March 2015 – SWITCH Security-Blog

Drive-by code and Phishing on Swiss websites in 2014

In 2014, about 1,800 Swiss websites were cleaned from drive-by code, compared with 2,700 in 2013, a decline of 33%. At the same time, the number of phishing cases affecting .ch and .li top-level domains rose from only a handful in 2013 to more than 300.

Drive-by code on Swiss websites in 2014

Last year, 35,796 suspicious drive-by URLs in the .ch and .li top-level domains were reported to SWITCH. Security experts from SWITCH-CERT automatically sent requests to these servers and analysed the responses, looking for malicious code injected into the HTML source code. When an expert identified malicious code, the registrar or domain name holder and the web hoster were notified and asked to remove it within one working day. This was done for 1,839 domain names in 2014. In 1,493 (81%) cases, the code was removed by the web hoster or domain holder within one day. For the other 346 domains, the deadline was not met, and the domain name was temporarily suspended to prevent further damage to website visitors. Some 264 (14%) of the infected websites were cleaned of malicious code, with the remaining 82 domain names having to be reactivated after five days, the maximum suspension time by law. A request for identification was sent to the holders of all 82 domains, resulting in an additional 59 (3.2%) of websites being cleaned. A total of 23 (1.3% of all notified) domain names were deleted after 30 days because the domain holder failed to respond to the identification request.

malware2015_E — Compromised .ch and .li websites used for drive-by infections by quarter

Continue reading “Drive-by code and Phishing on Swiss websites in 2014”

The March 2015 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

Fish bites angler – Lenovo, Komodia and Superfish
Gemalto-gate – secret service hack goes right to the roots of mobile security
Carbanak – digital bank robbery on a grand scale
It’s not all bad news – Europol takes down Ramnit botnet
The Clipboard: Interesting Presentations, Articles and Videos

The Security Report is available in both english and german language.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

IT-Security-Links #71

Small drones flying around the San Fernando Valley in Los Angeles, determining mobile devices’ locations for location based ad campaigns. But no worries: no personally identifiable information is captured, …except the device ID.
Adware: Oracle – obviously inspired by SuperFish – includes now the Ask-Adware in their Java for Macs.
The Sound of Botnets: At Microsoft’s Cybercrime Center in Redmond, the silent zombie robot armies now have a voice.
What happens inside Amazon Web Services when there’s a Xen vulnerability? In the past six months AWS has twice had to reboot some of its Elastic Compute Cloud (EC2) servers.
Symantec published their 24-page report on “The state of financial Trojans 2014” (PDF)…
…and FireEye released their Mobile Threat Report “A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps.”

German:

Das Bayrische Landesamt für Datenschutz hat aktuelle Smart-TVs auf Sicherheit und Datenschutz untersucht. Wegen des ~~Verbraucherschutzes~~ Schutzes von Betriebsgeheimnissen wird der Prüfbericht aber nicht veröffentlicht.
Die Digitale Gesellschaft Schweiz veröffentlichte ihren Swiss Lawful Interception Report 2015 zu den Überwachungsaktivitäten von Bund und Kantonen.
Mobiles Arbeiten liegt im Trend und ist mit Sicherheitsrisiken verbunden, auch in der Bundesverwaltung. Da ist es besonders kritisch, wenn sich entsprechende IT-Projekte, z.B. zur Absicherung von Fernzugängen, verzögern.