Swiss Semi Annual Information Assurance Report H1 2011

File uploaded by wkandek on Nov 2, 2011Last modified by wkandek on Nov 2, 2011
Version 3Show Document
  • View in full screen mode

The attached report by the Swiss Federal Intelligence Service is a good overview of the events in the Computer Security space for H1 2011. It lists the main data breaches and attacks that have happened and provides some analysis and advice.


I like it for its clear format and emphasis on some of the conclusions:


- 3.3. Drive-by-infections - Most popular infection vector for malware

Comment: Malware plays an important role in the extrusion of data from networks, corporate or private. However there is less agreement on how the malware actually gets on the computer. Microsoft recently published research on what mechanisms malware uses to propagate and stated the majority of malware depends on user interaction (i.e. click on something, open an attachment, etc)  closely followed by AUTORUN infections (USB and Network shares). The Swiss indicate here that the Drive-by vector is the most common, i.e. users get infected by browsing websites that attack browser or plug-ins flaws, something that "Software Hygiene" can address with tools that are as simpel to use as our BrowserCheck.


- 4.5. Hacking victim RSA - Companies fear for their secuirty

Comment: this is one of the more frank analysis that I have seen on the subject, and it raises that some questions on the apparent ease that the attackers had in their attack in getting into the network and extracting some of the data. This confirms soem of our analysis where we have shown that the malware could be deflected by employing a number of security practices, for example:

  • running as non-admin
  • activating the OS included DEP feature
  • running a newer version of MSFT Office
  • limiting active content
  • filtering outboudn traffic


Overall an interesting compilation of cases and bonus: the report is in English.


Original download: