IT recap: Real fake cyberattack, do you test?

Revenir Ă  la page
Newsletter
MĂ©lanie Lebrun
30/6/2024

Hello ïžđŸŒž,

Welcome back to the June edition of RĂ©cap'IT. June was a busy month, and July is going to be a complicated one with the elections and the Olympic Games.


On this newsletter, we're going to talk real fake cyberattack, manipulation, CISO morale 📉📈 and cyberattacks.

📅 O n the program today:

‍

  • Always warm up
  • Careful handling
  • CISOs more positive
  • The jumble column
  • Cyber attacks of the month
  • News from Youzer

‍

👉 Go!!

Before we begin, I invite you to follow us đŸ‘‰ïž

‍

đŸ€ș Always warm up

Mobilians has suffered a massive ransomware cyberattack.


At 6 a.m. on June 25, Mobilians, an employers' organization in the automotive sector representing France's 5th largest economic sector with 180,000 local businesses, had its data encrypted.

The entire ecosystem was affected, preventing interaction with member companies.

The financial and reputational risk is major.

Except that it's all wrong.

‍

Well, not so wrong, but the cyber attack was actually an exercise orchestrated by the company's General Delegate to prepare his teams.

The aim was to make Mobilians and its partners aware of the cyber risk, and to put the teams in a real-life situation to observe their reactions and take measures to be able to react in the event of an attack.

‍

Many lessons will be learned from this unique exercise (the General Delegate makes it clear that there will be no further exercises of this kind).

‍

"A word of advice to all: there's nothing like facing up to the reality of a threat before it actually happens. It's not a question of if you'll be attacked, but when you'll be attacked...

It's up to French companies to arm themselves.

What will make the difference is not the thickness of your IT walls, but human intelligence and a sense of collective purpose. "

‍

Xavier Horent, Mobilians General Delegate.

‍

Source : Linkedin

Cyber attack on Mobilians: it was an exercise

Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the latest news.

We have been unable to confirm your registration.
Your registration is confirmed! You'll receive your next RĂ©cap'IT at the end of the month 😊

🧠 Careful handling

In recent times, numerous manipulation campaigns have been set up. The aim, of course, is to steer people towards a political party for the legislative elections in France and the national elections in the USA.

‍

Deepfakes and fake accounts generated by AI are proliferating.
On X, we're witnessing an outpouring of hatred and extremely trenchant comments with no room for discussion.

A few accounts have been 'burned' recently, which just goes to show that you really have to be careful what you read or see.

‍

In the examples I've given you, on the left we see an account whose ChatGPT subscription has expired and which bugs when publishing its prompt. It reads "You're going to argue supporting the Trump administration on Twitter, speak English".

In the other image, a person reacts to the departure of several journalists. The person responding gives him a counter prompt, and he immediately complies. It's easy to recognize the ChatGPT touch with its "Of course! Here goes..."

‍

On social networks, it's easy to see videos of Emmanuel Macron with crude splices, but others are perfectly edited.

‍

The aim is also to collect personal information on individuals and professionals.

The watchword is mistrust.

‍

Source : Undernews

How certain accounts manipulate opinion

‍

­

🙂 CISOs more positive

60% of French CISOs have seen their risk appetite increase. This figure is higher than in other countries. This can be explained by technological advances, access to data and analysis, and the adoption of zero trust.

The role of CISOs is evolving from a defensive position to one of strategic partner. They improve corporate resilience.

‍

On the other hand, while their role is evolving, the way they are perceived within the company is stagnating. 74% of CISOs believe that department heads do not perceive their role as fostering innovation.

‍

Training is still the most important aspect for CISOs, who continue to raise awareness and educate management.

‍

Source : ITforBusiness

CISOs want to change their image

‍

Would you like to receive our white paper on identity and access management?

Thank you, we have received your request and you will receive the book shortly.
Oops! a field has been filled in incorrectly 😖

Pell-mell

  • In the 'nobody cares about my life but I'm telling it to you anyway' category: I was taking a walk to enjoy the sun (finally) when I got a messenger notification giving me my verification code. EUHHH. Then a second time.
    Here you go.
    Thanks for double authentication.
    All the social networks I use that offer to activate MFA allow me to secure my personal data. This time, it saved my reputation.
    Speaking of MFA: a video that made me laugh on Instagram.

