SWITCH security expert Serge Droz discusses cybercrime in 2015.
SWITCH's statistics reveal that the number of malware infections concerning the top-level domains .ch and .li (Liechtenstein) fell sharply from 1,839 in 2014 to 698 in 2015. The threat from phishing remained at a similar level, with 329 cases in 2015 after 323 the year before.
In our interview, SWITCH security expert Serge Droz explains how he interprets these figures and what trends he sees in the cybercrime landscape.
What do you view as the stand-out events of 2015 as regards Internet security at SWITCH?
Serge Droz: On the business side, there were two things: the launch of Safer Internet and the successful formation of CH-CERTs. The former is a package of measures aimed at preventing website infections in cooperation with hosting providers, registrars and the regulator. The latter is a forum for security experts from a range of Swiss firms and government departments to meet regularly so that they can improve security together. A personal highlight from my point of view was the course I held in Rwanda as part of the TRANSITS (Training for Incident Response Staff) project. Seeing how a country is developing under completely different conditions and with a much more difficult past than Switzerland was touching and left a lasting impression on me.
Cybercriminals are now specialising and offering only individual links in the value chain.
What trends do you see globally in Internet crime?
Generally speaking, the cyber underground has continued to become more professional, even to the extent where we can talk about "cybercrime as a service". Cybercriminals are now specialising and offering only individual links in the value chain.
What about Switzerland?
Attacks are being tailored specifically to our country. People are using e-mails written in one of our official languages that appear to be sent by a Swiss firm. This makes our job harder because we can't call on samples from our international partners. In addition, Trojans such as Dyre show that attacks on e-banking have become even more daring. Dyre only becomes active for bank accounts containing more than half a million francs, so the damage it causes is very severe.
Various reports and studies have shown that .ch is among the most secure top-level domains in the world.
How do you interpret SWITCH's figures concerning the .ch domain?
Various reports and studies have shown that .ch is among the most secure top-level domains in the world. This is made possible first and foremost by the legal basis the Federal Office of Communications gave us five years ago, which allows us to deactivate misused domains at short notice. The figures prove that this procedure is working. Now we want to optimise our anti-phishing procedure as well with the help of our national and international partners.
Where, in your opinion, are the new threats SWITCH needs to combat coming from?
SWITCH wants to step up its activities to combat the misuse of domains. Domains are misused, for example, by hacking web servers to fool search engines or by setting up fraudulent online shops. We restrict ourselves to the crime of hacking – the authorities are responsible for assessing web content. In general, however, we can say that cybercriminals are driven by money, and they'll keep seeking out new strategies to get their hands on it. They won't stop taking us by surprise.
We can make it more expensive. That way, attacks in Switzerland won't be worth the effort any more.
What can we do about it?
We can make it more expensive for them to stage their attacks, for example by turning off hacked servers faster. That way, attacks in Switzerland won't be worth the effort any more.