Bern, February 20, 2024 - Today, at the Swiss Cyber Security Days, the results of a scientific scan of the Swiss cyberspace, including all publicly connected IT infrastructures, are being presented. Over 2.5 million potential vulnerabilities have been identified, with over a million of them rated as critical or high-risk.
Dreamlab Technologies CEO Nicolas Mayencourt and Professor Marc K. Peter will present a report that sheds light on what a nation or a cybercriminal would see when analysing the Swiss cyberspace for potential attacks. The scan, facilitated by the CyObs software solution, measures the external attack surface, cataloging all IT infrastructures connected to the internet (like servers and firewalls). This comprehensive analysis provides an overview of potential vulnerabilities within the Swiss cyberspace, commonly referred to as the attack surface.
Key findings from the 2024 CyObs report:
- 3,235,826 active IPv4 addresses assigned to Switzerland and 1,885,471 active domains were found.
- 2.5 million potential vulnerabilities (based on metadata or software version numbers) of which 421,735 are classified as critical and 727,557 as high (critical vulnerabilities are those with a CVSS score of 9.0-10, high vulnerabilities are those with a CVSS score of 7.0-8.9).
- Only 18.9% of servers for active domains are in the Swiss IP range; 81.1% of servers are located outside of the Swiss cyberspace.
- Only about 13.4% of DNS servers are in the Swiss IP range; 86.6% are outside of Switzerland. They provide DNS services for 50.9% of domains in the Swiss cyberspace.
- Only 29.4% of mail exchange servers are in the Swiss cyberspace. They provide mail services to 59.4% of domains.
Potential vulnerabilities include, among others, unsupported operating systems with known security flaws, outdated firewalls, unprotected databases, vulnerable websites susceptible to password theft, connected industrial devices lacking upstream firewalls and containing vulnerabilities, as well as FTP servers.
Within the Swiss cyberspace, the scan detected 604 active domains and 439 active IPv4 addresses associated with the Swiss Federal Administration (admin.ch). The scan uncovered 781 potential vulnerabilities, with 18% classified as critical and 25% as high. Notably, the majority of critical potential vulnerabilities in the internet infrastructure of the Swiss Federal Administration are attributed to outdated versions of OpenSSH and Apache HTTPD.
In their keynote, Nicolas Mayencourt and Marc K. Peter will emphasise Switzerland potential to implement fundamental cyber hygiene practices within its national cyberspace. They stress that initiating a public discussion on national cybersecurity marks the beginning of developing a comprehensive national cybersecurity strategy. This discourse is essential for shaping the groundwork of the digital society, prioritising digital rights, privacy, and product safety in political and economic investments necessary for citizens amidst the ongoing digital transformation.
The research report on the Swiss cyberspace, featuring a foreword by Major General Simon Müller, Chief of Cyber Command, Swiss Army, is available for free download at www.cyobs.com/switzerland.
Swiss Cyber Security Days 2024
The fifth edition of the Swiss Cyber Security Days (SCSD) will take place for the first time at the BERNEXPO site in Bern on February 20th and 21st, 2024.
For more information: https://scsd.ch
CyObs
CyObs is the cyber radar system that effectively measures attack surfaces. CyObs examines internet-connected infrastructure and identifies known and documented vulnerabilities from the CVE database (Common Vulnerabilities and Exposures).
For more information: https://cyobs.com
Country Report on the Swiss Cyberspace
The research report "Switzerland’s Cyberspace: An Overview of the National Digital Public Attack Surface, Country Study Report, February 2024" with a foreword by Divisional General Simon Müller, Chief of Cyber Command, Swiss Army, can be downloaded for free.
Download: www.cyobs.com/switzerland
Dreamlab Technologies AG
Dreamlab Technologies is a Swiss IT security company with locations on four continents. The combination of technical expertise from Switzerland and international experience enables Dreamlab to develop, assess, and control cybersecurity based on quantifiable and verifiable open standard technologies. Dreamlab advises organizations and authorities, helping them integrate information security awareness into their management cycle. In addition to software products such as CyObs, CySOC, and many other solutions, Dreamlab also offers IT security audits and training.
For more information: https://dreamlab.net/
Contact
Dreamlab Technologies AG
Bern, Switzerland
Jürg Walpen, Head of Communications
Phone: +41 79 271 84 17
E-Mail: juerg.walpen@dreamlab.net
