Recently published blog posts:
Go to the blog archive and browse all previous blog posts we have published so far.
Subscribe to the GovCERT.ch blog RSS feed to stay up to date and get notified about new blog posts.
Recently published whitepapers:
Subscribe to the whitepapers RSS feed to stay up to date and get notified about new whitepapers.
Report an incident: incidents[at]govcert{dot}chGeneral inquiries: outreach[at]govcert{dot}ch
The following email address can be considered as point of contact for FIRST members and other CERTs/CSIRTs:incidents[at]govcert{dot}ch
GovCERT.ch PGP-Key (preferred) Alternative GovCERT.ch PGP Key (for older versions of PGP without Curve25519 support) GovCERT.ch SMIME
Published on October 27, 2020 14:19 +0100 by GovCERT.ch (permalink) Last updated on October 27, 2020 14:19 +0100
At the time of writing this blog post (October 27 2020), the Federal Office of Public Health FOPH has announced 5’949 confirmed COVID19 infections in Switzerland within the past 24 hours. After the initial COVID19 measures imposed by the federal council this spring and lifting of these in summer, the upcoming months will probably be challenging again for all of us. However, the pandemic is not only challenging for the Swiss economic and the general public but also the healthcare sector. At the same time, cyber threats are evolving targeting individuals, small and medium business but also large organizations worldwide and in all sectors. Unfortunately, hospitals were among these victims as well, as the recent events have shown: The recent ransomware attacks against Universal Health Services (UHS), the Universitätsspital Düsseldorf in Germany or Brno University Hospital in Czech Republic. NCSC has already identified this risk shortly after the COVID19 outbreak and has extended its effort to protect the general public but also the healthcare sector from cyber threats. In this blog post we would like to give you a short overview on the actions we have taken. However, it is important to outline that NCSC relies on private public partnerships (PPP) and has no legal power to force an individual or organization to participate in our efforts or impose any security measures.
Historically, GovCERT.ch (which is part of NCSC) has a very close collaboration with participating internet service providers (ISPs) in Switzerland. In the past months, we have extended our efforts in notifying these ISPs about infected customer devices, helping them to remediate the infection with their client. We have also increased our efforts in providing them more comprehensive datasets and hence helping them to protect their clients better from cyber threats. The following chart shows the top infections we report to participating ISPs in Switzerland.
In autumn last year, NCSC/GovCERT.ch has started distributing information about hostile domains using an RPZ which allows such to do a zone transfer of our data into their own DNS resolvers and deciding whether to block, redirect or alert clients that hit a malicious domain. The response policy zone contains information about hostile domains that are being used for phishing attacks, malware downloads (these days typically Emotet) and Command and Control server communication (C&C). Today, 12 critical infrastructures and ISPs are using the RPZ zone transfer protecting a user base of several hundred thousand users.
In May 2020, NCSC/GovCERT.ch has introduced a secure DNS resolver which is provided to organizations in the healthcare sector free of charge. The DNS resolver acts as a DNS firewall (RPZ) and provides additional protection against hostile domain names such as malware and phishing sites, but also such that are being used for botnet Command and Control (C&C). As of today, 5 hospitals and one healthcare organization are using the DNS resolver service to secure their internet access.
What does this mean for you?
Contact: outreach [at] govcert {dot} ch
Back to top
