The year 2021 was marked by large, high-profile cyberattacks in France, prompting the President of the Republic Emmanuel Macron to react personally in February. Many companies remain highly exposed to cyber threats, foremost among which are ransomware, according to the cybermalveillance.gouv.fr activity report published on March 8.
The cybercriminal ecosystem has become more professional
Cybermalveillance.gouv.fr, in charge of supporting non-critical structures in France, notes that “ ransomware remains the number one threat targeting professionals in 2021 with 1,945 requests for assistance, including 1,633 from companies and 312 local authorities. That is an increase of 95%.
Google formalizes the acquisition of Mandiant for 5.4 billion dollars
Individuals, less financially endowed, and communities with less leeway vis-à-vis the state represent less attractive targets for pirates. Companies alone represent 61% of searches for assistance by this type of attack.
Requests for assistance from cybermalveillances.gouv.fr by public. Credit: cybermalveillances.gouv.fr
To explain this disproportion, the National Information Systems Security Agency (ANSSI) remember that the threat remains mostly opportunistic and looks for insecure targets, with significant financial resources and not supporting a break in activity “.
Guillaume Poupard, Director General of ANSSI, welcomes an increase in efforts to deal with cyber threats, but recognizes that ” the year 2021 was undoubtedly the subject of a professionalization of cyberattacks “. Past financial gains have allowed the cybercriminal ecosystem to mature.
The ransomware industry operates with a separation of duties between each stage of an attack. The phenomenon does not date from 2021, but is confirmed. Some provide malicious codes, others provide anonymity, still others provide access to compromised networks, money laundering services intervene, and so on.
Segregation of duties during a Lockean Group ransomware cyberattack. ANSSI credit
In its panorama of cyber threats for 2021, ANSSI points to two means of access to the targeted system that were used during the year. The passage through the “Supply Chain”, a software publisher for example, to infect its customers. This was the route taken by the Kaseya Pirates.
The other access point is the cloud. The adoption of cloud solutions has multiplied thanks to the health crisis, without security measures following sufficiently. The Agency warns that ” The lack of mastery of the infrastructure and the strong dependence on the service provider, as well as sometimes opaque methods of sharing responsibility can constitute an additional obstacle in the event of a compromise. “.
Ransomware, but not only
Alongside ransomware, cybermalveillance.gouv.fr reports numerous searches for assistance for account hacking (18%) or for phishing (13%).
The ranking of support searches from companies. Credit: cybermalveillance.gouv.fr
In the first case, it is bank accounts that most interest hackers. The platform points out, however, that the European directive DSP2 on the security of means of payment has complicated their task. Email accounts, on the other hand, are increasingly popular.
Users often leave behind administrative documents, payslips, tax notices, banking information… So much valuable information for hackers to usurp the identity of their victim.
Phishing remains a must, it alone represents more than 50% of visits to the cybermalveillance.gouv.fr platform. Individuals are the first to be confronted with it, but businesses and administrations are no exception, because it is one of the easiest techniques to implement and the most profitable.
Too many users continue to be fooled by an email or an SMS, encouraging them to provide confidential information or click on a corrupted link. It is one of the vectors used to hack accounts or introduce ransomware into a system. Text messages are particularly effective thanks to their more intimate character. It should be increasingly used to deceive victims.
Cybersecurity remains a constant race where hackers will constantly seek to circumvent the measures taken by their victims. Nevertheless, cybercriminals aiming for profit seek above all profitability by targeting the least protected information systems, hence the need for companies to equip themselves accordingly, ” it is by strengthening the cybersecurity of every part of society, from individuals to businesses, that we will collectively ensure our protection », insists Guillaume Poupard.