Every eight and a half minutes, a cyber incident is reported to the Federal Office for Cybersecurity (FOSC). The latter specifies in its latest half-yearly report that, compared to the same period in 2023, reports have almost doubled: 34,789 notifications reached the office during the first half of 2024.
The declarations come 90% from individuals and 10% from companies. Currently, all announcements are voluntary, but during 2025 the Confederation will introduce a notification obligation for operators of critical infrastructure. The OFSC thus expects to have a better overview of the threat situation.
Two thirds of notifications for the first half of 2024 concern cases of fraud. In 60% of cases, these are attempted telephone scams, with the criminals often claiming to represent a Swiss authority. According to the OFSC, bots call numbers in bulk and convince the callers, thanks to a recorded message, to participate in a police investigation. When they press the 1 button to obtain more information, they are put in contact with a supposed employee of the authorities. The criminals then attempt, during a conversation, to trick their victims into installing remote access software. The criminals thus manage to access the banking data of the people called.
More and more phishing attempts
The OFSC is also seeing a marked increase in phishing reports. With 6,643 cases reported in the first half of the year, the office received around 2,800 more messages than the same period last year. The scammers carry out their phishing attempts mainly with false parcel notices, but also via alleged reimbursements in the name of well-known companies such as the SBB or Swisspass, as well as various tax authorities. Phishing attempts against Microsoft 365 accounts are regularly reported.
Working according to the so-called snowball principle, Chain Phishing is increasingly common. In such cases, cybercriminals send fraudulent emails from hacked email boxes to all addresses registered there.
Fewer ransomware attacks
The number of reports of ransomware attacks against businesses is down slightly. The OFSC attributes several attacks against Swiss companies during the period covered in the report to the three ransomware groups “Akira”, “8Base” and “Black Basta”. These attacks affect companies of all sectors and sizes.
Individuals are increasingly being targeted by ransomware groups as threat actors target “highly lucrative victims,” the OFSC reports. Ransomware gangs also rely on more elaborate tricks, as shown by the current example of the “Black Basta” group, which first sends mass spam and then poses as a trustworthy support service.
Related News :