Get ready for "cybercrime as a service"!

In our interview, SWITCH security expert Serge Droz explains how he interprets these figures and what trends he sees in the cybercrime landscape.

What do you view as the stand-out events of 2015 as regards Internet security at SWITCH?
Serge Droz: On the business side, there were two things: the launch of Safer Internet and the successful formation of CH-CERTs. The former is a package of measures aimed at preventing website infections in cooperation with hosting providers, registrars and the regulator. The latter is a forum for security experts from a range of Swiss firms and government departments to meet regularly so that they can improve security together. A personal highlight from my point of view was the course I held in Rwanda as part of the TRANSITS (Training for Incident Response Staff) project. Seeing how a country is developing under completely different conditions and with a much more difficult past than Switzerland was touching and left a lasting impression on me.

What trends do you see globally in Internet crime?
Generally speaking, the cyber underground has continued to become more professional, even to the extent where we can talk about "cybercrime as a service". Cybercriminals are now specialising and offering only individual links in the value chain.

What about Switzerland?
Attacks are being tailored specifically to our country. People are using e-mails written in one of our official languages that appear to be sent by a Swiss firm. This makes our job harder because we can't call on samples from our international partners. In addition, Trojans such as Dyre show that attacks on e-banking have become even more daring. Dyre only becomes active for bank accounts containing more than half a million francs, so the damage it causes is very severe.

How do you interpret SWITCH's figures concerning the .ch domain?
Various reports and studies have shown that .ch is among the most secure top-level domains in the world. This is made possible first and foremost by the legal basis the Federal Office of Communications gave us five years ago, which allows us to deactivate misused domains at short notice. The figures prove that this procedure is working. Now we want to optimise our anti-phishing procedure as well with the help of our national and international partners.

Where, in your opinion, are the new threats SWITCH needs to combat coming from?
SWITCH wants to step up its activities to combat the misuse of domains. Domains are misused, for example, by hacking web servers to fool search engines or by setting up fraudulent online shops. We restrict ourselves to the crime of hacking – the authorities are responsible for assessing web content. In general, however, we can say that cybercriminals are driven by money, and they'll keep seeking out new strategies to get their hands on it. They won't stop taking us by surprise.

What can we do about it?
We can make it more expensive for them to stage their attacks, for example by turning off hacked servers faster. That way, attacks in Switzerland won't be worth the effort any more.