In its semi-annual report, the National Cyber Security Centre (NCSC) outlines the key inci-dents and developments in the context of cyberthreats targeted against Switzerland and inter-nationally. The NCSC received 28,165 reports of cyberincidents in the second half of 2024. This is slightly lower than in the first half of 2024, but the figure rose by 13,574 to a total of 62,954 reports over 2024 as a whole. The fluctuations are mainly due to the large ripple effect of the phenomenon of fake threatening calls from authorities. The ratio between the number of reports received from private individuals and companies remains constant at 90% and 10% respectively. The categories of fraud, phishing and spam stay the most reported phenomena.
General public group most affected by fraud attempts
Fraud is consistently the most frequently reported phenomenon and accounts for two thirds of all reports in the second half of 2024 with 18,270 reports received. There were no spikes in reports of fake threatening calls from authorities in the second half of the year. This phenom-enon was covered in detail in the first 2024 semi-annual report. In contrast, the NCSC observed a tripling of reports received in the current reporting period for fraudulent lotteries. The subscription scams take advantage of legal grey areas, which fraudsters are increasingly exploiting deliberately due to a lack of effective countermeasures. On the corporate side, there was a sharp increase in reports of CEO fraud, with many victims being found in communes and churches in particular.
Overloads lead to disruptions, faulty updates result in outages
On 19 July 2024, the most far-reaching IT outage in history occurred. It was not a cyberattack, but a faulty software update from the cybersecurity provider CrowdStrike that rendered over 8.5 million Windows systems unusable – primarily those of large companies. In addition to the impact on organisations such as hospitals and businesses, the aviation sector in Swit-zerland and worldwide in particular was severely restricted for several hours.
Overload attacks on the websites of cantons and communes, but also on web services for financial services, restricted their availability for a period of time. Distributed denial of service attacks (DDoS) are executed using distributed attack infrastructure – usually in the form of a botnet such as "Gorilla".
Creative ways of distributing malware – ransomware puts companies at risk
Players and attack methods in the field of ransomware extortion are continually adapting to circumstances and remain the most relevant threat to companies. For example, cybercrimi-nals in the ‘Black Basta’ group flood email accounts with spam messages and then offer help in resolving the problem via digital communication platforms, compromising the victims in the process.
The names of well-known Swiss companies such as health insurers and debt collection agen-cies have been misused to distribute malware to recipients of malicious emails in their name. On fake or compromised websites, visitors are tricked with fake CAPTCHAs into manually executing malware scripts thereby infecting their devices. Using QR codes on letters, cyber-criminals attempted to trick recipients into installing an infected “Alertswiss” app on their Android mobile phones.
Phishers are looking for new bait and channels
Obtaining access data or financial information through phishing remains the second most fre-quently reported category. In addition to the familiar phishing emails, cybercriminals are in-creasingly trying to spread their fake requests via other channels. For example, alleged bank employees contact victims by telephone, or mobile messages are sent via the SMS successor Rich Communication Services (RCS). Classified ad portals offer scammers an easy opportunity to contact people and in the real world, QR codes are pasted over parking meters to divert payments from motorists.
Furthermore, the general public and organisations in Switzerland submitted 497,096 reports of suspicious websites via the "antiphishing.ch" reporting platform in the second half of the year. The NCSC was able to identify 9,311 clear phishing sites from these and initiate appropriate countermeasures.
Other phenomena
The amount of time that organisations have to fix vulnerabilities before they are exploited by attackers is becoming worryingly short. The exploitation of such vulnerabilities repeatedly leads to data leaks but is also used by state actors for espionage and, in rare cases, even for sabotage against industrial control systems. These global trends must be adequately ad-dressed to protect against cyberthreats in Switzerland.
Your opinion matters to us!
We would like to know your opinion on the content of the current semi-annual report, so that we can better adapt such products to your needs in the future. Therefore, we would be grateful if you could reply to the following questions (about 2 minutes). You can then send us the form by clicking on the "Submit" button.
The questionnaire is anonymous and personal information such as your age or profession are only aimed to understand the needs of each target audience. But you can leave your email address should you have any questions or comments which you would like us to follow up upon. We are looking forward to reading your thoughts and comments.
Last modification 06.05.2025
