Cyberattacks against Swiss institutions and firms, like the RUAG defence contractor hack reported earlier this month, are extremely frequent, according to specialists at a Lausanne cyber security conference. Many attacks are automated and generally planned and executed by engineers, not hackers, they claim.
Switzerland is particularly vulnerable to cyberattacks because of its high-tech infrastructure and financial services sector. A report published in 2015 by the professional service company, KPMG, stated that Swiss companies suffered losses of over CHF200 million ($201 million) due to cybercrime in 2014.
“You are attacked all the time, but you just don’t know it,” declared Ralph Langner, a well-known Germany cyber security expert. He was one of the speakers at the Swiss Cyber Risk Research conference, held at the Federal Institute of Technology in Lausanne (EPFL) on Friday.
At the beginning of May, Swiss newspapers Tages-Anzeiger and The Bund reported that hackers from Russia had broken into RUAG’s database. The private defence contractor, which specialises in civil and military aviation, munitions, defence systems, aerospace and metallurgy technologies, maintains close ties with the Swiss federal authorities, notably supplying the Swiss army.
RUAG denies that any sensitive data was stolen. A government task force was nonetheless created to look into the affair and the public prosecutor opened a criminal investigation on suspicion of industrial espionage.
Specialists at the Lausanne conference said they were not surprised by the RUAG affair.
"They do it as they can”
“Why should Switzerland not be an interesting place for attacks?” asked digital security entrepreneur André Kudelski of the Swiss-based Kudelski Group.
He hazarded that RUAG or the Swiss authorities might be sharing data with other firms or countries, which might have been of interest to the attackers.
“It’s a case of ‘why not look into the Swiss safe?’ It’s all part of a systematic approach,” said Kudelski.
“Everyone is caught in the net at some point,” said Langner, who has analysed and identified the “Stuxnet” computer worm that blocked Iranian centrifuges used to enrich uranium.
“Everything gets attacked. Basically they do it as they can.”
Once a server and IT infrastructure are in place, the extra costs of further cyberattacks are minimal, he said.
“It’s automated these days. Criminals get data, store it, and do big data analytics,” he added. “But we are no longer talking about individual hackers pinpointing targets. Over the past couple of years we are seeing wholescale espionage.”
According to the Swiss news report, Russia is suspected of being behind the computer attacks against RUAG. The Russian embassy in Bern has not commented on the issue.
Last week the German BfV intelligence agency accused Russia of a series of international cyber-attacks aimed at spying and sabotage, in “hybrid warfare” that also targeted the German parliament last year.
The operations cited by the BfV intelligence agency ranged from an aggressive attack called Sofacy or APT 28 that hit NATO members and knocked French TV station TV5Monde off air, to a hacking campaign called Sandworm that brought down part of Ukraine’s power grid last year.
Swiss specialists at the EPFL conference refused to point the finger solely at Russia.
“I don’t want to single out Russia, but it does have the technical means to launch these kinds of attacks which are sponsored by ex-intelligence officials,” declared Virgil Dorin Gligor, an IT security professor at Carnegie Mellon University.
Corruption is the key factor, most agreed.
Mobile criminal networks
The US Securities and Exchange Commission (SEC) announced earlier this week that cyber security is the biggest risk facing the financial system. Banks around the world have been rattled by a $81 million (CHF80.3 million) cyber theft from the Bangladesh central bank that was funnelled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.
“99% of attacks are motivated by financial interest and there is a strong link between active criminals from other areas. These are people who often deal in weapons or drugs,” said Kudelski.
“They distribute work in their networks. There was a recent case with the head of a group in the Middle East financing hardware developed in the Far East with R&D experts in Russia to target Latin America. There is an incredible diversity of nationalities. And one of the most important elements is that they are extremely mobile. If there is a change of legislation, they just move to where they can operate from.”
Swiss Cyber Risk Research conference
The EPFL conference in Lausanne on May 20 was organised by the Swiss State Secretariat for Education, Research and Innovation (SERI). Around 300 specialists and academics attended.
The secretariat is responsible for coordinating research as part of Switzerland’s national strategy against cyber risks, adopted in 2013.
The conference was the official launch of a so-called Swiss Cyber Research Initiative. Swiss officials hope to build a community of researchers, specialists and firms working in this specialist field of cybersecurity and big data. It wants participants to share ideas and important research and to create a database outlining who is doing what and where in the field of cyber risk research.