Cross-border cyber threats require international solutions

As the first point of contact for the public in the event of cyber incidents, the Federal Office for Cybersecurity (BACS) has been accepting voluntary reports of incidents in the digital space via an online reporting form since 2020. The analysis of the reports received shows how cybercriminals operate internationally and how they use new methods and deception strategies to spread their attacks. The current BACS semi-annual report highlights these developments as well as the national and international cyber threat situation in the second half of 2024.

In the second half of 2024, the BACS received 28,165 reports of cyber incidents. This is slightly fewer than in the first half of 2024. Over the whole of 2024, the number increased by 13,574 compared to the previous year to a total of 62,954 reports. The fluctuations are mainly due to the large ripple effect of the phenomenon of "fake calls in the name of the authorities". The ratio of reports from the general public (90 %) to those from companies, associations and authorities (10 %) remained stable. In the case of companies, there was a sharp increase in reports relating to the phenomenon of CEO fraud (2024: 719 / 2023: 487). The most frequently reported categories continued to be "fraud", "phishing" and "spam". In the second half of 2024, the BACS even observed a threefold increase in the number of reports received for "fraudulent prize draws".

Known attack methods are modernized

In addition to traditional emails and text messages, RCS (Rich Communication Services) and iMessage are increasingly being used to bypass the established text message filters of the major providers. Telephone calls from alleged bank employees or the pasting of QR codes on parking meters are also among the current scams. Another method observed is the flooding of email accounts with spam messages in order to subsequently offer assistance via digital communication platforms, in the course of which the victims are compromised. The names of well-known Swiss companies have also been misused to distribute malware in their name. In its weekly reviews, which are published on Tuesdays, the BACS takes a closer look at the methods used and makes appropriate recommendations for action.

Increasing risk due to global digital dependencies

CrowdStrike's failed software update in the second half of 2024 was an impressive reminder of global digital dependencies: Around 8.5 million computer systems were put out of operation - the estimated economic damage amounts to several billion US dollars. The latest developments in the US CVE (Common Vulnerabilities and Exposures) program also highlight the risks of one-sided international dependencies. These events underline the urgent need for greater international cooperation in the area of cyber security.

In order to reduce the negative effects of such dependencies, Switzerland has intensified its cooperation and bilateral exchange talks with European and international partners to improve joint early warning systems and exchange information on current threat situations more quickly.

New reporting obligation harmonized with international standards

The reporting obligation for cyber attacks on critical infrastructure came into force on April 1, 2025. This new regulation was developed in close coordination with international standards and EU directives to ensure cross-border compatibility and the exchange of information. Operators of critical infrastructures such as energy or drinking water supplies, transport companies and cantonal and municipal administrations must therefore report certain cyberattacks to the BACS within 24 hours. For the first six months, until October 1, 2025, there will be no sanctions for failure to report.

BACS half-year report

Source: BACS