November 2, 2023
Politically relevant events can lead to illegal activities in cyberspace, also known as hacktivism. This involves hacktivists aiming to attract attention from the media and, in turn, from the public. In June 2023, the Federal Administration twice fell victim to hacktivism. The first DDoS attack followed a decision by the Council of States relating to the War Material Act. The aim was to overload the Parliamentary Services website and make it unavailable to users. The second attack was triggered by the announcement that the Ukrainian president, Volodymyr Zelensky, would be giving an online speech to the Federal Assembly. In addition to several websites of federal offices and Parliament, the websites of major companies in Switzerland, some airports, numerous towns, cities and cantons, as well as the Swiss Bankers Association were also affected by this DDoS attack. The focus of the semi-annual report is therefore on hacktivists’ methods and motivations. In addition, two guest articles show how affected large companies reacted to the DDoS attack. At the same time as this semi-annual report, the NCSC publishes a detailed analysis report on these DDoS attacks.
Increase in reports in the first half of 2023
In the first half of 2023, the NCSC received 19,048 reports of cyberincidents. This corresponds to an increase of around 2,000 reports compared to the first half of 2022 (16,951 reports). In the first half of 2023, the most frequent reports to the NCSC again concerned various forms of fraud. Threatening emails, so-called fake extortion, continue to account for the largest share (around 30%). In most cases, the victim of these threatening emails is accused of having allegedly committed a crime. These threats are supposedly sent in the name of domestic and foreign authorities, and over the last six months, the Swiss NCSC’s name has also been misused more and more frequently.
Significant increase in phishing reports
The second most frequently reported incident is phishing, the number of reports of which has increased by over 40% and accounted for one fifth of the reports received in the last half year. The main reason for this increase is an extensive phishing campaign against SwissPass holders, which lasted almost the entire first half of 2023. In general, it can be seen that phishing attempts are becoming more elaborate and attackers are trying out new methods of disguising phishing links.
Ransomware incidents: Differing trends for companies and private individuals
In the first half of 2023, the number of ransomware reports (64) remained almost the same as in the previous half-year period (76). While reports from private individuals decreased significantly (from 27 to 8 cases), the number of ransomware reports from businesses increased (from 49 to 56 cases). In addition to short-term operational disruptions as a result of data encryption, the publication of leaked business data causes consequential damage that is hard to quantify.
Publisher: Federal Department of Finance https://www.efd.admin.ch/efd/en/home.html