Reports of Swiss cyber fraud almost doubled in six months

According to a press release issued on Monday, 30,331 reports of cyber incidents were received by the National Cyber Security Centre (the predecessor to the FOC) via the official reporting form in the second half of last year, compared to 16,951 in the same period in 2022. This was mainly due to fraudulent job offers and alleged calls from the police.

+ Read about the risks of cyberattack on aid agencies

Companies mainly reported so-called CEO fraud and invoice manipulation fraud. Ransomware attacks on companies, on the other hand, were on the decline. These fell from 54 to 42.

Phishing reports also doubled in the reporting period, from 2,179 to 5,536, with the FOC drawing attention to so-called chain phishing, in which phishers send emails to all stored addresses via hacked email inboxes.

Fraud attempts using artificial intelligence (AI) are still relatively low. These include, for example, sextortion attempts with AI-generated images or the faking of celebrity calls or investment fraud in the name of celebrities. However, the FOC assumes that cyber criminals are currently exploring the fraud possibilities offered by AI in order to use them for cyber attacks in the future.

Transparency problem

Cyber security coordination was transferred from the finance ministry to the defence ministry on January 1, 2024. However, the aim of the new federal office continues to be strengthening cyber security for critical infrastructure, the economy, education, the general public, and public authorities. One of the current challenges is the high vulnerability of IT systems for finance, public authorities, educational institutions, and the general public in cyberspace, wrote the FOC.

The inadequate ability to react to system-relevant cyber incidents and the frequent lack of transparency are also a problem. In addition, there is “only a partially mature understanding of cyber security in business, society and politics”.

These risk factors mean that “cyber attacks are too often successful”, wrote FOC Director Schütz in the editorial to the semi-annual report. And this, in turn, is reflected in high economic losses and a high risk of critical infrastructure failures.

New cyber defence strategy

The number of reports of damage is increasing by an average of 30% per year. Last year, the federal office processed a total of 187,000 reports via the antiphishing.ch website and shut down 8,223 websites in Switzerland that were used for phishing.

On average, a malware infection is reported to FOC every 40 hours. Small and medium enterprises in particular are increasingly being targeted by cyber criminals. In the context of an ever-increasing use of the digital space, these figures are easy to understand, and Switzerland’s figures are mid-range compared to other countries.

However, the situation must be taken seriously and improved. For this reason, the Director of the FOC presented the new strategy for implementing the National Cyber Strategy (NCS). The federal office is focusing on four areas: making cyber threats understandable, providing means to prevent attacks, reducing losses, and improving the security of digital products and services.

Adapted from German by DeepL/dkk/mga