Hello ️🥶,
I'll see you again for the November edition of Récap'IT.
That's it, my cold-sensitive friends, the harsh season is upon us. I love snow, and I got my fill with 15-20 cm of snow in my department (IDF), but I can't get used to the cold.
November was really tough in terms of cyberattacks. I feel like I say this every month, but no, I do say it every month.
I feel like I'm promoting HIV prevention, but anyway: protect yourself ;)
📅 Today's agenda:
👉 Go !!
Before we start, I invite you to follow us 👉️
Between January 2021 and August 2024, ANSSI identified 46 entities in the water management sector affected by security incidents in France.
Among these entities, 12 are regulated operators, accounting for 34% of the security incidents handled. It should be noted that seven of these entities were involved in multiple security incidents during the period studied.
The water sector is very heterogeneous, which makes it particularly vulnerable. It includes a variety of entities (public utilities, intermunicipal associations, private or mixed companies) of varying sizes and with very different levels of cybersecurity maturity. In addition, industrial facilities are often aging and geographically dispersed.
Cyberattacks are obviously carried out for financial gain (needless to say), and Lockbit had targeted BRL (a water management company in the Lower Rhône and Languedoc regions). The SIAAP (the public sanitation service for the Paris region) was alerted in November 2023 to a highly structured attack.
ANSSI highlights the main vulnerabilities in the water sector in France, particularly the widespread use of remote management and poorly secured protocols for industrial control systems.
The geopolitical context amplifies these risks, as demonstrated by a false alarm attack in March 2024 (the cyberattackers thought they had targeted the Courlon-sur-Yonne hydroelectric power plant but had actually targeted a private individual's mill 🤭).
To counter these threats, ANSSI recommends a comprehensive approach to cybersecurity, including strengthening protocols, authentication, and access control, as well as compartmentalizing systems and securing the supply chain.
Source: Le Monde de l'Informatique
Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news
Cyber-IT magazine interviewed the former head of ANSSI.
What emerges from this interview is a man of expertise who is very humble in the face of positions of great responsibility.
To quickly summarize his career, Guillaume Poupard is a graduate of the École Polytechnique and the École Normale Supérieure in Paris. He began his career at the Central Directorate for Information Systems Security, then moved to the Ministry of Defense, before being appointed director of ANSSI. Today, he is deputy CEO at Docapost.
An event that made a lasting impression on him at ANSSI: in 2017, the WannaCry ransomware, a particularly virulent piece of malware, claimed 230,000 victims in just a few hours. Mr. Poupard decided to raise awareness as widely and quickly as possible and gave 25 interviews over the weekend.
What he likes about Docapost is working on an offer in a team to meet challenges for a private sector company, which is new to him.
Regarding the outlook for cybersecurity, G. Poupard highlights the significant progress made by France and Europe in recent years, while remaining vigilant on issues of strategic autonomy, particularly with regard to the United States. He highlights the importance of the human factor in cybersecurity. Finally, he considers that raising public awareness of cyber issues remains a complex challenge, comparing the difficulty to that encountered in road safety campaigns.
Source: Cyber IT
NIS 2 was presented to the Council of Ministers last October for transposition into French law. ANSSI has given companies three years to become compliant with NIS 2.
NIS 2, as we recall, is the European directive on cybersecurity resilience.
A survey conducted by publisher Veeam on European companies reveals the scale of these challenges, particularly in terms of budget and skills.
Compliance with NIS2 has led to a massive reallocation of financial resources. No less than 95% of the companies concerned have had to draw on other budgets to cover compliance costs. Funds initially earmarked for risk management (34%), recruitment (30%), and crisis management (29%) were particularly affected. This situation is all the more worrying given that 40% of companies had already reduced their IT budgets over the previous two years.
The NIS2 directive is viewed with mixed feelings by businesses. Although 90% of respondents said they had experienced at least one security incident in the past year that could have been prevented by compliance with NIS2, only 43% believe that the directive will significantly improve cybersecurity within the EU.
Source: CIO online
Schneider Electric was the victim of a cyberattack: 40 GB of compressed data was stolen.
The hacker Greppy, affiliated with the Hellcat group, which is well known in the cybercriminal world, demanded a ransom that was unusual to say the least:
$125,000 worth of chopsticks!
But since Hellcat is a very nice group, they offered a 50% discount if Schneider Electric publicly admitted the flaw and the data breach.
The hacker began posting screenshots of his haul on X, explaining that he had found a breach in the Jira server (used by the company).
Hacker Greppy announced to BleepingComputer that he was founding a new group specializing in publishing compromises. Their goal is to get companies to admit that their data is poorly secured.
Unfortunately, this is not Schneider Electric's first cyberattack this year, as the company was hit in January.
Source: Journal du Geek
Would you like to receive our white paper on identity and access management?
Okta: In a July 2024 update, the company inadvertently introduced a security flaw in connections to customer accounts. The patch was applied at the end of October.
Nokia: A Nokia subcontractor is reportedly the target of a cyberattack, resulting in the loss of customer data.
Banque de France: internal documents and access to the information system are being sold on the dark web, suggesting that there has been a cyberattack.
SFR: Following the massive cyberattack, there appears to have been a second attack recently, as new data is now for sale.
A Mediboard customer: a healthcare facility using Mediboard, a healthcare software program, was the victim of a cyberattack involving the hijacking of a privileged account.
Auchan: an email was sent to millions of customers to warn them of a cyberattack in which sensitive information was stolen.
Direct Assurance: customer data (including IBANs) is being sold on the dark web, affecting 15,000 customers.
MolotovTv streaming platform: over 10.8 million customer account details stolen.
Amazon: Personal data belonging to Amazon employees was exposed following the hacking of one of its suppliers. Cybercriminals exploited vulnerabilities in the MoveIT file transfer tool.
Picard: the frozen food retailer has warned 45,000 customers of a cyberattack that compromised their data.
License management
5 things to know about poor license management 😣.
▪ There is a significant financial impact.
▪ It leads to shadow IT.
▪ It is very difficult to detect unused licenses.
▪ IT and services purchase licenses, which dilutes negotiations and discounts.
▪ Updates can sometimes be delayed.
We know what's wrong, but what can we do about it? 🤔
You're not going to manage this problem internally; you need a solution.
➡️ You need to scan your IT system to detect orphaned and erroneous accounts in order to find your unused licenses.
➡️ You can also find users who do not log in to applications and whose licenses are running for nothing.
➡️ You need to define a fairly flexible policy for adding applications so that users do not circumvent the rules.
➡️ You need to train your employees on the issues and risks of active and untracked licenses.
We can help you sort things out and see things more clearly during a video call!
👉🏼 Book a demo now so we can show you how Youzer helps with license management.
Thank you for reading me this far!
Any feedback, want to discuss a project?
I'm here for that 👋.
Have you discovered the newsletter and think it's great?
Below is a message from the SFR hacker ⬎ lunaire!
Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!
I'm Mélanie and I'm Youzer's marketing manager.
About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP 🧙🏼.
I do running and collective sport roller (don't look for it, it's dangerous).