[BreachExchange] Switzerland: Citizen and municipality data published on Darknet

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Wed Sep 1 08:48:02 EDT 2021


https://marketresearchtelecast.com/switzerland-citizen-and-municipality-data-published-on-darknet/142498/

At the end of May, the municipal administration of the tranquil town of
Rolle in French-speaking Switzerland was the victim of a cyber attack. This
became known to the public recently through research on the news portal
watson.ch. The result of the attack: The data of all residents and other
documents have been quite easy to find on the Darknet since mid-June,
according to Watson.

Numerous sensitive data stocks now in the Darknet

The news portal reports of a “massive data leak” and a “large amount of
internal and confidential documents” that are accessible on the Darknet.
Several media outlets investigated and found, in addition to detailed
personal data on residents and those of community employees and companies,
the Outlook mailboxes of the former mayor and the head of administration as
well as documents on the community’s financial planning.

Even certificates with school grades from schoolchildren and information
from children who were infected with the coronavirus can now be found on
the Darknet. The annual assessments and comments can be seen from the
community employees, writes the NZZ. Presumably, according to Watson, the
criminals were able to access a server in the community for a long time and
extract large amounts of data unnoticed.

The city council of Rolle initially claimed to Watson that it had no
knowledge of a cyber attack, writes the news portal. Confronted by Watson
with documents from the Darknet, the local government initially refused to
comment. Then, last weekend, Mayor Monique Choulat-Pugnale finally admitted
to the Vaud daily 24 heures that she had discovered a break in her IT
systems at the end of May.

Mayor: “Minor attack”, no ransom paid

Cyber criminals entered the community’s computer network via ransomware
attacks – presumably through a vulnerability in the operating system. The
mayor stressed that the community had not paid a ransom. But it was only a
“minor attack”. Only e-mails that contained “no sensitive data” were
hacked, the president said. According to 24 heures, the mayor is also
responsible for the IT systems of the community in Rolle. In a press
release, the community finally announced that it had completely restored
the data from current backups. But that was apparently difficult because
the perpetrators had encrypted data on some administration servers and
prevented access.

With the support of the Federal Computer Emergency Center (GovCERT), the
Cantonal Police of Vaud and a specialized company, the IT systems were
restored. However, this took ten days. Meanwhile, according to media
reports, the community withheld the scope of the incident from the public –
“on the advice of cybersecurity experts and in order not to increase the
community’s vulnerability”.

Cyber criminals likely took advantage of “PrintNightmare” vulnerability

An IT specialist turned to Le Temps and reported that he had discovered an
Excel table on the Darknet with the sometimes sensitive data of 5393
residents of the community. The newspaper then exposed the full extent of
the attack, thereby confirming the Watson article.

The Watson journalists attribute the attack to the cyber criminal group
“Vice Society”, which, according to the IT security experts at Cisco Talos,
specializes in attacks on small and medium-sized companies as well as on
public institutions. The one used by the cyber criminals Ransomware is said
to use the “PrintNightmare” vulnerability in the Windows printing system to
have. Vice Society ransomware has been detected by experts since June and,
according to their findings, is a variant of “HelloKitty” ransomware, which
is also used for attacks on Windows and Linux IT systems, primarily for
small to medium-sized targets.

“A certain naivete” admitted

Rolle local authority, which has filed criminal charges in the case,
recently admitted it “underestimated the severity of the attack (and) the
potential use of the data.” She admitted “with humility a certain naivety
about what is at stake in dealing with the Darknet and malicious hacks” and
said she had set up a task force to deal with the crisis. Yahoo and Nissan,
among others, have their European headquarters in Rolle on Lake Geneva.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210901/f1d985c0/attachment.html>


More information about the BreachExchange mailing list