French SMEs victims of cyber attacks

Back to page
Newsletter
Mélanie Lebrun
30/9/2024

Hello ️🎒,

I'll see you again for the September edition of Récap'IT.

The start of the new school year has been marked by cyberattacks and the [long-awaited] announcement of the new government.
We also have lots of news to share, so why not join us for our upcoming webinar on October 10 or visit us at the Identity Days trade show on October 22? Come and meet us!

📅 Today's agenda:

Youzee, mascot of récap'IT

French companies are prime targets

  • The latest news
  • Cyberattack on the London Underground
  • Pioneers
  • The miscellaneous section
  • Cyberattacks of the month
  • News at Youzer

👉 Go !!

Before we start, I invite you to follow us 👉

­

🎯 French companies are prime targets

As you have seen recently, and as you will see again in this newsletter, the number of cyberattacks in France is increasing significantly.

In 2024, the cybersecurity situation of French companies is cause for concern.

Approximately 49% of French SMEs have already been victims of a cyberattack. The sectors most affected are commerce (75%), industry (65%), and agriculture (58%), while the service sector appears to be less affected (30%). These attacks have serious consequences, with 29% of affected SMEs reporting disruption or a complete shutdown of their services.

The types of attacks vary, including ransomware and financial data theft. The impact of these attacks is considerable, with 92% of French companies reporting that they have paid a ransom to recover their data. This is often a dangerous game, as companies may recover some of their data (or none at all). In some cases, they do not have time to identify and patch the initial vulnerability, which is then exploited again in a new cyberattack. In addition, 80% of organizations have been affected by data loss within a year.

Faced with these threats, SMEs are adopting various protection strategies:

  • 82% have antivirus software
  • 80% have implemented firewalls
  • 72% use multi-factor authentication (MFA)
  • 71% have adopted endpoint protection systems (EDR)
  • 70% use email filtering solutions

Despite these measures, significant challenges remain:

  1. Post-incident responsiveness: Significant investments in cybersecurity are often made after a first successful attack.
  2. Prior awareness: Proactive prevention of cyber incidents remains an area for improvement.
  3. Dependence on past events: SMEs that have already been attacked are more likely to take enhanced measures.

Although French companies are becoming increasingly aware of cyber risks and adopting protective measures, the threat remains high and constantly evolving, requiring continuous vigilance and adaptation.

Sources: Le Siècle Digital article 1, article 2, and article 3, L'informaticien

French SMEs are prime targets for cyberattacks

Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news

Receive IT news

📰 Hot news

This is a bit of a special section. I couldn't decide on a specific topic, as there were several small points that seemed important to me. So let's get started with the latest news!

NIS 2 :

Transposition into French law is coming soon, on October 17. Vincent Strubel, Director General of ANSSI, explained that he did not want to rush into applying sanctions. He said that there would be no sanctions during the first three years.

A portal has been set up but is still under construction. Its purpose is to help companies and organizations take ownership of the implementation of NIS2.

Kaspersky:

Kaspersky is banned from US soil and is no longer allowed to send updates after September 29. They were required to transfer their US customers to a US company... Users were surprised to see a somewhat abrupt update from Kaspersky on their computers, which disappeared and was replaced overnight by UltraAV, a completely unknown brand. To top it all off and reassure everyone, Kaspersky uninstalled itself and UltraAV installed itself without asking for consent. This shows how much control Kaspersky had over computers. The former director of cybersecurity at the US National Security Agency tweeted: "They had total control of your machine."

Kaspersky becomes UltraAV

­

🚇 Cyberattack on the London Underground

You will have noticed that Transport for London (TfL) suffered a major cyberattack this month.

On September 1, the transport organization fell victim to a major cyberattack. Cybercriminals successfully deployed ransomware on TfL's systems, compromising the security of its IT infrastructure. As is often the case, the company downplayed the attack but was forced to revise its position a few days later and admit that sensitive information had been stolen.

The internal investigation revealed that the hackers managed to obtain:

  • Names and contact details of users
  • Email and physical addresses
  • Bank account numbers and routing codes

This data leak is massive, given that London's public transport system carries more than one billion passengers annually.

The transportation agency responded quickly by blocking access to its systems to prevent further intrusion, collaborating with government agencies, and restricting access to internal systems for staff.

The investigation is still ongoing, but a 17-year-old man was quickly arrested following the attack.

Transportation was not affected by this cyberattack, but the administrative side was.

This case highlights the importance for organizations such as Transport for London to prepare in advance, as they are prime targets. Their responsiveness, communication, and ability to surround themselves with government agencies enabled them to weather this crisis while minimizing the impact on their operations and public confidence.

