What are the criteria for TCS

Cyber ​​attack - breakdown at the breakdown service - hackers paralyze TCS mail accounts

Breakdown at the breakdown service - hackers paralyze TCS mail accounts

The hacking attack on an oil pipeline startled the United States. In Switzerland, too, hundreds of companies were hacked within a few weeks - and the TCS.

«Complete sander shop. Inquiries via e-mail are not processed for several days, then the message comes that you will contact us as soon as possible. (…) The breakdown service is good, administration is bad, ”wrote a user named Riemensperger about the Touring Club Switzerland (TCS) on April 7th on the online rating platform Trustpilot.

Petra S. (name changed) was also angry about the TCS. Shortly before Easter she was at TCS Camping Muzzano near Lugano. “When we arrived there was chaos. At the reception they no longer had access to their data. They told us they had been hacked and now do not know who has booked and who has not, ”she says. To mitigate the onslaught, the campsite operators have installed a “fully booked” sign at the entrance.

The largest mobility club in Switzerland with 1.5 million members does not want to confirm or deny the hacker attack. “We had a problem with Microsoft Exchange (Mail) about two weeks ago, but it was quickly resolved. TCS services were available at all times, ”writes the media office. More can not be elicited even after repeated inquiries.

Employees “massively” restricted in their work

If you ask around among TCS employees, you will quickly notice that this is not just an everyday problem. Employees had no access to their data for several weeks. The restrictions at work were "massive" and certain problems have not been resolved to this day. The workforce was not informed of the exact reasons for the IT problems. At TCS, behind closed doors, one speaks of a hacker attack including a ransom demand.

The breakdown at TCS fits in well with the time window in which hackers successfully attacked companies in Switzerland. On March 2, Microsoft announced for the first time about a security gap in the Exchange server, Microsoft's e-mail system. Through this gateway there were worldwide attacks with encryption Trojans (so-called ransomware). Thanks to the vulnerability, attackers were able to hijack entire servers with relatively little effort. This enabled them to view emails, contacts or appointments, for example. And do further damage with this information.

Incidents with ransomware are among the events with the greatest damage potential, because operational failures and recovery cause high costs and, in the worst case, lead to complete data loss. In addition, the attackers often demand high ransom money for the decryption of the data.

As early as March 9, the National Cybersecurity Center (NCSC) warned: "Unfortunately, we have knowledge of several hundred organizations in Switzerland that have been successfully attacked." The NCSC wrote directly to over 3000 companies.

"Attacks with ransomware have recently increased in terms of number and quality," says IT expert Marc Ruef. He and his company Scip hack into organizations professionally. The risk is still underestimated: “Many companies believe that they will not be affected. However, the past has shown that such attacks can, in the worst case, drive companies to bankruptcy. "

Cybercrime has become a business. "In ransomware attacks, monetary needs, i.e. the payment of ransom, are the focus." But you shouldn't pay, emphasizes Ruef: “One payment can only save you time. Namely until the next claim, which is usually doubled. " Instead, you should isolate the affected systems, identify the gateways, and restore the previously set up data backups.

Cyber ​​security neglected

Ruef considers it plausible that critical infrastructure such as electricity or telecommunications networks are being attacked in Switzerland. "The topic of cybersecurity has been neglected and risks are naively underestimated." This is all the more tragic as Switzerland is known for a large number of innovative cybersecurity companies that do not have to fear international comparison.

Ruef sees it as positive that Thomas Süssli, a cyber-savvy army chief, is in office. He is also receiving support from Defense Minister Viola Amherd in his digitization plans. That is a good constellation, says Ruef.

Ransomware, malware and DDoS: these types of cyberattacks exist

Cyber ​​attacks start at different points. These are the most common methods:

Malware: This is malicious software. These include viruses or Trojans that are sent as attachments to e-mails.

Ransomware: Attackers use this software to try to gain access to a network and extort a ransom, for example by threatening to delete or encrypt data.

Phishing: This includes e-mails that link to bogus websites on which information is requested. Fraudsters want to gain access to sensitive data such as credit card details.

DDoS: The abbreviation stands for “Distributed Denial of Service”. Attackers overload networks or websites in a very rudimentary way by making as many requests as possible at the same time.

Spam emails: Perhaps the most well-known nuisance since there was email. Spam is understood to mean messages that users receive undesirably and that contain annoying or promotional content. (ehs)