IT recap: cyberattacks and the aftermath?

Revenir à la page
Newsletter
Mélanie Lebrun
31/5/2024

Hello 🌧️,

I'll be back for the May issue of Récap'IT, but with the weather in the IDF, I feel more like I'm writing the March issue.

Youzee the Youzer mascot


In this newsletter, I analyze the aftermath of cyber attacks.

📅 O n the program today:

  • After the cyberattack
  • I hack and re hack
  • The number of the day
  • Recall from Microsoft
  • The jumble column
  • Cyber attacks of the month
  • News from Youzer

👉 Go!!

Before we begin, I invite you to follow us 👉️

­

💀 After the cyberattack

Lately, I've been talking about and reporting on the cyberattacks of the past month. Except that we don't often have the aftermath of cyber attacks.

So let's take a look back at the experience of structures that have been hacked.

Saint-Nazaire agglomération :

On the night of April 10-11, 2024, Saint-Nazaire agglomération suffered a major cyber attack. The agglomeration wakes up with its IS paralyzed.

The ANSSI is called immediately and a crisis unit is set up immediately.

  1. The attack: The hackers gained access to the systems by "cracking" the password associated with a technical email address, rather than by human error such as downloading an infected attachment or clicking on a malicious link.
  2. Impact: Approximately one third of the City and Agglomeration servers were affected. To prevent propagation, the entire system had to be shut down, and must now be completely rebuilt.
    For the moment, no data has been extracted.
  3. Ransom : A ransom demand was made by the attackers, but City services refused to open it and decided not to pay.
  4. Protection : Saint-Nazaire had taken preventive measures in collaboration with ANSSI, which limited the damage. Previous security audits and response exercises enabled a more effective response on the day of the attack.
  5. Consequences: Numerous services were disrupted, notably water and sewerage billing, civil status services, and certain administrative services. However, most essential services gradually resumed, with some adaptations.
    We had to adapt and go back to paper for several weeks. Post-it notes and tables were used for e-mails, calendars and so on.

Experts note that it takes around 2 years to fully recover from large-scale cyberattacks. For the time being, the teams and the mayor of Saint-Nazaire are rather optimistic, and are talking in months.

Bondy and Saint-Nazaire Agglomération:

Bondy had suffered a cyber-attack in November 2020, services had been at a standstill and the municipality had had the most urgent ones restarted.

But today, it's the bills that couldn't be digitized that are being issued, and families (who hadn't set aside the money) find themselves having to pay large bills.


In Saint-Nazaire, the story is the same: "no water or sanitation bill, and no bill since March for leisure centers, catering, after-school care and crèches".

Cyber attack on Saint Nazaire agglomération

Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the latest news.

We have been unable to confirm your registration.
Your registration is confirmed! You'll receive your next Récap'IT at the end of the month 😊

🔔 The hacker always passes twice

I attended a conference at the cyber show in Paris, where Colonel Jean-François Laloyer (cybersecurity expert), Ayoub Sabbar (founder of Ornisec and former president of Clusir Bretagne) and Marc Bothorel (founder of CPME) reminded us of some important concepts.

  • Cyber attacks cost $9,200 billion a year.
  • Cyberattack remains the easiest way to sink a business. In fact, 1 in 2 small businesses never recover from a cyber attack.
  • Cyber risk is the number one risk facing companies, ahead of theft, fire, supply disruption...

Vincent Strubel, Director of ANSSI, has a very explicit phrase:

"You don't have to be a target to be a victim."

Today, the hacking market is largely democratized, and barriers to entry are falling. Anyone with a little technical know-how can hack into a company.
Lockbit is well known for renting out SaaS software for cyber-attacks (Malware as a Service).

This is one of the objectives of NIS 2: before, we secured a perimeter; today, we're going to secure the entire IS.

The big question for SMEs is why would a hacker be interested in us?

Because you have data!

Data is expensive. Experts at the conference explained that a patient file in the US sells for several hundred or even thousands of dollars.

Do you have to pay if you're hacked?

All three experts were adamant on this point: no, and for several reasons.

  1. There's no guarantee that we'll get the decryption key.
  2. Decryption is very time-consuming and does not allow you to retrieve all the data.
  3. When you've paid once, you're a good customer; hackers always come back (see Pimkie, Okta...).
  4. Even after paying, the hacker still has the data and resells it on the black market.

In the past, hackers had an "ethic" and the company always recovered its data and that was that. Only 20% of companies pay, and this figure continues to fall.

How can I protect myself?

We need to tighten up the network, and think about the environment, rights and access. We need to draw up and pass on an IT charter setting out what is permitted and what is not (BYOD?).

You need to be prepared, whatever your size. Anti-virus and anti-spam software are important, as are updates as soon as they become available.

Please note that RCPro does not cover cyber-attacks, so you need to take out specific insurance.

Final tip:

If you are the victim of a cyber-attack, don't act alone. There are a number of steps you need to take to avoid destroying evidence.

File a complaint or a declaration with ANSSI or CNIL, depending on your size and the seriousness of the situation.

Check out the cybermalvaillance.gouv.fr website, which has some excellent guides.

Just a reminder: once cyber protection is in place, it doesn't cost much compared to a cyber attack.

