Feb 28 2024

Industrial Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics

https://www.infosecurity-magazine.com/news/cyber-espionage-france-2024/

France’s National Cybersecurity Agency (ANSSI) observed a significant rise in cyber espionage campaigns targeting strategic organizations in 2023.

These operations are increasingly focused on individuals and non-governmental structures that create, host or transmit sensitive data, ANSSI observed in its 2023 Cyber Threat Landscape report, published on February 27, 2024.

Besides public administration, the primary targets of cyber espionage activity included organizations associated with the French government, such as technology and defense contractors, research institutes and think tanks.

Overall, cyber espionage remained the top cyber threat ANSSI’s teams dealt with in 2023.

ANSSI has also noted an increase in attacks against business and personal mobile phones aimed at targeted individuals.

There has also been an upsurge in attacks that have used methods publicly associated with the Russian government.

“These attacks are not limited to mainland French territory: in 2023, ANSSI dealt with the compromise of an IT network located in a French overseas territory using an attack modus operandi publicly associated with China,” reads the report.

30% Rise in Ransomware

Meanwhile, financially motivated attacks were also on the rise, with an observed 30% increase in ransomware attacks compared to 2022.

Monthly and yearly breakdown of ransomware attacks reported to ANSSI in 2022 (in blue) and in 2023 (in green). Source: ANSSI
Monthly and yearly breakdown of ransomware attacks reported to ANSSI in 2022 (in blue) and in 2023 (in green). Source: ANSSI

Small and medium enterprises (SMEs) and mid-sized businesses were the most targeted organizations, representing 34% of all cyber-attacks observed by ANSSI in 2023. Local administration came second, suffering 24% of all attacks in 2023.

In total in 2023, ANSSI recorded 3703 cyber events, 1112 of which were labeled as cyber incidents. In 2022, it recorded 3018 cyber events, including 832 cyber incidents.

The latest version of the LockBit ransomware, LockBit 3.0 (aka LockBit Black), was the most used malware in financially motivated cyber-attacks in 2023, taking over previous ransomware versions from the same threat group that dominated the ransomware landscape in 2022.

Top Ransomware versions detected by ANSSI in cyber-attacks targeting French organizations. Source: ANSSI
Top Ransomware versions detected by ANSSI in cyber-attacks targeting French organizations. Source: ANSSI

Read more: LockBit Takedown – What You Need to Know about Operation Cronos

Software Supply Chain Vulnerabilities Rule Supreme

Overall, 2023 has seen significant changes in the structure and methods of attackers. They are perfecting their techniques in order to avoid being detected, tracked, or even identified.

“Despite efforts to improve security in certain sectors, attackers continue to exploit the same technical weaknesses to gain access to networks. Exploiting ‘zero-day’ vulnerabilities remains a prime entry point for attackers, who all too often still take advantage of poor administration practices, delays in applying patches and the absence of encryption mechanisms,” reads the report, translated from French to English by Infosecurity.

The top five vulnerabilities exploited by threat actors to compromise French organizations’ IT systems in 2023 include flaws in VMWare, Cisco, Citrix, Atlassian and Progress Software products.

These include the Citrix Bleed and the MOVEit vulnerabilities.

Read more: MOVEit Exploitation Fallout Drives Record Ransomware Attacks

Pre-Positioning Activities on ANSSI’s Radar for 2024

Finally, in a tense geopolitical context, ANSSI noted new destabilization operations aimed mainly at promoting a political discourse, hindering access to online content or damaging an organization’s image.

“While distributed denial of service (DDoS) attacks by pro-Russian hacktivists, often with limited impact, were the most common, pre-positioning activities targeting several critical infrastructures in Europe, North America and Asia were also detected.

“These more discreet activities may nevertheless be aimed at larger-scale operations carried out by state actors waiting for the right moment to act,” the report explained.

Vincent Strubel, ANSSI’s director general, commented: “While financially motivated attacks and destabilization operations saw a clear upturn in 2023, it was once again the less noisy threat, which remains the most worrying, that of strategic and industrial espionage and pre-positioning for sabotage purposes, which mobilised the ANSSI teams the most.”

These geopolitically driven threats will particularly be on ANSSI’s radar in 2024, as Paris is prepares to host the 2024 Olympic and Paralympic Games.

Spy in your Pocket….

An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime

Tags: 2024 Paris Olympics, Pegasus, Spy in Your Pocket