Hello 🌧️,
I'm back with the May edition of Récap'IT, but with the weather in the IDF, I feel more like I'm writing the March edition.
In this newsletter, I analyze the aftermath of cyberattacks.
📅 Today's agenda:
👉 Go !!
Before we start, I invite you to follow us 👉️
Lately, I've been telling you about the cyberattacks of the past month. Except that we rarely see the aftermath of cyberattacks.
So, based on the experience of organizations that have been hacked.
Saint-Nazaire agglomeration:
On the night of April 10-11, 2024, the Saint-Nazaire conurbation suffered a major cyberattack, waking up to a paralyzed IT system.
ANSSI is called immediately, and a crisis unit is set up immediately.
Experts note that it takes about 2 years to fully recover from large-scale cyberattacks. For the moment, the teams and the mayor of Saint-Nazaire are rather optimistic and are talking in terms of months.
Bondy and Saint-Nazaire Agglomeration:
Bondy suffered a cyberattack in November 2020, services were shut down and the municipality restarted the most urgent ones.
But today, the invoices that could not be digitized are being issued, and families (who did not set aside the money) are finding themselves having to pay significant bills.
In Saint-Nazaire, the story is identical "no water or sanitation bill, no bill either since March for leisure centers, catering, after-school care and crèches."
Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news
I attended a conference at the Cyber Show in Paris where Colonel Jean-François Laloyer (cybersecurity expert), Ayoub Sabbar (founder of Ornisec and former president of Clusir Bretagne), and Marc Bothorel (founder of CPME) reiterated some important concepts.
Vincent Strubel, the director of ANSSI, has a very explicit phrase:
"You don't have to be a target to be a victim."
Today, the hacking market has become widely democratized, and barriers to entry are falling. Anyone with a little technical background can hack a company.
Lockbit is notably known for renting SaaS software for cyberattacks (Malware as a Service).
The objective of NIS 2 is notably in this direction: previously, a perimeter was secured, today, the entire IS will be secured.
The big question for VSEs/SMEs and mid-sized companies is why would a hacker be interested in us?
Because you own the data!
Data is selling at a premium. Conference experts explained that a patient file in the US sells for several hundreds or even thousands of dollars.
Is there a cost if we are hacked?
The three experts were adamant on this question: no, and for several reasons.
Previously, hackers had an "ethic" and the company always recovered its data and it stopped there, today things have changed. Only 20% of companies pay and this number continues to decline.
How to protect yourself?
The network must be hardened by considering its environment, rights, and access privileges. A computer charter outlining what is permitted and what is not (e.g., BYOD) must be written and communicated.
It is necessary to prepare, whatever its size. Having an antivirus and antispam is important, as well as doing the updates as soon as they appear.
Please note that professional indemnity insurance does not cover cyberattacks; you must take out specific insurance.
Final advice:
If you are the victim of a cyberattack, do not act alone; certain actions are essential to avoid destroying evidence.
File a complaint, make a declaration to ANSSI or CNIL depending on your size and the severity of the situation.
Consult the website of cybermalvaillance.gouv.fr, which has very well-made guides.
Quick reminder: Once implemented, cyber protection does not cost much compared to a cyberattack.
This represents the increase in the cost of cybercrime worldwide, while spending has only increased by 78%.
In figures, this represents $150 billion in protection and $9.1 trillion in cyberattack costs.
In recent years, the increase has been approximately $1 trillion per year.
These figures make my head spin.
Source: Breizh.info
Have you heard of Recall? Microsoft's latest feature. After numerous flaws and attacks, Microsoft had the bright idea to spy on and save its users' data.
How does Recall work?
Recall captures screenshots of the active window every few seconds, recording Windows activity for three months by default.
Screenshots are analyzed by a Neural Processing Unit (NPU) and an AI model to extract data, which is then saved in a semantic index locally on the device.
The data is encrypted with BitLocker and is not shared with other users of the same device.
What is Recall used for?
Recall enables users to easily find information or documents they have previously consulted. By taking regular screenshots of the active window, the user can search this history and quickly retrieve data without having to remember exactly where it is stored.
Thanks to semantic indexing and AI analysis, users can perform searches in natural language to find specific content. This simplifies information retrieval compared to manual navigation through folders and files.
Of course, Recall is not unanimously approved, and the cyber community is not a fan. If the screenshots are hacked, it's literally a gold mine.
This feature will not be available on all PCs but will be activated when the PC is started...
Here are some comments:
"Recall is CLEARLY malware designed and distributed by Microsoft."
"Yep and the first thing you do is either uninstall CP and/or of its services & dependants (if micro$haft allow), or disable it in the registery and group policy. For the majority of users this is very HARD PASS."
Source: Bleepingcomputer
Would you like to receive our white paper on identity and access management?
Ticketmaster : just while I finish this newsletter and it's not pretty. We find data such as: first name/last name, email, postal address, phone number, all bank details (credit card number - type of card, etc.), the user's financial transactions.
➡️ The hacked data appears to stretch from 2011 to 2024, that's +13 years of data! 🤯
Christie's: Hackers are threatening to disclose the company's financial data. Customer data has been stolen, but the exact extent of the breach remains unclear.
New Caledonia: Suffered a major cyberattack « Millions of emails were sent simultaneously to an email address with the aim of saturating the network and rendering it inoperative »
Pau Airport and Business School: Their services were disrupted following a cyberattack.
Coradix-Magnescan: The radiology group was affected.
The Swiss Baccalaureate: A cyberattack took place, data from 2018 was hacked. Some screenshots show more recent dates and the disclosure of exams, but the official site only acknowledges the theft of data from 2018.
Entitlement review is a difficult time. An email must be sent to each manager to ask them to validate the applications that each member of their team has.
A list of managers, the people on their teams, and the applications available to each person must be compiled.
Youzer greatly simplifies this entitlement review by enabling rapid and precise filtering of your users.
Youzer allows to display for each manager who is attached to him and finally each user has a precise record of the applications available to him.
The access review campaign is simplified: thanks to a workflow, you send an email with access to Youzer for each manager. The manager logs into Youzer and validates the applications for their team.
The IT team is greatly relieved by Youzer, which significantly reduces the workload for this campaign.
Besoin d'être accompagné ? Prenez RDV avec un de nos experts pour en discuter 😊
Thank you for reading me this far!
Any feedback, want to discuss a project?
I'm here for that 👋.
Do you find the newsletter great?? Sign up here 👇
Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!
I'm Mélanie and I'm Youzer's marketing manager.
About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP 🧙🏼.
I do running and collective sport roller (don't look for it, it's dangerous).