Cross-border cyberthreats require international solutions

Semi-annual report from the Federal Office for Cybersecurity (BACS) shows how cybercriminals operate internationally and which channels they use to spread their attacks.

[datensicherheit.de, 05/11/2025] The latest semi-annual report from the National Cyber Security Centre (NCSC) outlines how cybercriminals operate internationally and the methods they use for their attacks. In light of these global cyberthreats and our ever-growing dependence on global software, international cooperation is becoming increasingly important. To strengthen cybersecurity in Switzerland, a reporting obligation for cyberattacks on critical infrastructure came into force on 1 April. This was developed in close alignment with international standards and EU directives.

BACS as the first point of contact for the population in Switzerland in the event of cyber incidents

As the general public’s first point of contact when cyberincidents occur, the NCSC began accepting voluntary incident reports via an online reporting form in 2020. Analysis of the incoming reports reveals how cybercriminals operate internationally and how they use new methods and deceptive strategies to propagate their attacks. The latest NCSC semi-annual report examines these developments and outlines the national and international cyberthreat landscape in the second half of 2024.

Cyberthreats in the second half of 2024

In the second half of 2024, the NCSC received 28,165 reports of cyberincidents, slightly fewer than in the first half of the year. Over 2024 as a whole, however, the number rose by 13,574 to a total of 62,954 reports. The fluctuations are mainly due to a large wave of fake calls claiming to come from public authorities. The ratio of reports from the general public to reports from companies, associations and authorities remained stable, at 90% and 10% respectively. Among companies, there was a sharp increase in the number of CEO fraud reports (2023: 487 / 2024: 719). The categories of fraud, phishing and spam still received the most reports, including a threefold increase in the number of fraudulent lottery reports in the second half of 2024.

Familiar attack methods are being modernised

In addition to conventional email and SMS attacks, Rich Communication Services (RCS) and iMessage are increasingly being used to bypass the established SMS filters used by the major providers. Telephone calls from supposed bank employees and fraudulent QR codes stuck on parking meters are also some of the latest scams. Another method fraudsters use is to flood their victims’ email accounts with spam messages. They then offer to help with this problem via digital communication platforms, and in so doing, compromise their victims’ security. Scammers also impersonate well-known Swiss companies so that they can spread malware. In its weekly reviews published on Tuesdays, the NCSC examines these strategies in detail and issues advice on how to respond to them.

Increasing risk due to global digital dependencies

CrowdStrike’s failed software update in the second half of 2024 was a stark reminder of the consequences of global digital dependencies. Around 8.5 million computer systems crashed, with the estimated economic damage amounting to several billion US dollars. The latest developments in the US Common Vulnerabilities and Exposures Program (CVE) also highlight the risks of unilateral international dependencies. These events emphasise the urgent need for greater international cooperation on cybersecurity.

To reduce the negative impact of these dependencies, Switzerland has stepped up its cooperation and bilateral discussions with European and international partners with a view to improving joint early warning systems and sharing information on current threats more quickly.

New reporting obligation harmonised with international standards

The reporting obligation for cyberattacks on critical infrastructure came into force on 1 April. This new regulation was developed in close alignment with international standards and EU directives to ensure cross-border compatibility and information sharing. Operators of critical infrastructure such as energy and drinking water suppliers, transport companies and cantonal and local administrations must now report certain cyberattacks to the NCSC within 24 hours. For the first six months (until 1 October), there will be no sanctions for failure to report an incident.

Further information on the topic:

Bundesamt für Cybersicherheit BACS, 06.05.2025
Halbjahresbericht 2024/II (Juli – Dezember),  Cybersicherheit – Lage in der Schweiz und international

datensicherheit.de, 25.02.2025
Dragos: Starker Anstieg von OT/ICS-Cyberbedrohungen