Swiss Banks and Municipalities Hit by Cyberattack

Briefing Document: Cyberattack on Swiss Institutions

Date: 22nd January 2025

Subject: Analysis of Cyberattack on Swiss Municipalities and Banks

Source: "Several Swiss municipalities and banks hit by cyberattack - SWI swissinfo.ch" published 21st January 2025

1. Executive Summary

This briefing document outlines the key details surrounding a recent cyberattack targeting Swiss municipalities and banks. The attack, believed to be perpetrated by the Russian hacker group NoName, involved Distributed Denial-of-Service (DDoS) attacks. The attack is notable for its timing during the World Economic Forum (WEF) in Davos, suggesting a deliberate attempt to disrupt or draw attention to Swiss institutions during a period of heightened international focus.

2. Key Findings

• Nature of Attack: The attacks were identified as DDoS attacks. The article explains, "According to the cyber security office, DDoS attacks consist in overloading websites and applications with targeted requests, so that they are no longer accessible." Crucially, the report states there was "no data leakage during such attacks," meaning the goal appears to have been disruption rather than data theft.
• Attribution: The cyber security office and news reports attribute the attacks to "the Russian hacker group NoName". This points to a potential geopolitical element and suggests the possibility of state-sponsored or state-aligned activity.
• Targets: The attacks hit a range of targets, including:
• Cantonal banks of Zurich and Vaud
• Municipalities of Adligenswil, Kriens, and Ebikon in Lucerne.
• Motivation: The attack is described as a "quasi-demonstration online; they want to attract attention," according to the cyber security office. This highlights the attack as potentially motivated by disruption and publicity, rather than financial gain.
• Timing: The attack occurred during the week of the World Economic Forum (WEF) in Davos. The National Cyber Security Centre had anticipated such attacks during this period. This indicates a likely intention to gain maximum attention and potentially disrupt Swiss infrastructure and/or institutions at a high-profile moment.
• Precedent: The same hacker group previously "paralysed several federal government websites in June 2023," suggesting a persistent and possibly escalating threat.

3. Impact and Implications

• Disruption: The immediate impact of the DDoS attacks was the inaccessibility of the affected websites and applications, hindering public access to online services. While the article indicates no data leakage, the disruption can still have a significant impact on the functioning of local institutions and public trust in the systems.
• Security Concerns: The attack underscores Switzerland’s vulnerability to cyber threats, despite its advanced technological infrastructure. The fact that the National Cyber Security Centre had anticipated attacks suggests a growing awareness of these risks, but also suggests further security enhancements might be needed.
• Geopolitical Context: The attribution of the attack to a Russian hacker group adds a geopolitical dimension. The attack could be seen as a symbolic gesture of protest or a challenge to Switzerland's neutrality and international role.
• Escalating Threat: The repetition of attacks by the same group suggests a need for enhanced vigilance and improved cyber defence strategies.
• Public Awareness: The mention in the article of a need for "more in-depth articles" points to a demand for more information and a deeper understanding of this threat amongst the public.

4. Quotes from Source

• "For the hackers, it’s a quasi-demonstration online; they want to attract attention"
• "According to the cyber security office, DDoS attacks consist in overloading websites and applications with targeted requests, so that they are no longer accessible. There is no data leakage during such attacks."
• "The Russian hacker group NoName is believed to be responsible for these so-called Distributed Denial-of-Service (DDoS) attacks."
• "The same group of hackers paralysed several federal government websites in June 2023."

5. Conclusion

The recent cyberattack on Swiss municipalities and banks serves as a stark reminder of the increasing sophistication and prevalence of cyber threats. The attacks, attributed to the Russian hacker group NoName, were not intended to result in data leakage, but they did disrupt important online services at a crucial time. The timing of the attack during WEF, along with the previous attacks by the same group, suggests the Swiss government needs to improve cyber security measures to protect public and private institutions. The article highlights the need for more in depth analysis on the issue and points to the public interest in understanding the threats.

6. Further Actions

• Monitor for any further developments and updates regarding the attack and potential countermeasures.
• Consider the wider implications of the cyber threat to Swiss institutions, particularly those relating to critical infrastructure.
• Assess the potential for increased international cooperation to address geopolitical cybersecurity risks.
• Explore the need for more in-depth reporting of cyber threats to the public.

This document is intended to provide a summary of key information and should be used as a basis for further analysis and discussion.

https://www.swissinfo.ch/eng/workplace-switzerland/several-swiss-websites-hit-by-cyber-attack/88756130