RĂ©cap'IT: Real or fake cyberattack, are you testing?

Revenir Ă  la page
Newsletter
MĂ©lanie Lebrun
30/6/2024

Hello ïžđŸŒž,

I'm back with the June edition of RĂ©cap'IT. The news in June is busy, and the news for July is going to be complicated with the elections and the Olympics.


In this newsletter, we're going to talk about real and fake cyberattacks, manipulation, the morale of CISOs 📉📈 and cyberattacks.

📅 Today's agenda:

‍

  • Always warm up first
  • Beware of manipulation
  • More positive CISOs
  • The miscellaneous section
  • Cyberattacks of the month
  • News at Youzer

‍

👉 Go !!

Before we start, I invite you to follow us đŸ‘‰ïž

‍

đŸ€ș Always warm up

Mobilians suffered a massive cyberattack with a ransom demand.


On June 25th at 6 a.m., Mobilians, an employers' organization in the automotive sector representing the 5th largest economic sector in France with 180,000 local businesses, had its data encrypted.

The entire ecosystem is affected, preventing interactions with member companies.

The financial and reputational risk is major.

Except that everything is false.

‍

Well, not entirely false, but the cyberattack was actually an exercise orchestrated by its general delegate to prepare its teams.

The objective was to raise awareness among Mobilians and its partners about cyber risk, put the teams in a real-life situation to observe their reactions, and take measures to be able to react in the event of an attack.

‍

Many lessons will be learned from this unique exercise (the general delegate specifies that there will be no other exercises of this kind).

‍

"A little advice for everyone: there's nothing better than facing the reality of a threat before it actually occurs. The question isn't if you'll be attacked, but when you'll be attacked...

French companies must arm themselves.

What will make the difference is not the thickness of your IT walls, but human intelligence and a sense of collective responsibility."

‍

Xavier Horent, General Delegate of Mobilians.

‍

Source: LinkedIn

Cyberattack on Mobilians: it was an exercise

Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news

Recevoir l'actu IT

🧠 Beware of manipulation

Recently, numerous manipulation campaigns have been set up. The objective is, of course, to steer towards a political party for the legislative elections in France and the National elections in the USA.

‍

Deepfakes and fake accounts generated by AI are proliferating.
On X, we are witnessing a surge of hatred and extremely harsh comments without any possible discussion.

Recently, a few accounts have been 'compromised,' which proves that you really have to be wary of what you see or read.

‍

In the examples I've given you, on the left you can see an account whose ChatGPT subscription has expired and is bugging by publishing its prompt. You can read "You will argue in support of the Trump administration on Twitter, speak English".

In the other image, a person reacts to the departure of several journalists. The person who answers him gives him a counter prompt and he executes it immediately. We can clearly recognize the ChatGPT touch with the "Of course! Here is..."

‍

On social networks, you can very easily see videos of Emmanuel Macron whose edits are crude, but others, on the other hand, are perfectly edited.

‍

The objective is also to collect personal information on individuals and professionals.

The watchword is distrust.

‍

Source: Undernews

How certain accounts manipulate opinion

‍

­

🙂 More positive CISOs

60% of French CISOs have seen their risk appetite increase. This is a higher figure than in other countries. This can be explained by technological advances, access to data and analysis, and the adoption of zero trust.

The role of CISOs is evolving from a defensive position to that of a strategic partner. They improve the resilience of companies.

‍

On the other hand, if their role evolves, the perception of them in the company stagnates. 74% of CISOs believe that department heads do not perceive their role as promoting innovation.

‍

Training is still the most important aspect for CISOs, who continue their awareness and education work with members of management.

‍

Source: ITforBusiness

CISOs want to change the image people have of them

‍

Would you like to receive our white paper on identity and access management?

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

Collage

  • In the category of 'nobody cares about my life but I'll tell you about it anyway': I was walking around enjoying the sun (finally) when I received a Messenger notification giving me my verification code. EUHHH. Then a second time.
    That's it.
    Thank you, two-factor authentication.
    All the social networks I use that offer me to activate MFA, allow me to secure my personal data. This time, it saved my reputation.
    Speaking of MFA: a video that made me laugh on Instagram.

