Hello 🌧️,
I'll be back for the May issue of Récap'IT, but with the weather in the IDF, I feel more like I'm writing the March issue.
In this newsletter, I analyze the aftermath of cyber attacks.
📅 O n the program today:
👉 Go!!
Before we begin, I invite you to follow us 👉️
Lately, I've been talking about and reporting on the cyberattacks of the past month. Except that we don't often have the aftermath of cyber attacks.
So let's take a look back at the experience of structures that have been hacked.
Saint-Nazaire agglomération :
On the night of April 10-11, 2024, Saint-Nazaire agglomération suffered a major cyber attack. The agglomeration wakes up with its IS paralyzed.
The ANSSI is called immediately and a crisis unit is set up immediately.
Experts note that it takes around 2 years to fully recover from large-scale cyberattacks. For the time being, the teams and the mayor of Saint-Nazaire are rather optimistic, and are talking in months.
Bondy and Saint-Nazaire Agglomération:
Bondy had suffered a cyber-attack in November 2020, services had been at a standstill and the municipality had had the most urgent ones restarted.
But today, it's the bills that couldn't be digitized that are being issued, and families (who hadn't set aside the money) find themselves having to pay large bills.
In Saint-Nazaire, the story is the same: "no water or sanitation bill, and no bill since March for leisure centers, catering, after-school care and crèches".
Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the latest news.
I attended a conference at the cyber show in Paris, where Colonel Jean-François Laloyer (cybersecurity expert), Ayoub Sabbar (founder of Ornisec and former president of Clusir Bretagne) and Marc Bothorel (founder of CPME) reminded us of some important concepts.
Vincent Strubel, Director of ANSSI, has a very explicit phrase:
"You don't have to be a target to be a victim."
Today, the hacking market is largely democratized, and barriers to entry are falling. Anyone with a little technical know-how can hack into a company.
Lockbit is well known for renting out SaaS software for cyber-attacks (Malware as a Service).
This is one of the objectives of NIS 2: before, we secured a perimeter; today, we're going to secure the entire IS.
The big question for SMEs is why would a hacker be interested in us?
Because you have data!
Data is expensive. Experts at the conference explained that a patient file in the US sells for several hundred or even thousands of dollars.
Do you have to pay if you're hacked?
All three experts were adamant on this point: no, and for several reasons.
In the past, hackers had an "ethic" and the company always recovered its data and that was that. Only 20% of companies pay, and this figure continues to fall.
How can I protect myself?
We need to tighten up the network, and think about the environment, rights and access. We need to draw up and pass on an IT charter setting out what is permitted and what is not (BYOD?).
You need to be prepared, whatever your size. Anti-virus and anti-spam software are important, as are updates as soon as they become available.
Please note that RCPro does not cover cyber-attacks, so you need to take out specific insurance.
Final tip:
If you are the victim of a cyber-attack, don't act alone. There are a number of steps you need to take to avoid destroying evidence.
File a complaint or a declaration with ANSSI or CNIL, depending on your size and the seriousness of the situation.
Check out the cybermalvaillance.gouv.fr website, which has some excellent guides.
Just a reminder: once cyber protection is in place, it doesn't cost much compared to a cyber attack.
This is the increase in the cost of cybercrime worldwide, while spending has risen by 'only' 78%.
In figures, this represents $150 billion in protection and $9,100 billion in the cost of a cyberattack.
In recent years, the increase has been around $1,000 billion a year.
These figures make my head spin.
Source : Breizh.info
Have you heard of Recall? Microsoft's latest feature. After so many breaches and attacks, Microsoft had the good idea of spying on and safeguarding its users' data.
How does Recall work?
Recall takes screenshots of the active window every few seconds, recording Windows activity for three months by default.
Screenshots are analyzed by a neural processing unit (NPU) and an AI model to extract data, which is then saved in a semantic index locally on the device.
Data is encrypted with BitLocker and not shared with other users of the same device.
What's the point of Recall?
Recall enables users to easily retrieve information or documents they have previously consulted. By taking regular screenshots of active window activity, users can search this history and quickly retrieve data without having to remember exactly where it is stored.
Thanks to semantic indexing and AI analysis, users can perform natural language searches to find specific content. This simplifies information retrieval compared with manual navigation through folders and files.
Of course, Recall isn't universally acclaimed, and the cyber community isn't a fan. If screenshots are hacked, it's literally a gold mine.
This feature will not be available on all PCs, but will be activated when the PC is opened...
Here are a few comments:
"Recall is CLEARLY malware designed and distributed by Microsoft."
"Yep and the first thing you do is either uninstall CP and/or of its services & dependants (if micro$haft allow), or disable it in the registery and group policy. For the majority of users this is very HARD PASS."
Source : Bleepingcomputer
Would you like to receive our white paper on identity and access management?
Ticketmaster : just as I'm finishing this newsletter, and it's not pretty. It includes data such as: surname/first name, email address, postal address, telephone number, full bank details (credit card number - type of card, etc.), the user's financial transactions.
➡️ The hacked data appears to stretch from 2011 to 2024, that's +13 years of data! 🤯
Christie's: hackers threaten to reveal the company's financial data. Customer data has been stolen, but no one knows exactly what has been extracted.
New Caledonia: suffered a major cyber attack " Millions of emails were sent simultaneously to an email address whose purpose was to saturate the network and render it inoperative".
Pau airport and business school: following a cyber attack, their services were disrupted.
Coradix-Magnescan: the radiology group was affected.
The Swiss Baccalaureate: a cyberattack has taken place, 2018 data has been hacked. Some screenshots show more recent dates and the disclosure of exams, but the official website only acknowledges the theft of 2018 data.
Reviewing authorizations is a difficult task. You have to send an e-mail to each manager asking them to validate the applications available to each member of their team.
You need to make a list of the managers, the people they have on their team, and finally the applications each one has.
With Youzer, this review of authorizations is greatly simplified. Youzer lets you quickly and accurately filter your users.
Youzer allows you to display the applications available to each manager, and each user has a precise record of the applications available to them.
The authorization review campaign is simplified: thanks to a workflow, you send an e-mail with access to Youzer for each manager. The manager logs on to Youzer, and validates the applications for his or her team.
The IT team is largely relieved by Youzer, which considerably reduces the amount of work for this campaign.
Besoin d'être accompagné ? Prenez RDV avec un de nos experts pour en discuter 😊
Thanks for reading this far!
Would you like to discuss a project?
That's what I'm here for 👋.
You find the newsletter top? Sign up here 👇
Every month, I send you my discoveries and analyses of IT news.
I do a lot of monitoring and I share it all!
I'm Mélanie and I'm Youzer's marketing manager.
About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than see a movie. I'm a fan of HP 🧙🏼.
I run and rollerblade as a team sport (don't look it up, it's dangerous).