DailyPost 2721
SWISS GOVT HACKED
Couple of truisms of the digital world have slowly been emerging which are bound force us think in manner radically different from what we think today. The first one is; Getting hacked is the new normal. The second one today or tomorrow ransomware is bound to hit you. And the most important one is the breach to detection time, which is around 200 days. So, resilience in the system; the capability to bounce back at the earliest, having work able back up ready at any point in time and having systems in place so that you know of the breach as early as possible would be extremely critical to any enterprise as we move forward inclusive of the government.
In recent hack of the Swiss government all these points come into play in full measure. The headline announces that Play ransomware leaked 65,000 government documents. Few of ransomware gangs seem to have taken over the world, bringing even the governments to their knees. The news of breach was shared by National Cyber Security Centre, NCSC following a ransomware attack on Xplain, thousands of sensitive Federal files have been impacted. Xplain is a tech and software solutions provider for various Swiss government agencies / departments inclusive of the country’s military force.
Watch out the timelines, that would be interesting. The Play ransomware gang breached Xplain on May 23, 2023. The threat actor then claimed to have stolen confidential information. In June 2023, went on by its threats and released stolen data on its darknet portal. The robber having a platform to display the booty. This is where we are. The investigation has been on for quite some time and has instantly accepted that leaked data might belong to Federal Administration of Switzerland. Now it is known that of the 1.3 million documents, 5% or 65,000 are relevant to the Federal Administration, which is no small number.
The breakup of the files stolen makes disturbing reading. Around 95% impact the administrative units of Justice and Police, Federal Offices of Justice and Police, State Secretariat for Migration and the internal IT service center. You may well imagine the magnitude of the compromise. As per the information available in the public domain, investigation was launched on Aug 23, 2023 and is likely to be completed by the end of this month. It would be then when the full results and cyber security recommendations would be shared with the Federal Council. The time taken for investigation is on account of unstructured data and its volume. Leaked data for evidence is complicated needing inter-agency coordination, delaying the whole process.
IF THE PACE OF RESPONSE DOES NOT MATCH THE PACE OF THE HACKERS WE ARE DOOMED.
Sanjay Sahay
Have a nice evening.