Cybercrime
Swisscom’s Cybersecurity Threat Radar sheds light on the approach of cybercriminals and their preferred attack methods. AI-based attacks have gained significant momentum in recent times. Yet there are other challenges, too.
The number of cyberthreats remains high, with new cyberattacks reported in the media every day. Anyone can be a victim, including major corporations and SMEs. Hackers are constantly on the lookout for new methods to improve their attacks.
With this in mind, the focus of this year’s Cybersecurity Threat Radar from Swisscom is on AI-based attacks. These are cyberattacks that use AI (artificial intelligence) technologies, which enable hackers to carry out their attacks more effectively and efficiently in order to circumvent defensive measures.
Swisscom has observed a sharp increase in threats in this area in recent months. This is due to publicly available AI tools, which have made a real evolutionary leap. These include, for example, the large language model ChatGPT, which was released in November 2022. This AI model was developed to generate human-like text and act as a voice assistant. Cybercriminals, too, have discovered it for themselves. It can be used, for example, to formulate personalised phishing emails more convincingly. This makes phishing attacks harder to detect and can trick recipients into divulging sensitive information or clicking on malicious links.
In most cases, phishing also opens the door to ransomware attacks; another major challenge for IT security, in which hackers use malware to penetrate a system, encrypt files and then demand a ransom for their release. In this area, Swisscom’s security specialists are expecting a significant increase in multiple extortion, i.e. the combination of several attack tactics such as ransomware, data theft and denial of service. Managed service providers are also increasingly under attack, as they are often willing to pay ransoms and their customers can be targeted directly.
To strengthen resilience against cyberthreats in one’s own company, it is essential to look at cyber and IT security as a whole. This is because, alongside the technical precautions, highly trained staff and in-house cybersecurity experts also play a key role. However, IT security experts are in high demand and hard to find. In an ongoing battle for talent, a company can wear itself out trying to develop a labour market that has been fished dry. Alternatively, it can look inwards and invest in the further education and training of its own employees.
The report explains more about this and other countermeasures that companies can take in the current threat situation.
Swisscom’s Cybersecurity Threat Radar serves as a guide and compass for navigating safely through the cyberworld. The report monitors, links and evaluates trends and challenges in the cyberworld. By pooling expert knowledge, it provides a quick overview of the threat situation and how it is developing in Switzerland.