Weekly review 52

04.01.2022 - In the last weekly review of 2021, the NCSC looks back at the 21,000 reports received over the last 12 months. We would like to take this opportunity to thank you for all your reports. They help us to better assess the situation in cyberspace and warn potential new victims more effectively.

Weekly review 51

28.12.2021 - Last week, the NCSC again received a significant number of reports. Some of the most frequent reports to the NCSC this year concerned bogus parcel notifications. Malware was likewise distributed using this method last week. For the first time, the NCSC also received a report about a scam on a carpooling portal.

Weekly review 50

21.12.2021 - Last week, the NCSC again received a significant number of reports. The number of dodgy online shops is on the rise in the run-up to Christmas. In addition, emails that use old email exchanges known to the recipient are once again being sent, with the aim of spreading malware.

Update: Discovery of a new way of exploiting the Log4j critical security vulnerability

17.12.2021 - A new way of exploiting the Log4j security vulnerability allows attackers to execute arbitrary code remotely (remote code execution, or RCE). The security vulnerability is already being actively exploited by cybercriminals. The NCSC urgently recommends applying the security patches as soon as possible.

Weekly review 49

14.12.2021 - The NCSC once again received a higher number of reports in the second week of December. One case of advance payment fraud reported to the NCSC is a perfect example of the lengths fraudsters go to in order to achieve their goal with a person who appears willing to pay. Fake extortion is another frequently reported scam at present. In some cases, fedpol is indicated as the sender.

Critical security vulnerability in Java library Log4j

13.12.2021 - At the end of last week, a zero-day vulnerability in the popular Java library Log4j was disclosed. The security vulnerability is classified as critical, as the library is used in a great many Java applications. Moreover, the security vulnerability allows an attacker to execute arbitrary code remotely (remote code execution, or RCE). It is already being actively exploited by cybercriminals to infect vulnerable systems with malware. The NCSC recommends applying the security patches as quickly as possible.

New: Information for authorities

09.12.2021 - The National Cybersecurity Centre (NCSC) website, together with the Swiss Security Network (SSN), now also offers dedicated information for authorities.

Weekly review 48

07.12.2021 - The number of reports received by the NCSC increased once again last week. Christmas is a time of abundant fraud attempts. Two of the cases reported this week were aimed at extracting additional money from victims as part of an ongoing investment fraud.

Weekly review 47

30.11.2021 - Today, on Computer Security Day, the NCSC looks back on another week that saw an increase in the number of reports received. The familiar fake support scam is now being perpetrated in cases of investment fraud. The well-known phishing attempts made in the name of Swiss Post are also appearing in a new guise. The scammers pretend to be a chatbot from the postal service.

Emotet malware back in Switzerland

29.11.2021 - In recent days, several countries have reported the return of Emotet. Now, such spam emails from .ch senders have also been observed. Emotet is often hidden in Microsoft Office files and requires macros to install the malware on the IT system, e.g. a computer. These attacks can affect private users, as well as companies, authorities and critical infrastructures. The NCSC recommends being extremely cautious, especially in the case of emails with attached files.

Last modification 10.01.2022

Top of page