Enjoying our content? Subscribe:
Top 10 Cybersecurity Breaches in Switzerland
Learn about the state of cybersecurity in Switzerland and the 10 biggest breaches in this country.
The increasing number of ransomware hacking attacks across the world makes more and more countries consider, implement and continually update security guidelines and data safety practices in cybersecurity. Switzerland is not an exception: according to the most recent statistics by Check Point Research, the annual number of cyberattacks within the country increased by 65% in 2021.
As you might know, the core security focus in Switzerland is targeted at data protection, which is plain better than anywhere else in the world. Moreover, the country was among the earliest to have implemented the Federal Act on Data Protection of June 19, 1992 (DPA) and its ordinances. Also, Switzerland is compliant with the EU GDPR – the official regulation on data protection and privacy.
But, security is not solely related to data protection: it's also the practice of protecting systems, networks, and programs from various types of digital attacks. One of the most efficient methods of resisting the latest cyber attacks is to learn about the high-profile breaches that occurred within a certain region or industry. So, in this article, we're going to analyze the details of the most infamous cyberattacks in Switzerland, uncovering how they happened and what measures were taken by the affected entities.
As you might know, the core security focus in Switzerland is targeted at data protection, which is plain better than anywhere else in the world. Moreover, the country was among the earliest to have implemented the Federal Act on Data Protection of June 19, 1992 (DPA) and its ordinances. Also, Switzerland is compliant with the EU GDPR – the official regulation on data protection and privacy.
But, security is not solely related to data protection: it's also the practice of protecting systems, networks, and programs from various types of digital attacks. One of the most efficient methods of resisting the latest cyber attacks is to learn about the high-profile breaches that occurred within a certain region or industry. So, in this article, we're going to analyze the details of the most infamous cyberattacks in Switzerland, uncovering how they happened and what measures were taken by the affected entities.
#1 Data of 800,000 Swisscom Customers Compromised As a Result of Breach
Swisscom, the biggest telecom company in Switzerland, reported a massive data breach that occurred in autumn 2017. As a result of this incident, over 800,000 customers may be compromised – that's nearly 10% of the entire population of Switzerland. Due to the investigation details, the attackers have gained access rights of a sales partner, but the third-party company in question has not been named.
The investigation has shown that the data accessed mainly included the first and last names, dates of birth, and telephone numbers of Swisscom customers. This contact information is believed to be leaked on the public domain or darknet. According to the Federal Act on Data Protection, this kind of personal data is classed as "non-sensitive", as no passwords or payment data was affected. Along with that, Swissland reported about the advancements in the security sector to prevent similar breaches from occurring in the future, such as two-factor authentication for all data access requests and an automated ban of high-volume queries for all customer information.
The investigation has shown that the data accessed mainly included the first and last names, dates of birth, and telephone numbers of Swisscom customers. This contact information is believed to be leaked on the public domain or darknet. According to the Federal Act on Data Protection, this kind of personal data is classed as "non-sensitive", as no passwords or payment data was affected. Along with that, Swissland reported about the advancements in the security sector to prevent similar breaches from occurring in the future, such as two-factor authentication for all data access requests and an automated ban of high-volume queries for all customer information.
#2 Swiss Drug and Technology Maker Roche Has Become a Victim of Targeted Cyberattacks
In July 2019, several European technology companies – including Marriott, Lion Air, Siemens, BASF, Henkel, and Roche – reported that they've been affected by targeted cyberattacks. Due to the investigation details, the hackers, which allegedly originated in China, leveraged a malware variant known as Winnti – the software that enables remote access to victims' computers.
The analysis of the code used in the attack bears hallmarks of a hacking group that has ties to the Chinese government. It is known that this group became active in 2010, initially targeting gaming companies, and has since expanded its target base. Typically, it uses stolen certificates to sign the malware and is designed to seek specific processes on the victim's computer to run the malicious code. The officials said there's no evidence of data theft or third-party data compromise.
