Twice as many cyber incidents reported and rise in AI scam attempts

Bern, 06.05.2024 - More than 30,000 cyber incidents were reported to the NCSC in the second half of 2023, twice as many as in the same period last year. The strategy of the new federal office is based on four pillars in order to strengthen cyber security for the general public, businesses and public authorities in the face of increasing threats and the emergence of AI-driven fraud.

The National Cyber Security Centre is taking stock of its first few months as a fully-fledged federal office. Director Florian Schütz gave an initial assessment at a press briefing on 6 May. When the National Cyber Security Centre (NCSC) attained the status of a federal office on 1 January 2024, this marked an important milestone in strengthening Swiss cyber security. Its primary task remains unchanged: to increase Switzerland's security in cyberspace by raising public awareness of cyber threats and attacks. In addition, the NCSC acts as a contact point for reporting cyber incidents and supports critical infrastructure operators in dealing with these incidents. The NCSC also produces technical analyses to assess and ward off cyberattacks and cyber threats. It identifies and remedies weaknesses in Switzerland's protection against cyber threats in order to strengthen the country's resilience.

NCSC Strategy

The core mandate for the NCSC is to strengthen cyber security in critical infrastructures, the economy, the education system, the population and in government by coordinating the implementation of the National Cyber Strategy (NCS). The strategy presented today by the NCSC sets out how this core mandate is being fulfilled. The aim is to improve cyber security by working with all relevant stakeholders. With this in mind, it organises its services based on four strategic pillars: making cyber threats understandable, providing means to prevent cyberattacks, limiting damage from cyber incidents and increasing the security of digital products and services.

NCSC semi-annual report for 2023/2: Fraud attempts using artificial intelligence (AI) on the rise

The number of cyber incidents reported to the NCSC almost doubled in the second half of 2023, with 30,331 incidents compared with 16,951 in the same period in the previous year. This increase is mainly down to job offer scams and calls from fraudsters claiming to be police officers. Fraud attempts were among the most frequently reported incidents, with the 'CEO' and 'invoice manipulation' scams being particularly commonplace.

5536 phishing reports were received, more than twice as many as in the same period last year (2179 reports). What is known as 'chain phishing' is particularly worth mentioning: phishers hack email inboxes and then send emails to all the addresses stored in the mailbox. As the sender is likely to be known to the recipients, there is a high probability that they will fall for the scam and respond to the phishing mail. The phished email accounts are then used to write once again to all the contacts they hold.

There was also an increase in reports of attempted fraud involving the use of AI. Cyber criminals use AI-generated images for sextortion attempts, to pretend to be celebrities on the phone, or to perpetrate investment fraud. Although the number of reports of such incidents is still comparatively low, the NCSC believes that these are the first attempts by cyber criminals to explore how AI might be used for future cyberattacks.

Address for enquiries

NCSC Communication
+41 58 465 53 56
media@ncsc.admin.ch