Ljubljana, 25 February (STA) - The national cybersecurity response centre SI-Cert handled 4,587 cyber incidents last year, a 7% increase compared to the previous year. Crypto investment scams again stood out in terms of volume and financial losses, while attackers continued shifting their focus to mobile devices.
Of the 4,587 incidents, 790 were classified as technically complex, 2,368 as minor, and 1,429 related to phishing attacks.
SI-Cert addressed 1,583 cases of victims being lured to fake websites or phishing and 97 cryptocurrency investment scams, shows the 2024 cybersecurity report, which includes police data.
Reports from incident notifiers, who may voluntarily disclose financial losses, revealed that the highest attempted fraud last year amounted to EUR 369,500. This involved a crypto investment scam that was successfully blocked by a bank.
An average loss from online shopping fraud reached EUR 1,300. For advance-fee fraud or "Nigerian scams", an average loss stood at EUR 9,800, with the highest single case hitting EUR 40,000. Business email compromise (BEC) attacks averaged EUR 33,000 in loss. The largest attempted mobile banking fraud totalled EUR 200,000, though the transaction was halted.
Police data shows 705 criminal offences linked to investment fraud in 2024, causing EUR 19.52 million in damage. There were 64 cases of BEC or executive fraud (EUR 2.27 million in losses) and 90 instances of compromised electronic or mobile banking (EUR 2.74 million in losses). In 886 cases, paid-for goods were never delivered, resulting in EUR 4.67 million in losses.
Other police-reported incidents included 88 cases of payment card abuse (EUR 243,000), 58 fraudulent contracts (EUR 314,000), 46 romance scams (EUR 574,000), 16 advance-fee frauds (EUR 260,000), 16 fake tech support calls (EUR 150,000), 28 loan scams (EUR 98,000), and four gambling-related frauds (EUR 7,500).
SI-Cert warned of rising critical device vulnerabilities, which can lead to data theft, ransomware attacks, operational disruptions, or compromised devices being weaponised to conceal criminal activity. "The global challenge is the surge in social engineering," they noted.
The Common Vulnerabilities and Exposures (CVE) catalogue added over 34,000 new entries last year for vulnerabilities in devices with digital components. These included critical flaws in firewalls, VPNs, and mobile device management platforms - systems meant to bolster network security.
"By alerting administrators to vulnerabilities, SI-Cert is effectively firefighting, but trends clearly indicate we must expand capacities and ensure rapid responses, particularly for zero-day vulnerabilities, where no official patch exists yet attackers are already exploiting them," the centre added.
