NCSC semi-annual report with focus on supply chain attacks
Bern, 05.05.2022 - The NCSC's latest semi-annual report deals with the most important cyberincidents of the second half of 2021 both in Switzerland and internationally. The focus topic concerns attacks on IT product supply chains.
Nowadays, various suppliers and third-party providers are involved in the production of goods and services. Attacks on these can lead to far-reaching problems in the entire supply chain and halt production, for example. The supply chain attack on the software company Kaseya hit the headlines internationally in mid-2021. Furthermore, in Switzerland, the websites of the city and canton of St Gallen were unavailable for a prolonged period due to a DDoS attack on a hosting provider.
Cases of fraud most frequently reported
During the period under review, the NCSC received a total of 11,480 reports on cyberincidents, most of which concerned various types of fraud. In particular, emails supposedly sent by law enforcement agencies were reported very often. Other reports concerned advance payment fraud, investment fraud, CEO fraud and classified ad fraud. A trend towards more elaborate, customised approaches has emerged among some perpetrators of fraud. They work on victims over a lengthy period of time in order to build up trust before actually attempting to defraud them.
Ransomware and data leaks
In the second half of 2021, there were also numerous attacks with encryption Trojans, so-called ransomware, during which data was encrypted and a ransom was subsequently demanded. The attackers are increasingly turning to double extortion. They copy the data before it is encrypted, which gives them additional leverage. If the victim is unwilling to pay the ransom, they threaten to publish the data.
Software component vulnerabilities
Existing components such as libraries or open source code are often used in software development. However, these can also have vulnerabilities. If such a vulnerability is discovered, it must be rectified in all products in which the component with the vulnerability was integrated. This problem became apparent in December 2021 with the critical vulnerability in the widely used Java program library Log4j.
Phishing still a trend
Since the start of the pandemic, many phishing attacks involving alleged parcel notifications or delivery problems have been reported to the NCSC. Aside from emails, the attackers also regularly send text messages in order to reach their victims. Other reports concerned phishing attempts in connection with webmail and Office365. The access credentials phished in this way are subsequently used for invoice manipulation fraud in many cases. Another perennial issue is phishing emails regarding bills from internet providers that have purportedly been paid twice.
Address for enquiries
Tel. 058 465 04 64
Last modification 08.12.2020