If a nonce $N_i$ is even, then the binary numeral for it its increment $N_{i+1} = N_i + 1$ differs from $N_i$ only in its least significant bit; and if $N_i$ is odd, its increment is even. This means we can adapt chosen-plaintext attacks against CBC with counter nonces (e.g., from section 4 of this Rogaway paper) to target your scheme. Given an block cipher $E_k$ with random secret key $k$ and block size $n$, a secret initial nonce $N_1$, and nonce generation rule $N_i = N_{i-1}+1 \mod 2^n$ known to the attacker:
- Ask the oracle to encrypt $0^n$ (the one-block plaintext with all zero bits), getting back $C_1 = E_k(N_1 \oplus 0^n)$.
- Ask the oracle to encrypt $0^{n-1}1$ (the one-block plaintext with all zero bits except for the least significant), getting back $C_2 = E_k(N_2 \oplus 0^{n-1}1)$.
- Ask the oracle to encrypt $0^n$ again, getting back $C_3 = E_k(N_3 \oplus 0^n)$.
- If either $C_1 = C_2$ or $C_2 = C_3$, the attacker knows with high probability they're talking to an encryption oracle. Otherwise the attacker knows they're talking to a random oracle.
Proof. If $N_1$ is even, then its least sigificant bit is $0$, meaning that $N_2 = N_1 \oplus 0^{n-1}1$, and then, given that $C_2 = E_k(N_2 \oplus 0^{n-1}1)$:
$$
\begin{align}
C_2 &= E_k(N_1 \oplus 0^{n-1}1 \oplus 0^{n-1}1) \\
C_2 &= E_k(N_1) \\
C_2 &= E_k(N_1 \oplus 0^n) \\
C_2 &= C_1
\end{align}
$$
If $N_1$ is odd, its least sigificant bit is $1$, $N_2$'s is $0$, and $N_3$ differs from $N_2$ only in its LSB: $N_3 = N_2 \oplus 0^{n-1}1$. So given that $C_3 = E_k(N_3 \oplus 0^n)$:
$$
\begin{align}
C_3 &= E_k(N_2 \oplus 0^{n-1}1 \oplus 0^n) \\
C_3 &= E_k(N_2 \oplus 0^{n-1}1) \\
C_3 &= C_2 \\
\end{align}
$$