The analysis of the code used in the attack bears hallmarks of a hacking group that has ties to the Chinese government. It is known that this group became active in 2010, initially targeting gaming companies, and has since expanded its target base. Typically, it uses stolen certificates to sign the malware and is designed to seek specific processes on the victim's computer to run the malicious code. The officials said there's no evidence of data theft or third-party data compromise.
#3 SITA, Global Air Transport Giant, Confirmed a Security Breach
SITA, one of the largest aviation IT companies, serving around 90% of the world's airlines, in March 2021 issued an official statement, according to which the company has confirmed a security breach. Initially, the company claimed that certain passenger data stored on its .S. servers had been accessed by cybercriminals.
The issue was identified on the evening of March 5th, people noticed they couldn't log into their BA accounts through their membership number. Also, some users reported difficulties resetting their passwords using Chrome.
SITA's Data Protection Officers have informed all the affected organizations and PSS customers about the incident, as well as provided clear instructions on what measures should be taken or are already taken regarding this server attack.
The issue was identified on the evening of March 5th, people noticed they couldn't log into their BA accounts through their membership number. Also, some users reported difficulties resetting their passwords using Chrome.
SITA's Data Protection Officers have informed all the affected organizations and PSS customers about the incident, as well as provided clear instructions on what measures should be taken or are already taken regarding this server attack.
#4 Swiss Consumer Outlet Was Affected by a Massive Cyberattack
In July 2021, Swiss online consumer outlet Comparis filed a criminal complaint about a ransomware attack, the result of which some of its technology systems were blocked. According to the official sources, the analysis has uncovered that criminals managed to get access to certain customer-relevant information, and the investigation outcomes confirmed that some of the consumer data were stolen. The company also reassured that all the potentially affected customers had been informed and suggested changing their passwords, as a precaution.
Comparis also indicated that after the breach, their website – which enables visitors to compare prices for goods and services – is working in the usual mode, but there can be specific limitations for the login through email and consumer hotline because of the durable recovery process.
The identity or location of the cyber attackers is not known and the ransom demand took the form of a URL implanted in a secure area of the IT system. Comparis has filed a criminal complaint about the attack.
Comparis also indicated that after the breach, their website – which enables visitors to compare prices for goods and services – is working in the usual mode, but there can be specific limitations for the login through email and consumer hotline because of the durable recovery process.
The identity or location of the cyber attackers is not known and the ransom demand took the form of a URL implanted in a secure area of the IT system. Comparis has filed a criminal complaint about the attack.
#5 Personal Data & Documents of Swiss Town Residents Leaked to Darknet After a Data Breach
Another data breach was reported by a Swiss town Rolle in August 2021. It occurred as a result of a ransomware attack, affecting the personal details of all its 6,200 inhabitants, whose data was stolen by hackers. The threat actors managed to compromise some of the administrative servers and exfiltrated sensitive documents.
It's also worth mentioning that during the initial announcement of a data breach, it was said that the attackers stole only small amounts of data and that all the information had been restored from backup copies. The town administrative chief also stressed that the affected data "did not contain any sensitive municipal data".
However, after a while, gigabytes of data were stolen from Rolle's Vaudois community and posted on the darknet. According to the investigation published in Le Temps daily, the experts indicated the documents as "personal and extraordinarily sensitive". But, the city administration presumably knew "nothing" about that information.
It's also worth mentioning that during the initial announcement of a data breach, it was said that the attackers stole only small amounts of data and that all the information had been restored from backup copies. The town administrative chief also stressed that the affected data "did not contain any sensitive municipal data".
However, after a while, gigabytes of data were stolen from Rolle's Vaudois community and posted on the darknet. According to the investigation published in Le Temps daily, the experts indicated the documents as "personal and extraordinarily sensitive". But, the city administration presumably knew "nothing" about that information.
