Cyber Incident Victim: Schweiz Tourismus

On the morning of Thursday, June 15, 2023, the website of Schweiz Tourismus became the target of a significant cyber incident. The primary issue was a severe degradation in the website's availability, rendering it difficult or nearly impossible for users to access. The organization confirmed the nature of the event in response to an inquiry from the news agency Keystone-SDA, characterizing it as a Distributed Denial-of-Service (DDoS) hacker attack. This type of assault functions by overwhelming a target website with an excessive number of requests or calls, effectively flooding its infrastructure and limiting its ability to respond to legitimate user traffic. The attack was attributed to Russian activists, a group that has been associated with similar disruptive campaigns against other entities.

Schweiz Tourismus was quick to clarify the precise scope and limitations of the intrusion. They explicitly stated that the incident did not constitute a traditional "hack" in the sense of a breach into their internal systems. The Russian activists responsible for the DDoS attack did not gain any access to the content or the backend of the website. Consequently, no data was stolen during this event. This distinction was crucial, as it confirmed the attack was purely aimed at causing disruption and unavailability rather than data theft or infiltration. The confirmation of the incident and its details was also based on an earlier report from the West Swiss internet portal 24heures.ch.

The attack was not a single, sustained event but was instead conducted in a series of waves throughout the day. This pattern is common in DDoS campaigns, as attackers periodically restart their flood of traffic after defenders have implemented countermeasures. In response to each wave of the attack, IT experts working for Schweiz Tourismus actively engaged in mitigation efforts. Their response involved reacting to each incoming wave and taking technical steps to restore access to the website, making it accessible again to the public after each disruption. The organization expressed an expectation that these aggressive waves would gradually subside as the day progressed.

In terms of preparedness, Schweiz Tourismus noted that its web presence was protected by state-of-the-art firewalls and software solutions designed to defend against hacker attacks. They acknowledged, however, that in the realm of cybersecurity, an attack can never be entirely ruled out despite robust defensive measures. The organization also revealed that this specific type of DDoS incident was a novel experience for them, as they had never previously encountered such an attack on their systems.

This incident against Schweiz Tourismus did not occur in isolation but was part of a broader wave of cyber activity targeting Swiss institutions in mid-June 2023. The context provided by the article indicates that website attacks were preoccupying numerous organizations across the country. Just prior to this event, in the night leading to Wednesday, June 14, hackers had published additional data from the federal administration on the darknet. This data was part of a larger theft from the federal government, the public disclosure of which had first been announced by the hackers on June 3. The connection between these events suggests a period of heightened cyber threat activity against Swiss targets, with the Schweiz Tourismus attack representing a separate but contemporaneous facet of this activity focused on disruptive rather than data-exfiltration objectives. The immediate impact of the incident was confined to a temporary loss of service and the operational burden placed on the IT team to continually counteract the waves of malicious traffic, with no long-term data compromise or financial loss reported as a direct result.