The National Cyber Security Centre's (NCSC) semi-annual report outlines the key cyber phenomena shaping Switzerland's threat landscape. It examines how various threat actors in cyberspace employ different methods to achieve their goals, based on cyberincidents and developments in Switzerland and internationally during the first half of 2024.
The NCSC received 34,789 reports of cyberincidents in the first half of the year, marking a significant increase of 15,740 reports compared to the same period last year. This near doubling is primarily due to an increase in reports of fake police calls, fraudulent lotteries, subscription scams and phishing. Approximately 90 % of reports came from individuals and 10 % from businesses. As in previous years, the majority of reports fell into the categories of 'fraud', 'phishing' and 'spam'.
Most frequently reported: fraud
Fraud remains the most frequently reported phenomenon with 23,104 reports, accounting for two-thirds of all reports in the first half of 2024. This figure has more than doubled compared to the same period last year (11,174). Almost 60 % of these reports (13,730) can be attributed to fake calls from authorities. This scam involves cold-calling random numbers, with victims led to believe that they are involved in a criminal case and instructed to press ‘1’ to continue. They are then connected to a fraudster who persuades them to download remote access software, allowing unauthorised e-banking payments from their computer.
Significant increase in phishing messages
The NCSC received 6,643 phishing reports in the first half of 2024, a significant increase of around 2,800 reports compared to the same period last year (3,879 reports). As in the past, most phishing attempts involved fake parcel notifications and refund emails purportedly from retailers, SBB and SwissPass respectively, and various tax authorities. Phishing attempts targeting Microsoft 365 accounts are frequently reported to the NCSC. A common approach is ‘chain phishing’, where phishing messages are immediately sent to the entire address book once an email inbox has been compromised.
DDoS attacks in relation to major events and international conferences
Distributed denial-of-service (DDoS) attacks aim to make a website or online service temporarily unavailable by overwhelming it with requests. Three notable DDoS campaigns occurred during the six months under review. In April, several Swiss organisations in the financial sector reported extortionate DDoS attacks, allegedly carried out by the Armada Collective or Alpha Jackal group. Additionally, threat actors used DDoS attacks with political motives in the context of major international events and conferences in Switzerland. The pro-Russian hacktivist collective NoName057(16) targeted websites related to the World Economic Forum in Davos in January and websites of organisations related to the Conference on Peace in Ukraine at the Bürgenstock Resort in June. Overall, the attacks were within the expected range and caused only minor disruption to the IT infrastructure. At no point were the IT systems and data of these events or the organisations involved seriously affected.
Ransomware – a national and global challenge
The NCSC has noted a slight decrease in reported ransomware attacks on businesses. Three ransomware groups – Akira, 8Base and Black Basta – were responsible for several attacks on Swiss companies during the period under review. Ransomware attacks continue to affect all sectors and company sizes. The trend of individuals becoming less of a target for cybercriminals persists. This shift may have been influenced by the typical opportunistic behaviour of ransomware groups, with an increase in attacks targeting particularly lucrative victims. Ransomware attacks remain a significant challenge to businesses and governments internationally.
Other phenomena
The report also highlights trends and developments related to vulnerabilities, malware on mobile devices and initial access attacks. It emphasises the importance of proper data handling practices, as data leaks are often used to compromise IT systems and to carry out social engineering attacks for fraudulent purposes. Lastly, the report provides an overview of cyberespionage and cybersabotage activities in the context of geopolitical tensions and the record number of elections this year. Although this section of the report is largely based on observations from abroad, it is crucial for a comprehensive assessment of the Swiss threat landscape.
At the same time as this semi-annual report, the NCSC publishes a report on "Telephone fraud".
Bericht: Telefonbetrug im Cyberbereich (PDF, 895 kB, 07.11.2024)Available in German and French
Your opinion matters to us!
We would like to know your opinion on the content of the current semi-annual report, so that we can better adapt such products to your needs in the future. Therefore, we would be grateful if you could reply to the following questions (about 2 minutes). You can then send us the form by clicking on the "Submit" button.
The questionnaire is anonymous and personal information such as your age or profession are only aimed to understand the needs of each target audience. But you can leave your email address should you have any questions or comments which you would like us to follow up upon. We are looking forward to reading your thoughts and comments.
Last modification 07.11.2024
