Cybersecurity: the threat level remains high

Despite the start of the Russian-Ukrainian conflict, there were no major changes in the IT threat landscape last year, notes the French national agency for information systems security (ANSSI) in its Panorama of the cyber threat 2022: the major trends observed in 2021 have been confirmed, and vigilance is still required.

"The general level of the threat will be maintained in 2022 with 831 proven intrusions, compared with 1082 in 2021", writes the ANSSI in its annual reportpublished in February. It stresses that this lower number "should not be interpreted as a reduction in the level of the threat".

ENHANCED ATTACK CAPABILITIES TO SERVE THE SAME OBJECTIVES

As large structures are better protected, attackers are moving away from them (with the exception of hospitals) to concentrate on "peripheral targeting": "service providers, suppliers, subcontractors, regulatory bodies and the wider ecosystem of their final targets".

The ANSSI notes that "the convergence of tools and techniques used by the various attacker profiles will continue in 2022", which poses "difficulties in characterising the threat", since "state attackers will continue to use codes and methods traditionally employed in the cybercriminal world". This is the case with ransomware, which is used to sabotage IT structures and destabilise their adversaries, as was the case with Iran's attack on Albania in July.

Ahead of financial gain and destabilisation, computer espionage remains the category of threat that most solicited the ANSSI teams in 2022, with China in the background. "As in 2021, the majority of computer espionage cases handled by the agency once again involved operating modes associated with open source China", accounting for 9 of the 19 cyber defence operations for major incidents carried out in 2022. "These repeated intrusions of foreign operating modes demonstrate an ongoing effort to break into the networks of strategic French companies."

RUSSIA DEPRIVES THOUSANDS OF FRENCH CITIZENS OF THEIR MEANS OF COMMUNICATION

As for the Russian invasion of Ukraine, it "provided a context conducive to an increase in destabilisation actions in Europe. ANSSI has observed distributed denial of service attacks, computer sabotage and information operations based on compromised information systems."

Although the sabotage was mainly confined to Ukraine, an operation attributed to Russia by the European External Action Service had consequences in France: on the night of 23 to 24 February 2022, the attack on ground equipment in the KA-SAT satellite network belonging to the American company Viasat "deprived several thousand French citizens living in white zones of a means of communication with the emergency and rescue services. Public structures and numerous companies using this service were also affected. It could take up to several months for some French customers to return to normal operation.

THE SAME WEAKNESSES EXPLOITED TIME AND TIME AGAIN

In terms of targets, as in the previous year, small and medium-sized enterprises (VSEs, SMEs and ETIs) remain the top target category for ransomware attacks, but their share of all targeted entities has fallen from 51% to 40%. This was mainly at the expense of local and regional authorities, which rose from 19% to 23%, and public health establishments, which jumped from 3% to 10%. 6% of these attacks in 2022 concerned strategic companies, which are obviously targeted for espionage purposes.

The report states that "during the first half of 2022, the ANSSI dealt with the in-depth compromise of the information system of a specialised supplier in the defence sector, whose know-how is capable of arousing the interest of a foreign government". The supplier in question is not named.

"Uncontrolled digital uses and weaknesses in data security continue to provide attackers with too many opportunities", deplores the ANSSI. "The use of Cloud and the outsourcing of services to digital services companies, when not accompanied by appropriate cybersecurity clauses, represent a significant threat".

Like attacks on the supply chain (supply chain) of the targets, which constitute "a systemic risk". Finally, the fact that "many organisations do not apply patches to discovered vulnerabilities in time" leaves attackers with an opportunity to exploit them.

WHAT ARE THE SOLUTIONS?

To deal with the cyber threat, the ANSSI recommends rigorously applying the recommendations in its "computer hygiene guide"And, of course, to update their systems just as assiduously. The fight also involves raising awareness among the teams of the various entities likely to be targeted, and among individuals.

This is one of the agency's missions, which it also carries out via the public platform Cybermalveilance.gouv.frchaired by the Director of ANSSI. Its business reportunveiled on 23 March, details all the forms of attack reported by French Internet users. New for 2022 are scams involving fake bank advisers and fake bank details.

Teams from this reporting and assistance platform have also been involved in training the first French gendarmerie e-compagnie, whose training ended on 24 February 2022 at the Chaumont Gendarmerie School. Three new e-companies were to be trained in the next intake. A means of better disseminating digital culture and cyber security.

In conclusion, the new Director General of the ANSSI, Vincent Strubel, appointed at the beginning of JanuaryAs France prepares to host major events such as the Rugby World Cup in 2023 and the Paris Olympic and Paralympic Games in 2024, we must all be more vigilant and more responsible in tackling this threat together".