11.05.2021 - The NCSC's first semi-annual report deals with the most important cyberincidents of the second half of 2020 in Switzerland and internationally. It replaces the former MELANI semi-annual report. The main topic is digitalisation in the healthcare sector and the challenges it faces with regard to current cyberthreats.
As elsewhere, digitalisation is advancing inexorably in the healthcare sector. Globalised supply chains, computer-controlled logistics and electronic patient records confirm this. But increasing digitalisation also provides cybercriminals with potential points of attack. Successful attacks in the healthcare sector have far-reaching consequences. A data leak can affect particularly sensitive personal data. Furthermore, functional failures of IT systems or even temporary unavailability of data can endanger people's health or even their lives. The semi-annual report examines recent cases and the necessary protective measures.
Ransomware harbours the greatest potential for damage
Incidents with encryption Trojans (ransomware) are among those with the greatest potential for damage, as business interruptions and recovery involve high costs and can, in the worst case, lead to a complete loss of data. The attackers demand high ransoms for the prospect of decrypting the data. In the second half of 2020, the NCSC received 34 reports on these from various economic sectors in Switzerland. Around 80% of the reports concerned small and medium-sized enterprises (SMEs). Another malware made the headlines worldwide last year. After a lull of several months, the NCSC again observed various spam waves involving Emotet malware from July 2020 onwards. Originally known as an e-banking Trojan, Emotet was more recently used primarily for sending spam and subsequently loading other malware malware until Europol announced on 27th January 2021 that the “Emotet Botnet” was taken down by a coordinated international Law Enforcement action. The semi-annual report provides an insight into how Emotet works.
Widespread cases of fraud
In the second half of 2020, the NCSC contact point received a total of 5,542 cyberincident reports from private individuals and companies. Of these, the 2,917 reports of fraud continued to account for the largest share. The most frequently reported are advance fee fraud, fake sextortion and fee scams.
Last modification 12.05.2021
