Doubling of reported cyber incidents and increase in AI fraud attempts
Twice as many cyber incidents were reported to the Federal Office for Cyber Security (BACS) in the second half of 2023 than in the same period last year, namely over 30,000. The strategic direction of the new Federal Office is based on four pillars in order to strengthen cyber security for the population, the economy and the authorities in the face of increasing threats and the emergence of AI-driven fraud.
The Federal Office for Cybersecurity looks back on its first few months as the new federal office. Director Florian Schütz gave an initial assessment at an expert discussion. The transfer of the National Cybersecurity Center (NCSC) to a federal office on 1 January 2024 marked an important milestone in the strengthening of Swiss cybersecurity. The primary tasks of the BACS continue to be to increase Switzerland's security in cyberspace. To this end, it informs and raises public awareness of cyber threats and attacks. In addition, the BACS acts as a point of contact for reporting cyber incidents and supports operators of critical infrastructures in particular in dealing with these incidents. Furthermore, the BACS prepares technical analyses to assess and defend against cyber incidents and cyber threats. It identifies and remedies weaknesses in Switzerland's protection against cyber threats in order to strengthen the country's resilience.
Strategic orientation of the BACS
The core mandate of the BACS is to strengthen the cyber security of critical infrastructures, the economy, education, the population and authorities by coordinating the implementation of the National Cyber Strategy (NCS). The Federal Office's strategy presented today shows how this core mandate is being fulfilled. The aim of the BACS is to improve cyber security in cooperation with all relevant stakeholders. To this end, it aligns its services along four strategic pillars: Making cyber threats understandable, providing means to prevent cyber attacks, reducing damage from cyber incidents and increasing the security of digital products and services.
BACS half-yearly report 2023/2: Fraud attempts with artificial intelligence (AI) on the rise
The number of cyber incidents reported to the BACS almost doubled in the second half of 2023 to 30,331 compared to 16,951 in the same period of the previous year. This increase is mainly due to fraudulent job offers and alleged calls from the police. The most frequently reported incidents included attempted fraud, with the categories "CEO fraud" and "invoice manipulation fraud" being particularly conspicuous.
With 5536 reports, more than twice as many phishing reports were received than in the same period last year (2179 reports). Particularly noteworthy is so-called "chain phishing": phishers use hacked e-mail inboxes to send e-mails to all addresses stored in this inbox. As the sender is likely to be known to the recipients, there is a high probability that they will fall for the phishing. The phished e-mail account is then used to write to all existing contacts.
There was also an increase in reports of attempted fraud using AI. Cyber criminals use AI-generated images for sextortion attempts, pretend to be celebrities on the phone or carry out investment fraud. Although the number of reports in this area is still comparatively low, the BACS believes that these are the first attempts by cyber criminals to explore the potential uses of AI for future cyber attacks.
Source: BACS