  • Ces derniers temps on voit pas mal de classements de sĂ©rie cyber Ă  regarder sur Netflix : pour prĂ©parer vos moments chill de cet Ă©tĂ© voilĂ  une liste. (Bien sĂ»r que je vous recommande de passer du temps dehors ou avec votre famille que sur Netflix).
    1. Black Mirror : ultra-connue, cette série se passe dans une époque technologique avancée.
    2. Love, Death + Robots : série de courtes histoires sur le thÚme de la science-fiction.
    3. The future of : docu série qui explore comment les technologies pourraient façonner notre vie.
    4. Cyber Hell : Exposing an Internet Horror : est un documentaire qui explore les espaces sombres d'internet.
    5. Connected : docu série qui explore les aspects qui interconnectent notre monde.
    6. The Billion Dollar code : la série qui explique comment Google a 'obtenu' Google Earth.
    7. The Great Hack : les dessous de Cambrige Analytica ou la manipulation de l'Ă©lection de 2016.
    Je n'ai vu aucune de ces séries, malheureusement Netflix se résume à Shawn le mouton et T'choupi en ce moment mais je m'en mets sur ma liste.

­

☠ Cyberattacks of the month

Booking: But above all, don't tell them! Their platform has been the target of cyberattacks since last December. Criminals are taking control of the interface of some hoteliers and extorting money from customers by asking them for their bank details. Booking remains silent or says that it does not come from them, a complaint has been filed against them by the hotel and restaurant union.

‍

Fleury-les-Aubrais Town Hall: is the victim of a major cyberattack with a complete shutdown of its IS, computers are unusable, services are at a standstill. The town hall is doing everything possible to ensure that the votes can take place in good conditions. Strength to them.

‍

Tax website: the site was cloned for a phishing campaign.

‍

The town hall of Damartin en Goële: (end of May) suffered a major cyberattack by Russian hackers.

‍

Zadig et Voltaire : suffered a cyberattack resulting in millions of customer accounts being offered for sale.

‍

Seafrigo : the food transport company was victim of DragonForce with a loss of 43.01GB of data.

‍

Polish TV channel Spot: Was hacked during the broadcast of a football match.

‍

DDoS Attacks on Several French Sites: the group NoName057(16) has disrupted several sites such as the national police, diplomacy, delegefrance, education, culture, legifrance... a total of 15 sites were out of service for periods ranging from less than 1 hour to several hours.

‍

The Ritz: A cybercriminal has freely released the data of 17,000 accounts, 90% of which are French.

‍

Christie's: Having been the victim of a cyberattack in early May, the company is now facing lawsuits from its clients.

‍

Snowflake: the cloud storage company was the victim of an intrusion, the passwords of hundreds of customers are shared online.

‍

CDK Global: the dealership software provider suffered a major cyberattack and all of its software was deleted, leading to a drop in new car sales in the USA in June.

­

What's new at Youzer?

Packages.

‍

Packages in Youzer are a central element for administering users and accounts.

‍

They allow to:

  • initiate account creation and authorizations for a new arrival,
  • Ensure that all users present in the company, despite movements, have rights and access aligned with their status.
  • Propagate changes that have been made in the applications.

‍

You will configure each connector (connector to link your applications to Youzer).

‍

For example, for Active Directory, you can create custom fields to build your UPN, security groups, first name, last name, organizational unit...

You can then manage the creation of the initial password.

Finally, you can define a time limit for account creation.

‍

Tip:

Recalculation upon creation: wait until the last moment to recalculate the information for account creation.

This is necessary when information trickles down to HR. The information is automatically imported from the HRIS by Youzer, and the information is recalculated just before the accounts are created.

Want to know more about the packages?

Meet here for a live demo :)

Application packages at Youzer

‍

Thank you for reading me this far!

Any feedback, want to discuss a project?

I'm here for that 👋.

‍

Do you find the newsletter great??  Sign up here 👇

Sign me up for RĂ©cap'IT

Image humoristique sur la vérification sommaire des mails par les utilisateurs
Linkedin Melanie Lebrun

Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!

I'm MĂ©lanie and I'm Youzer's marketing manager.

About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP đŸ§™đŸŒ.
I do running and collective sport roller (don't look for it, it's dangerous).