SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The September/October 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Ransomware – the new normal of digital extortion
  • A murky supply chain – how hackers profited from Cumulus data
  • Smisherman’s Friends – a new wave of smishing attacks is washing over Europe and Switzerland

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.


Leave a comment

Growing support for open security standards in Switzerland

Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to the leading countries in Europe, but there is more and more support from the Internet industry, authorities and not for profit organizations in Switzerland.

Why are open security standards so important?

The implementation of open security standards that come out of the Internet Engineering Task Force (IETF), reduce the attack surface of the domain/service owner. But even more important, a growing implementation rate reduces the attack surface of the internet as a whole and makes the life of cyber criminals and state actors more challenging. Open security standards provide different mechanisms to secure our communication on the internet, most important encryption and authentication. Encryption keeps our communication on the internet confidential and prevents third parties from reading our emails and tracking on which web sites users spend their time. Authentication allows us to identify and authenticate our communications partners, it makes sure that we are not on a fake website or send emails or our login credentials to a rogue email server. Continue reading


Leave a comment

The July/August 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Aimless navigation – Garmin scrambling to regain its bearings after hacking incident
  • Hacking with a heavy hand: German intelligence is making a push to install hardware directly with internet providers and reroute internet traffic
  • A protection shield minus the protection – ECJ declares Privacy Shield unlawful
  • A night(mare) of celebrities – The ‘biggest Twitter hack of all times’ raises questions about the security of the network

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.


1 Comment

The Mai/June 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • The coronavirus: a blessing for some, a curse for others – where is IT security at with contactless payment?
  • You’ve got mail (and malware too) – serious security gap in Apple’s Mail app on iPads and iPhones now closed
  • Everything must go – ‘Shade’ hackers ‘shut down’ and publish hundreds of thousands of decryption keys
  • Swiss users targeted by cybercriminals
  • Elite targets – ETH supercomputers Euler and Leonhard (and more) hacked

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.


The March/April 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • The coronavirus has company – a pandemic of computer viruses
  • The ten most important rules for working securely from home
  • Online meetings – how secure are Cisco Webex and Zoom?
  • For real? Ransomware gangs develop a ‘code of honour’ in the coronavirus pandemic

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.


Attacks on DNS continue, targets are also in Switzerland

Attacks on the domain name system continue

Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue.  The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.

Victims in Switzerland

For the first time, Talos also reported victims in Switzerland.

Geographic Location of Sea Turtle Victims by Talos

While Talos didn’t disclose the targeted organizations they identified these groups as primary targets:

  • Government organizations
  • Energy companies
  • Think tanks
  • International non-governmental organizations
  • At least one airport

Continue reading


The March/April 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Lenin and the detectives: Mobiispy stalkerware can make highly personal data collected while monitoring children and partners publicly accessible
  • Ransomware trojan LockerGoga brings companies to their knees
  • Straight talk at Facebook: when tech giants fail to meet even minimal security requirements
  • Malware straight from the factory: when Shadow Hammer strikes the supply chain

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.


The January/February 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Company networks at serious risk: recent waves of malspam have been spreading the multifunctional trojan Emotet, targeting Windows devices in particular
  • Phishing, porn, data theft: rogue apps appearing as a new and harmful type of ‘non-sellers’ on Google Play and other app stores
  • Spy Time now also available for Apple devices – Serious security vulnerabilities allow outsiders to eavesdrop on FaceTime conversations and steal passwords from Keychain in MacOS
  • Alexa home alone, nuclear attack via Nest and a new password law in California – what happens when IoT gadgets run amok?

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily spies
  • Amazon Rekognition – useful security and convenience tool or total surveillance for pennies?
  • An underestimated risk: the number of malware attacks on smartphones and tablets is exploding
  • Phishing with the stars: scammers take advantage of our celebrity obsession and the crypto craze to cause harm to users

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Meltdown and Spectre: security meltdown directly from the processor
  • Leaks, fakes and cryptocurrency hacks: business models of a different kind
  • Italianitá in the smartphone – state trojan monitors smartphone users
  • Kaspersky shut out of Lithuania as well
  • Strava leaks – fitness secrets of a different kind

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Dresscode for apps in the Google Play Store: malicious
  • Quad9 – does it offer a data protection-friendly alternative to Google DNS?
  • Uber’s customer and driver data on a highway to the Dark Net
  • An earful of espionage: when headphones become listening devices

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


1 Comment

Breaking security controls using subdomain hijacking

Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. Many of the Internet protocols were designed at a time where built-in security was not a requirement. The IETF continues to standardize protocol extensions to address today’s security needs.

For some protocols security is added with controls stored in your domain names zone file. In order to have the desired effect, the pre-condition is of course that your domain name is secure. In other words, the security of your application that makes use of controls in DNS is only as secure as the security of your domain name.

Hijacking a domain name because of weak credentials at the registrar may get the job done but this is far from stealthy and will likely not last long. In many cases it is sufficient to hijack an abandoned subdomain. Taking over abandoned subdomains may be unnoticed by the owner for a very long period of time making it also very useful for targeted attacks.

Picture 1: update.ft.com has been hijacked and the content from the ft.com front page is mirrored with a fake article about subdomain hijacking. Note: the website is not online anymore, Financial Times has been notified to remove the abandoned record from their zone file. A Certificate Transparency (CT) log proves that a TLS certificate has been issued for this demo site.

Continue reading


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Attack of the digital dolphins: hacking Alexa, Siri and their friends via ultrasound
  • The anti-antivirus programme: US government bans agencies from installing Kaspersky software on their computers
  • A hack of ‘epic proportions’ at Equifax
  • Science fiction 4.0 – how to hack a computer with a drop of saliva

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware
  • Pay a ransom for your privacy: new «extortionware» exposes its victims
  • Positive use of metadata – Cisco can detect malware activity even in encrypted network traffic
  • Successful strike against the darknet drug and weapons trade – security services bust AlphaBay and Hansa

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


The December 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Power and cybercrime – massive quantities of user data stolen in two recent hacks
  • When supposed security add-ons actually spy on your browsing habits
  • Mirai part II – botnet knocks out 900,000 Telekom routers
  • It’s not all bad news – Avalanche botnet taken down

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.