The 2024/II Mid-Year Report of the Federal Office for Cybersecurity (BACS) outlines the cyber threat landscape in Switzerland and internationally for the second half of 2024. Here are the key takeaways:

  1. Increase in Cyber Incidents:
    • In 2024, 62,954 cyber incident reports were recorded, up by 13,574 from the previous year. The second half of the year saw 28,165 reports, slightly fewer than the 34,789 in the first half.
    • 90% of reports came from individuals, and 10% from businesses.

  2. Dominant Threats:
    • Fraud: The most common issue, with 18,270 reports (two-thirds of all cases). Notable trends include fake calls impersonating authorities (21,903 reports) and a tripling of fraudulent prize scams. CEO fraud targeting municipalities and churches also increased.
    • Phishing: The second most frequent category, with 12,038 reports (+2,623 compared to 2023). New channels like RCS messages and QR codes on parking meters are being exploited. 9,355 phishing websites were identified.
    • Malware: Ransomware remains the biggest threat to businesses, with 92 reports in 2024. Creative distribution methods, such as fake CAPTCHAs or QR codes on mail, were observed.
    • DDoS Attacks: Overload attacks, e.g., via the “Gorilla” botnet, targeted websites of cantons, municipalities, and financial services. On November 24, 2024, the Canton of Schwyz’s website was affected.

  3. CrowdStrike Incident:
    • On July 19, 2024, a faulty software update from CrowdStrike caused a global IT outage, disrupting over 8.5 million Windows systems. The aviation sector was particularly hard-hit. Estimated damages run into billions of USD.

  4. Data Breaches and Extortion:
    • Data leaks, such as those at OneLog and Temenos, highlight the importance of secure data management. Ransomware attacks are often paired with data exfiltration, with stolen data sold on platforms like BreachForums.
    • Hacktivists employ “hack-and-leak” tactics to publish sensitive information.

  5. Cyber Espionage and Sabotage:
    • State actors like “Salt Typhoon” (China) and “APT29” (Russia) conducted targeted espionage campaigns. North Korean actors used fake IT employee profiles for espionage and financial fraud.
    • Attacks on industrial control systems (e.g., FrostyGoop in Ukraine) underscore growing risks to operational technology.

  6. Recommendations:
    • Implement multi-factor authentication (MFA), regular patch management, and training for responding to IT outages.
    • Exercise caution with QR codes, fake calls, and emails. Report suspicious incidents to antiphishing.ch.
    • Ensure secure data management using thequestions (Who, What, Where, How, When) and regularly check for data leaks.
    • Protect industrial systems with industry standards and the Cyber Resiliency Act.

Conclusion

The cyber threat landscape worsened in 2024, with a rise in fraud, phishing, and malware. Technical and organizational measures are critical to building resilience. Not only cyberattacks but also technical failures, like the CrowdStrike incident, can have massive impacts.