Recent cyberattacks against the FFF, France Travail and mutual societies offer a “fresh” database that cybercriminals could exploit in view of the Olympic Games in Paris this summer.
Is there still a French citizen who is not affected by data leaks? On March 26, the French Football Federation admitted to having been the victim of a cyberattack, exposing the data of 1.5 million people (at least). The information has been on sale for a week on a hacker forum. In February, it was France Travail, the former Pôle Emploi, which suffered a major data breach, with 43 million people affected. In January, 33 million people were affected after a cyberattack against two third-party payment operations.
Advertisement
Is France particularly targeted or is it just pure criminal opportunism? “ We are not seeing a spike in cyberattacks. The pressure is still strong on public and private actors, particularly in connection with the current conflict context, but we are not seeing a strong increase in attacks either, including in the critical circle of the Olympic Games. », Tells us Vincent Strubel, the director general of ANSSI, the National Agency for Information Systems Security.
On the other hand, the question of data reuse after this cyberattack is more worrying. Databases containing the information of French citizens have been on sale for many years. But (good) cybercriminals work based on current events, and an event of the magnitude of the Olympic Games is a perfect opportunity to recover a lot of information and enrich themselves.
Phishing SMS and emails linked to the Olympic Games
Hackers will first turn to the “freshest” data leaks to carry out their phishing campaigns. Phishing messages for the period of the Olympic Games will necessarily be based on ticketing, sporting events or all related elements: online broadcasting, transport disruptions, reception of tourists.
“ The data leak from a sports organization could perfectly be exploited when the time comes to target members with emails or SMS messages related to sport or events that might interest them », predicts Jérome Notin, the general director of the “Cybermalveillance.gouv.fr” platform who calls for vigilance for this period. Also note that the FFF database was quickly put up for sale on openly accessible forums.
Advertisement
The traps are also made to be more convincing and more qualitative thanks to generative AI models. “ Before, the cybercriminal had to think about the structure of the email and the formulas used. By giving context to the AI, it will write a much more convincing email and the program will take care of sending the 100,000 messages to the right people », Explains Arnaud Gardin, technical director and co-founder of the company Anozr Way.
“ We must think about increasing the level of caution of the general public, but also of people involved in the Olympics, of athletes, who will also be targeted and can fall into a trap, while their attention is focused on the event », Adds the cyber expert. So let’s hope our champions are pretty cybersecurity-aware.