infoguard-targeted-attacks-on-swiss-companies

Warning ‒ Targeted attacks on Swiss companies

In Switzerland, a wave of highly targeted attacks on medium-sized and large companies has been raging for several weeks now. The ransoms demands range from CHF 19,000 to CHF 5,655,000. To make sure you do not fall for these, our cyber security experts have documented the typical, frequently identical method for you:

How the attackers work

  1. Phishing e-mails, some of which are very elaborately faked, tempt employees to open an infected attachment or click on a malicious link. Alternatively, the attackers will gain access to exposed terminal servers. These are accessible via the Internet.

  2. This gives the attacker control over the equivalent endpoint in the victim's internal network.

  3. From here, the attacker moves through the network, much like some APT groups do. He increases his privileges until he has a domain administrator account.

  4. Once he has this account, the attacker moves on to the domain controller and there re-checks to see what other end devices he has access to. The entire user database is also extracted from the domain controller. This means that at a later point in time, the attacker is able to gain access once more to the victim's network unless the right countermeasures are taken.

  5. Starting from the domain controller, the attacker distributes and runs encryption malware on key corporate servers and clients. A message then appears on the affected computers asking the victim to contact the blackmailer.

The malware used by attackers varies from case to case. Some of the cases investigated have shown a combination of several of the following malware products:

  • Emotet
  • Trickbot
  • Ryuk
  • Cobalt Strike
  • Metasploit
  • MegaC0rtex
  • QBot

What can you do about it?

To prevent incidents such as these, it is imperative that every employee is trained in how to use the IT infrastructure securely, specifically e-mails and their attachments, such as Word documents with macros. This is why every company should take appropriate security awareness measures. It is the only way to stop an incident at an early stage.

Our InfoGuard Cyber Defence Center also helps you to react promptly and interrupt the chain of attack before significant damage can occur.

InfoGuard provides you with fast, competent and experienced support when a security incident occurs!

These days, no one is safe from cyber-attacks ‒ it can happen to you at any time. If you are afraid that you will also be affected, contact us in advance in order to avoid the most serious damage. Our experienced specialists in the Cyber Defence Center take care of you ‒ 24/7. If you have an Incident, please contact us!

Report an incident

<< >>

Cyber Defence , Cyber Risks

Mathias Fuchs
About the author / Mathias Fuchs

InfoGuard AG - Mathias Fuchs, Head of Investigation & Intelligence

More articles from Mathias Fuchs


Related articles
Dynamite Phishing ‒ Emotet can forge e-mails almost perfectly
Dynamite Phishing ‒ Emotet can forge e-mails almost perfectly

Since autumn 2018, the malware «Emotet» has been collecting stored Outlook e-mails on every infected system. [...]
Phishing – why responsiveness is just as important as prevention
Phishing – why responsiveness is just as important as prevention

If you are a regular reader of our blog, you will have noticed that we are always preaching the need for [...]
EDR: how to quickly respond and resolve security incidents
EDR: how to quickly respond and resolve security incidents

This is already the third and final article of our Endpoint Detection & Response (EDR) blog series. This time [...]
Cyber Security Blog

The InfoGuard Cyber Security Blog informs you regularly about news and detailed reports from the world of Cyber Security and Cyber Defence.

Blog update subscription
Social Media
infoguard-cyber-security-phishing-poster-en