#6 ProtonMail Service Amends Its Policy After Giving Up an Activist's Data
The email service was reported to be unable to appeal a Swiss court's demand to log the IP address of a French climate advocate, as it became known in September 2021. This move strongly contradicts the company's privacy-centric policies, the most recent version of which states: "By default, we do not keep any IP logs which can be linked to your anonymous email account."
Once the client's metadata was exposed to Swiss authorities, ProtonMail removed this section from their guidelines, replacing it with a more generic statement: "ProtonMail is an email that respects privacy and puts people (not advertisers) first." In addition to the misleading if technically correct reference to the "default" logging policy, ProtonMail pledged to encourage activists to use the Tor network, the tool used to obfuscate the users' IP addresses.
Apart from that, the service has stated that although its user's IP address and browser fingerprint were collected by Swiss authorities acting on behalf of Interpol, the company's guarantees of email content privacy were not breached. The service employs end-to-end encryption and does not possess the key for data encryption: the only information available through the server, according to the SMTP protocol, includes email sender, email recipient, and message timestamps.
Once the client's metadata was exposed to Swiss authorities, ProtonMail removed this section from their guidelines, replacing it with a more generic statement: "ProtonMail is an email that respects privacy and puts people (not advertisers) first." In addition to the misleading if technically correct reference to the "default" logging policy, ProtonMail pledged to encourage activists to use the Tor network, the tool used to obfuscate the users' IP addresses.
Apart from that, the service has stated that although its user's IP address and browser fingerprint were collected by Swiss authorities acting on behalf of Interpol, the company's guarantees of email content privacy were not breached. The service employs end-to-end encryption and does not possess the key for data encryption: the only information available through the server, according to the SMTP protocol, includes email sender, email recipient, and message timestamps.
#7 MCH Group, Swiss Events Organizer and Marketing Company, Was Hit by Cyberattack
In October 2021, the largest Swiss events organizer reported a security breach that occurred as a result of a malware attack. The company is known for an array of art fairs such as Art Basel, Miami Beach, and Hong Kong, as well as the watch show Baselworld and various events devoted to cars, construction, and motorbikes.
Regardless of the security breach, the company has reassured its clients that current and forthcoming exhibitions and events will still go ahead as planned.
Once the breach was discovered, the internal ICT specialists, together with other external experts and the federal authorities, analyzed the damages and filed criminal damages.
This security breach is believed to be a part of a massive wave of cyberattacks taking place in Switzerland at that time when dozens of companies of different sizes and industries started discovering the cyber invasion of different types.
Regardless of the security breach, the company has reassured its clients that current and forthcoming exhibitions and events will still go ahead as planned.
Once the breach was discovered, the internal ICT specialists, together with other external experts and the federal authorities, analyzed the damages and filed criminal damages.
This security breach is believed to be a part of a massive wave of cyberattacks taking place in Switzerland at that time when dozens of companies of different sizes and industries started discovering the cyber invasion of different types.
#8 Credit Suisse Leak Unmasks Criminals, Fraudsters & Corrupt Politicians
In February 2022, one of the world's biggest private banks, Credit Suisse, exposed thousands of client files, uncovering the hidden wealth of clients involved in torture, drug trafficking, money laundering, corruption, and other serious crimes. According to the official sources, the massive leak reveals nearly 30,000 owners of 100 bn Swiss francs held in the Swiss bank.
It is believed that Credit Suisse repeatedly either opened or maintained bank accounts for a panoramic array of high-risk clients across the world. However, the bank itself "strongly rejects the allegations and inferences about the bank's purported business practices", which was clearly stated in their official report. Moreover, Credit Suisse also claimed that the allegations were largely historical, in some instances dating back to a time when "laws, practices, and expectations of financial institutions were very different from where they are now". Obviously, some of the accounts leaked were open as far back as the 1940s, but more than two-thirds are dated after 2000 and remain open today.
Apart from Credit Suisse's reputation, this data leak could affect the base institution of trust in the Swiss financial institutions.
