In its overview of cyberthreats, published this Tuesday, February 27, the National Information Systems Security Agency (Anssi) warned of the significant increase in cyberthreats of all types in France. In 2023, it reported 1112 security events confirming “that a malicious actor successfully carried out malicious actions on the victim's information system”. A figure up 33% compared to 2022.
Cybercriminals who target “the most fragile” actors
Of all the security events of which Anssi is aware, 23% come from its means of supervision, investigation or scans. The rest of the events are identified by open sources (21%), national (18%) and international partners, individuals, or by the victims themselves.
Advertisement
Regarding for-profit attacks, Anssi notes 143 ransomware attacks in 2023, or 30% more than in 2022, with a peak observed in February (more than 20 intrusions). “These attackers intervene massively, to catch everything they can, and in particular the most fragile, underlines Vincent Strubel, general director of Anssi, in a meeting has Franceinfo. What we see in this panorama is in particular SMEs which are attacked, communities, health establishments… But also associations, which cannot necessarily pay a ransom.”
In 2023, 34% of ransomware victims were VSEs, SMEs or ETIs (40% in 2022), 24% local authorities (23% in 2022) and 10% “strategic companies” (6% in 2022). Unsurprisingly, the latest version of the malware used by the LockBit group, LockBit 3.0, is in first place among ransomware strains in incidents reported to Anssi (22 incidents), followed by old versions of the same malware and by the malware developed by ALPHV/BlackCat. On February 19, an operation led by authorities in eleven countries dismantled the LockBit ransomware gang, although it resurfaced this weekend.
Industrial espionage and sabotage, two major concerns
The Agency “believes today that attackers known to be linked to ChinaRussia and the cybercriminal ecosystem constitute the three main threats”. These attacks, often carried out by pro-Russian hackers, can result in the form of denial of service (DDoS), as was the case for the Senate in March and May 2023.
However, the most worrying threat remains “that of strategic and industrial espionage as well as prepositioning for sabotage purposes”, adds Vincent Strubel. Although no sabotage action has so far been observed on French soil, the report specifies that “this type of attack has been used against Ukrainian media, government entities and telecommunications companies”Who “could have been coordinated with kinetic actions carried out by the Russian army”.
Advertisement
Be ready for the Olympics
The organization also warns against intrusion techniques by cybercriminals, such as the exploitation of 0-day vulnerabilities (unknown flaw or one that has not yet received a patch) or 1-day (when a patch is available , but was not deployed by the user). She emphasizes that the attackers take advantage “poor administration practices, delays in patching, and lack of encryption mechanisms”.
Anssi was finally entrusted with the management of the cyberattack prevention strategy, with a view to Paris Olympics, which begins in 150 days. In this context, it will carry out security actions with the actors involved (audits, technical support, access to tools), awareness-raising (dissemination of good practices), as well as a system for monitoring, alerting and processing incidents. “We will be ready when the time comes,” assures Vincent Strubel. A major challenge: during the Tokyo Olympics in 2021, 450 million attempted cyberattacks were detected.
Selected for you