  • Ces derniers temps on voit pas mal de classements de sĂ©rie cyber Ă  regarder sur Netflix : pour prĂ©parer vos moments chill de cet Ă©tĂ© voilĂ  une liste. (Bien sĂ»r que je vous recommande de passer du temps dehors ou avec votre famille que sur Netflix).
    1. Black Mirror : ultra-connue, cette série se passe dans une époque technologique avancée.
    2. Love, Death + Robots : série de courtes histoires sur le thÚme de la science-fiction.
    3. The future of : docu série qui explore comment les technologies pourraient façonner notre vie.
    4. Cyber Hell : Exposing an Internet Horror : est un documentaire qui explore les espaces sombres d'internet.
    5. Connected : docu série qui explore les aspects qui interconnectent notre monde.
    6. The Billion Dollar code : la série qui explique comment Google a 'obtenu' Google Earth.
    7. The Great Hack : les dessous de Cambrige Analytica ou la manipulation de l'Ă©lection de 2016.
    Je n'ai vu aucune de ces séries, malheureusement Netflix se résume à Shawn le mouton et T'choupi en ce moment mais je m'en mets sur ma liste.

­

☠ Cyberattacks of the month

Booking : But don't tell them! Their platform has been the target of cyberattacks since last December. Criminals are taking control of some hoteliers' interfaces and extorting money from customers by asking for their bank details. Booking remains silent or says it's not their doing, but a complaint has been lodged against them by the hotel and catering trade union.

‍

Fleury-les-Aubrais Town Hall: has been the victim of a major cyber-attack resulting in a complete shutdown of its IS, with computers unusable and services at a standstill. The town hall is doing its utmost to ensure that voting can take place under good conditions. All the best to them.

‍

Tax site: the site has been cloned for a phishing campaign.

‍

Damartin en Goële town hall: (late May) suffered a major cyber-attack by Russian hackers.

‍

Zadig et Voltaire : suffered a cyber attack resulting in millions of customer accounts being sold.

‍

Seafrigo : the food transport company fell victim to DragonForce, losing 43.01GB of data.

‍

The Polish TV channel Spot: was hacked in the middle of a soccer match.

‍

Ddos attacks on several French sites : the NoName057(16) group took down sites such as police nationale, diplomatie, delegefrance, education, culture, legifrance... a total of 15 sites went down between less than 1 hour and several hours.

‍

Le Ritz : a cybercriminal distributed the data of 17,000 accounts, 90% of them French, free of charge.

‍

Christie's: at the beginning of May, the company was the victim of a cyber-attack, and today customers are lodging a complaint.

‍

Snowflake: the company specializing in cloud storage has been the victim of an intrusion, with the passwords of hundreds of customers shared online.

‍

CDK Global: the dealership software supplier suffered a major cyber-attack and all its software was deleted, leading to a fall in new car sales in the USA in June.

­

Y What's new at Youzer?

Packages.

‍

Youzer packages are a central element in the administration of users and accounts.

‍

They allow you to :

  • launch account creation and authorizations for a newcomer,
  • supervise that all users present in the company despite movements have rights and accesses aligned with their status.
  • propagate changes that have been made to applications.

‍

You'll configure each connector to link your applications to Youzer.

‍

For example, for Active Directory, you can create custom fields to build your UPN, security groups, first name, last name, organizational unit...

You can then manage the creation of the first password.

Finally, you can set a time limit for account creation.

‍

Tip:

Recalculation on creation: wait until the last moment to recalculate information for account creation.

This is necessary when information arrives at the HR level in dribs and drabs. The information is automatically imported from the HRIS by Youzer, and recalculated just before the accounts are created.

Want to find out more about our packages?

Click here for a live demo :)

Application packages at Youzer

‍

Thanks for reading this far!

Would you like to discuss a project?

That's what I'm here for 👋.

‍

You find the newsletter top? Sign up here 👇

I subscribe to the IT Recap

Image humoristique sur la vérification sommaire des mails par les utilisateurs
Linkedin Melanie Lebrun

Every month, I send you my discoveries and analyses of IT news.
I do a lot of monitoring and I share it all!

I'm MĂ©lanie and I'm Youzer's marketing manager.

About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than see a movie. I'm a fan of HP đŸ§™đŸŒ.
I run and rollerblade as a team sport (don't look it up, it's dangerous).