It is believed that Credit Suisse repeatedly either opened or maintained bank accounts for a panoramic array of high-risk clients across the world. However, the bank itself "strongly rejects the allegations and inferences about the bank's purported business practices", which was clearly stated in their official report. Moreover, Credit Suisse also claimed that the allegations were largely historical, in some instances dating back to a time when "laws, practices, and expectations of financial institutions were very different from where they are now". Obviously, some of the accounts leaked were open as far back as the 1940s, but more than two-thirds are dated after 2000 and remain open today.
Apart from Credit Suisse's reputation, this data leak could affect the base institution of trust in the Swiss financial institutions.
#9 Novartis International AG Reported a Massive Cyberattack: No Data Were Compromised
In June 2022, it became known that certain data from Novartis, a Swiss pharma company, was allegedly stolen and posted on the darknet. The responsibility for this attack was taken by Industrial Spy, a hacking group that runs an extortion marketplace selling stolen data. The hackers claimed to have stolen data from the "laboratory environment of the manufacturing plant", according to the description of the stolen data.
Industrial Spy offered to sell the data, a few files only 7.7 MB in size, for $500,000 in bitcoins, though it's still not clear whether Novartis is going to accept that proposal. Moreover, there's no guarantee that the data is not copied or leaked after the criminals get the claimed costs.
The detailed investigation has shown that the data were likely stolen on February 25. The drugmaker has also reassured the press that no sensitive data has been compromised. In response to these kinds of threats, the company has also announced a list of precautions and improvements to enhance the security of the internal data.
Industrial Spy offered to sell the data, a few files only 7.7 MB in size, for $500,000 in bitcoins, though it's still not clear whether Novartis is going to accept that proposal. Moreover, there's no guarantee that the data is not copied or leaked after the criminals get the claimed costs.
The detailed investigation has shown that the data were likely stolen on February 25. The drugmaker has also reassured the press that no sensitive data has been compromised. In response to these kinds of threats, the company has also announced a list of precautions and improvements to enhance the security of the internal data.
#10 Red Cross Cyberattack Compromised Data of Over 515,000 People
According to the CNN announcement of January 2022, the International Committee of the Red Cross (ICRC) fell victim to a massive cyberattack, as a result of which the personal data of more than 515,000 "highly vulnerable people" has been compromised. It is known that the compromised data came from at least 60 of the "national societies," or networks of volunteers and staff, around the world that the Red Cross uses as first responders to disasters. A former cyber warfare adviser at Red Cross headquarters in Geneva stated that the incident seems to be the largest and most sensitive breach in the history of ICRC.
The hack has forced the Red Cross to shut down IT systems that support a program that reunites families separated by conflict, migration, or disaster, the humanitarian organization said. It is known that the hack targeted one of the main Switzerland-based contractors that the Red Cross pays to store its data, but the organization didn't name the exact firm which was affected. It was also unclear who was standing behind this attack.
The hack has forced the Red Cross to shut down IT systems that support a program that reunites families separated by conflict, migration, or disaster, the humanitarian organization said. It is known that the hack targeted one of the main Switzerland-based contractors that the Red Cross pays to store its data, but the organization didn't name the exact firm which was affected. It was also unclear who was standing behind this attack.
Conclusion
It's nearly impossible to predict the upcoming cyberattack, as well as when and how it can occur. However, learning more from the high-profile cybersecurity cases may surely come in handy while strengthening the company's digital security. We hope that these cases have helped you to improve your awareness of the large-scale cyberattacks in Switzerland, and provided you with some valuable insights on how to enhance the performance of your business today.
As far as you can see, even well-established companies can become victims of a cyberattack. In order to ensure the security of your software, make sure to contact CyberLands, so we would perform API penetration testing of your IT infrastructure and help to enhance your cybersecurity strategy.
As far as you can see, even well-established companies can become victims of a cyberattack. In order to ensure the security of your software, make sure to contact CyberLands, so we would perform API penetration testing of your IT infrastructure and help to enhance your cybersecurity strategy.
Cyberlands.io Team