­

Double cyber attack

💰 Number of the day

972% cost of cybercrime

This is the increase in the cost of cybercrime worldwide, while spending has risen by 'only' 78%.

In figures, this represents $150 billion in protection and $9,100 billion in the cost of a cyberattack.

In recent years, the increase has been around $1,000 billion a year.


These figures make my head spin.

Source : Breizh.info

­

👀 Recall from Microsoft

Have you heard of Recall? Microsoft's latest feature. After so many breaches and attacks, Microsoft had the good idea of spying on and safeguarding its users' data.

How does Recall work?

Recall takes screenshots of the active window every few seconds, recording Windows activity for three months by default.

Screenshots are analyzed by a neural processing unit (NPU) and an AI model to extract data, which is then saved in a semantic index locally on the device.

Data is encrypted with BitLocker and not shared with other users of the same device.

What's the point of Recall?

Recall enables users to easily retrieve information or documents they have previously consulted. By taking regular screenshots of active window activity, users can search this history and quickly retrieve data without having to remember exactly where it is stored.

Thanks to semantic indexing and AI analysis, users can perform natural language searches to find specific content. This simplifies information retrieval compared with manual navigation through folders and files.

Of course, Recall isn't universally acclaimed, and the cyber community isn't a fan. If screenshots are hacked, it's literally a gold mine.

This feature will not be available on all PCs, but will be activated when the PC is opened...

Here are a few comments:
"Recall is CLEARLY malware designed and distributed by Microsoft."

"Yep and the first thing you do is either uninstall CP and/or of its services & dependants (if micro$haft allow), or disable it in the registery and group policy. For the majority of users this is very HARD PASS."

Source : Bleepingcomputer

Recall from microsoft

­

Would you like to receive our white paper on identity and access management?

Thank you, we have received your request and you will receive the book shortly.
Oops! a field has been filled in incorrectly 😖

Pell-mell

  • ANSSI has just announced (May 30) a major operation involving France, Germany, the Netherlands, the USA, the UK and Denmark (phew!) called Endgame.
    The operation targeted the Bumblebee, Pikabot, Smokeloader, System BC, IcedID and Trickbot infrastructures.
    The result ➡️ 4 people arrested,16 searches and the interuption of a hundred servers and seizures.

  • Vous avez dû le voir passer, le leader du groupe Lockbit a été identifié et dévoilé : Dmitry Yuryevich Khoroshev. Si vous voulez vous faire un peu d'argent, sa récompense est fixée à 10 millions de dollars, y a plus qu'à !
    Encore une fois, le site de Lockbit a été mis à plat, encore une fois, il s'est relevé.
    Des mails émanant de Jenny Green et de l’adresse Jenny@gsd[.]com contiennent un fichier Zip avec le malware de Lockbit et oui, c'est cadeau.

    Nota bene : si vous êtes un hackeur, pensez à faire des photos BG de vous au cas où le FBI les diffuserait partout dans le monde.
Lockbit's Dmitry Tete wanted

­

☠️ Cyberattacks of the month

Ticketmaster : just as I'm finishing this newsletter, and it's not pretty. It includes data such as: surname/first name, email address, postal address, telephone number, full bank details (credit card number - type of card, etc.), the user's financial transactions.

➡️ The hacked data appears to stretch from 2011 to 2024, that's +13 years of data! 🤯

Christie's: hackers threaten to reveal the company's financial data. Customer data has been stolen, but no one knows exactly what has been extracted.

New Caledonia: suffered a major cyber attack " Millions of emails were sent simultaneously to an email address whose purpose was to saturate the network and render it inoperative".

Pau airport and business school: following a cyber attack, their services were disrupted.

Coradix-Magnescan: the radiology group was affected.

The Swiss Baccalaureate: a cyberattack has taken place, 2018 data has been hacked. Some screenshots show more recent dates and the disclosure of exams, but the official website only acknowledges the theft of 2018 data.

­

What's new at Youzer?

Reviewing authorizations is a difficult task. You have to send an e-mail to each manager asking them to validate the applications available to each member of their team.

You need to make a list of the managers, the people they have on their team, and finally the applications each one has.

With Youzer, this review of authorizations is greatly simplified. Youzer lets you quickly and accurately filter your users.


Youzer allows you to display the applications available to each manager, and each user has a precise record of the applications available to them.

The authorization review campaign is simplified: thanks to a workflow, you send an e-mail with access to Youzer for each manager. The manager logs on to Youzer, and validates the applications for his or her team.

The IT team is largely relieved by Youzer, which considerably reduces the amount of work for this campaign.

Besoin d'être accompagné ? Prenez RDV avec un de nos experts pour en discuter 😊

Réaliser une revue des habilitations avec un logiciel d'IAM

Thanks for reading this far!

Would you like to discuss a project?

That's what I'm here for 👋.

You find the newsletter top? Sign up here 👇

I subscribe to the IT Recap

Image humoristique qui propose de partager la newsletter le Recap'IT
Linkedin Melanie Lebrun

Every month, I send you my discoveries and analyses of IT news.
I do a lot of monitoring and I share it all!

I'm Mélanie and I'm Youzer's marketing manager.

About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than see a movie. I'm a fan of HP 🧙🏼.
I run and rollerblade as a team sport (don't look it up, it's dangerous).