Source: tflemployee, BBC, The Register

Cyberattacks on the London Underground

☠️ Pioneers

In 1986, a simple accounting error of 75 cents triggered one of the first hacker hunts in history.

Clifford Stoll, an astronomer turned system administrator, embarked on an investigation that would last 10 months and uncover an international espionage operation. Stoll implemented pioneering techniques to track down the intruder:

  • It connects terminals to the laboratory's 50 telephone lines.
  • He created the first SIEM by carefully analyzing activity logs.
  • He invented the concept of honeypots by creating a fake research department.

The investigation reveals that the hacker, later identified as Markus Hess based in Hanover, exploits a flaw in GNU Emacs to gain superuser access. He targets sensitive military information, particularly on the Strategic Defense Initiative (SDI) program, and sells this data to the KGB.

This case marks a turning point in the awareness of cyber threats. It demonstrates the vulnerability of computer systems at the time, when default passwords sometimes allowed access to sensitive military networks.

It was one of the world's first cyberattacks, and both the hacker and the administrator took actions that were incredibly innovative for the time!

Source: LinkedIn

Clifford Stoll dismantles the first hack in history

Would you like to receive our white paper on identity and access management?

We have been unable to confirm your request.
Your request for a white paper has been taken into account.

Collage

  • Following the arrest of Pavel Durov, CEO of Telegram, a number of criminal users, such as hackers and drug traffickers, are beginning to delete their accounts or migrate their contacts to other encrypted messaging apps. These users are expressing concerns about the security of their data on Telegram and fear that their information may be accessible to the authorities. Some are turning to platforms such as Signal and Session, which offer enhanced privacy protection. Messages exchanged on Telegram reveal that criminal groups are encouraging their members to join these alternatives to stay safe.
    This comes just as Durov agrees to facilitate work with investigators and moderate his platform.
    Telegram has removed certain problematic features and updated its policy on reporting illegal content.
    What a coincidence.
    Paid source: 404media
  • North Korean IT workers are posing as Americans to land high-paying remote jobs, using the salaries to fund their country's missile program. They have secured positions at more than 300 American companies, using stolen identities and VPNs to mask their location. US authorities recently charged several people linked to the scheme, which is believed to have generated $6.8 million. The growing use of technologies such as AI and deepfakes is making these scams harder to detect. When I saw this tweet, I thought it was a hoax, but it seems to be real. The person says they haven't heard from their contact since.
    Source: Axios and X
exchange with North Korean employees

­

☠️ Cyberattacks of the month

Meilleurstaux: The brokerage specialist has just alerted its customers to a cyberattack. The company reports that it has detected an external attack in which hackers were able to steal sensitive data.

Boulanger: 27 million customer records are for sale following a cyberattack. Although Boulanger downplayed the significance of the theft, saying that "only delivery addresses" were stolen,it turns out that the hacked data is very comprehensive.

Cultura: 2.6 million customers affected by cyberattack. Never change a winning team: it's the same hacker who attacked Boulanger. This person is also selling databases from Truffaut, Divia, and pension insurance data.

SFR: the company was the victim of a major cyberattack exposing personal data (bank details, phone numbers, order details, etc.). 50,000 files affected, weeks to notify customers... 🟥 That deserves a red card.

Cybertek and Grosbill: an intrusion has been detected, data may have been stolen. 600,000 accounts could be affected.

Kiabi: suffered a major financial fraud. Not a cyberattack, but a colossal loss of €100 million.

The municipality of Eschau: has been the victim of a cyberattack. Certain documents cannot be accessed, email services have been interrupted, and some civil registry services have been affected.

Network Rail: this government body responsible for rail infrastructure in England suffered a rather unusual cyberattack, with no data stolen. However, alarming messages about terrorist attacks were broadcast in 19 stations across the country.

­

What's new at Youzer?

User Governance: 10 Keys to Automating Account Management

We are hosting a webinar to explore the key challenges of user governance in the context of Identity Governance and Administration (IGA).

You will learn how to effectively manage the identity lifecycle, including user onboarding, transfers, and departures. We will also address security challenges related to orphan accounts and access control configuration errors.

The focus will be on the importance of a centralized identity repository and the application of the principle of least privilege to enhance security.

This webinar is designed for IT professionals and security managers, offering practical insights to optimize identity management and improve your organization's security posture.

Thank you for reading me this far!

Any feedback, want to discuss a project?

I'm here for that 👋.

We've sent you the newsletter and you think it's great? Sign up here 👇

Sign me up for Récap'IT

Sharing this newsletter is what keeps it alive!

Nokia 3310 that still has battery power

Linkedin Melanie Lebrun

Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!

I'm Mélanie and I'm Youzer's marketing manager.

About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP 🧙🏼.
I do running and collective sport roller (don't look for it, it's dangerous).