary scholarship provide us with insightful answers to this big question? First, we’re going to have a look at Aristotle  and the Classical Drama. Continue reading


Leave a comment

The March/April 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Lenin and the detectives: Mobiispy stalkerware can make highly personal data collected while monitoring children and partners publicly accessible
  • Ransomware trojan LockerGoga brings companies to their knees
  • Straight talk at Facebook: when tech giants fail to meet even minimal security requirements
  • Malware straight from the factory: when Shadow Hammer strikes the supply chain

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.


1 Comment

DNSSEC Usage in Switzerland is on the rise after widespread attacks on the Domain Name System

Attacks on the DNS System

Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the Internet’s core infrastructure and are not directly visible to end users in most cases. This time it was different. The recent widespread DNS hijacking attacks on several Mid East, North African and European and North American governments and infrastructure providers, published by Ciscos Talos showed that DNS attacks are a real threat to cyber security. Netnod, one of the affected infrastructure providers issued a statement, that called, amongst other domain security mechanisms, for the implementation of the DNS Security Extensions (DNSSEC).

The analysis of these attacks also convinced the Internet Corporation for Assigned Names and Numbers (ICANN) that there is an ongoing and significant risk to key parts of the System (DNS) infrastructure. ICANN issued a call for “Full DNSSEC Deployment to Protect the Internet” across all unsecured domain names.

The question is if  these attacks and the awareness that DNSSEC is an absolute essential base layer protection for domain names had some effects on the Implementation of DNSSEC Switzerland?

More DNSSEC signed domain names

As a ccTLD operator SWITCH publishes the number of DNSSEC signed .ch and .li domain names every month. While the number of signed domain names is still very low at around 3-4% we see a rise in the numbers of signed domain names for two years now.

DNSSEC signed .ch domain names 1.4.2019

Continue reading


Leave a comment

The January/February 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Company networks at serious risk: recent waves of malspam have been spreading the multifunctional trojan Emotet, targeting Windows devices in particular
  • Phishing, porn, data theft: rogue apps appearing as a new and harmful type of ‘non-sellers’ on Google Play and other app stores
  • Spy Time now also available for Apple devices – Serious security vulnerabilities allow outsiders to eavesdrop on FaceTime conversations and steal passwords from Keychain in MacOS
  • Alexa home alone, nuclear attack via Nest and a new password law in California – what happens when IoT gadgets run amok?

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

Mobile Malware


Rogue Mobile App

Rogue mobile apps are counterfeit apps designed to mimic trusted brands or apps with non-advertised malicious features. In both cases, the goal is that unaware users install the app in order to steal sensitive information such as credit card data or login credentials.

The common way to install apps is to use the official app store. By default, neither Android nor Apple’s iPhone allow users to install apps from unknown sources. However, this does not mean we can just trust the official app store. SWITCH-CERT has been monitoring Apple’s App Store and Google Play for some time and noticed that many rogue apps are able to sneak into Google Play especially.

Google Play

Attackers are abusing the weak app testing procedure of Google to sneak their rogue apps into Google Play. One can find counterfeit apps of Swiss brands on a regular basis. Typically, the apps reside on Google Play for some time until it is removed because of take down requests from security researchers. Until that happens, unaware users are likely to install such apps and put their data at risk.

The screenshot below shows apps found when searching for Bluewin. During the last months, Bluewin has been a common target for rogue counterfeit apps. The red circle indicates the rogue app.

Play Store result for the search key word “Bluewin”

Continue reading


The November/December 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • SiSyPHuS gives Windows 10 low marks for data protection and security
  • Vivy app suffering from multiple diseases: security researchers uncover several vulnerabilities in the patient data app
  • Facing court: Chinese facial recognition unfairly lands big entrepreneur in hot water
  • Not exactly cuddly: data protection authority imposes first GDPR fines after hacking attack

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.