France’s Nationwide Cybersecurity Company (ANSSI) noticed a big rise in cyber espionage campaigns focusing on strategic organizations in 2023.
These operations are more and more centered on people and non-governmental buildings that create, host or transmit delicate knowledge, ANSSI noticed in its 2023 Cyber Risk Panorama report, revealed on February 27, 2024.
Apart from public administration, the first targets of cyber espionage exercise included organizations related to the French authorities, comparable to expertise and protection contractors, analysis institutes and assume tanks.
General, cyber espionage remained the highest cyber menace ANSSI’s groups handled in 2023.
ANSSI has additionally famous a rise in assaults towards enterprise and private cellphones aimed toward focused people.
There has additionally been an upsurge in assaults which have used strategies publicly related to the Russian authorities.
“These assaults should not restricted to mainland French territory: in 2023, ANSSI handled the compromise of an IT community situated in a French abroad territory utilizing an assault modus operandi publicly related to China,” reads the report.
30% Rise in Ransomware
In the meantime, financially motivated assaults had been additionally on the rise, with an noticed 30% improve in ransomware assaults in comparison with 2022.
Small and medium enterprises (SMEs) and mid-sized companies had been essentially the most focused organizations, representing 34% of all cyber-attacks noticed by ANSSI in 2023. Native administration got here second, struggling 24% of all assaults in 2023.
In complete in 2023, ANSSI recorded 3703 cyber occasions, 1112 of which had been labeled as cyber incidents. In 2022, it recorded 3018 cyber occasions, together with 832 cyber incidents.
The most recent model of the LockBit ransomware, LockBit 3.0 (aka LockBit Black), was essentially the most used malware in financially motivated cyber-attacks in 2023, taking on earlier ransomware variations from the identical menace group that dominated the ransomware panorama in 2022.
Learn extra: LockBit Takedown – What You Have to Learn about Operation Cronos
Software program Provide Chain Vulnerabilities Rule Supreme
General, 2023 has seen vital modifications within the construction and strategies of attackers. They’re perfecting their strategies with a purpose to keep away from being detected, tracked, and even recognized.
“Regardless of efforts to enhance safety in sure sectors, attackers proceed to use the identical technical weaknesses to realize entry to networks. Exploiting ‘zero-day’ vulnerabilities stays a main entry level for attackers, who all too typically nonetheless make the most of poor administration practices, delays in making use of patches and the absence of encryption mechanisms,” reads the report, translated from French to English by Infosecurity.
The highest 5 vulnerabilities exploited by menace actors to compromise French organizations’ IT methods in 2023 embody flaws in VMWare, Cisco, Citrix, Atlassian and Progress Software program merchandise.
These embody the Citrix Bleed and the MOVEit vulnerabilities.
Learn extra: MOVEit Exploitation Fallout Drives Document Ransomware Assaults
Pre-Positioning Actions on ANSSI’s Radar for 2024
Lastly, in a tense geopolitical context, ANSSI famous new destabilization operations aimed primarily at selling a political discourse, hindering entry to on-line content material or damaging a corporation’s picture.
“Whereas distributed denial of service (DDoS) assaults by pro-Russian hacktivists, typically with restricted affect, had been the commonest, pre-positioning actions focusing on a number of crucial infrastructures in Europe, North America and Asia had been additionally detected.
“These extra discreet actions could nonetheless be aimed toward larger-scale operations carried out by state actors ready for the best second to behave,” the report defined.
Vincent Strubel, ANSSI’s director basic, commented: “Whereas financially motivated assaults and destabilization operations noticed a transparent upturn in 2023, it was as soon as once more the much less noisy menace, which stays essentially the most worrying, that of strategic and industrial espionage and pre-positioning for sabotage functions, which mobilised the ANSSI groups essentially the most.”
These geopolitically pushed threats will notably be on ANSSI’s radar in 2024, as Paris is prepares to host the 2024 Olympic and Paralympic Video games.
ANSSI’s report depends on quite a lot of sources. These embody:
- Cyber occasions detected by the company (23% of all cyber occasions noticed)
- Cyber occasions collected from open supply knowledge (21%)
- Cyber occasions reported by ANSSI’s nationwide companions (18%)
- Cyber occasions which have been reported by sufferer organizations to the company (10%)
- Cyber occasions which have been reported by sufferer people to the company (10%)
- Cyber occasions reported by ANSSI’s worldwide companions (5%)
