Cyber attacks have become a major concern for organizations around the world. Hackers use sophisticated techniques to infiltrate computer systems, steal sensitive data and cause considerable damage. This article looks at some of the attacks taking place between 5 and 18 June 2023. It highlights the role of governments, the challenges they face and the importance of increased data security and resilience in dealing with these growing threats.
Companies: victims of cyber-attacks
In France, 11% of ransomware attacks are perpetrated by LockBit, a group of Russian-speaking hackers.
The percentages of LockBit involvement are also significant in Canada (22%), New Zealand (23%), Australia (18%) and the United States (16%).
LockBit blocks victims’ data with malware and demands a ransom to unlock it. The data can be sold on the dark web if the victim refuses. The malware is rented out by the LockBit group to around a hundred affiliates. These affiliates then target companies, public authorities and hospitals and pay a commission when they succeed in obtaining a ransom. (source 16)
This activity is proliferating in France, with 27% of ransomware attacks in 2022 and 2023 attributed to the notorious cybercriminal gang.
For example, this gang recently targeted Voyageurs du Monde and the Corbeil-Essonnes hospital.
On Monday, 5 June, the Paris public prosecutor’s office confirmed that an investigation had been opened into a cyber attack perpetrated by the Lockbit group against the travel agency Voyageurs du Monde. The group of hackers allegedly obtained a password from an employee to access the system. They then published the passports of ten thousand customers on the darknet, which could allow identity theft and other cyber scams. The investigation aims to identify those responsible for this attack and bring the perpetrators to justice. (source 2)
The SNCF also announced on 13 June that a major theft of personal data involved information belonging to the company’s employees. The exact details of the stolen data types are unknown, as investigations are ongoing. Management has informed the company’s trade unions of the incident, prompting concern among employees demanding further information about the data leak. The computer flaw in the Moveit software is at the root of this theft, which has already affected several companies worldwide. The SNCF has complained and informed the relevant authorities, particularly ANSSI and CNIL. At this stage, no misuse of the stolen data has been reported yet, but reinforced surveillance has been put in place. (source 11)
States: victims of cyber-attacks
Cybercriminals are not only targeting private companies, but also governments, which are increasingly falling victim to cyberattacks. These attacks can majorly impact their infrastructure, government systems and operations.
- Data theft
On 13 June, a hacker known as Rhysida attacked the Chilean Army and threatened to auction off the data he allegedly extracted from their computers. Rhysida has previously made up a name for itself by infiltrating and extracting data from the Collectivité territoriale de Martinique. The hacker has even created a search engine dedicated to the stolen information. Its name, Rhysida, is inspired by a predatory insect that uses venomous fangs to capture its prey.
This threat highlights the importance of data security for military organizations. (source 1)
However, these cyber attacks against states are not always primarily aimed at stealing their data but can also be used to put pressure on States during geopolitical conflicts.
- The pressure exerted in tense geopolitical contexts
Over the last two weeks, a group of pro-Russian hackers known as « NoName » has conducted cyber attacks against several Swiss federal government websites.
The official websites of Geneva Tourism, the Basel-Stadt canton and the Lausanne and Montreux cities were attacked on Wednesday, 14 June 2023. The day before, the airports of Geneva and Zurich were blocked.
The hackers justify their attacks with the Ukrainian president’s speech to the Swiss parliament on Thursday, 15 June. (source 9)
According to cybersecurity expert Lennig Pedron, the hackers aimed to warn the public and members of parliament ahead of Ukrainian President Volodymyr Zelensky’s address to the Swiss Parliament. Although the attack did not result in data leaks or thefts, Lennig Pedron considers it a « strong signal » ahead of Zelensky’s speech (source 4).
Pro-Ukrainian hackers have also launched a series of cyber attacks to exert pressure.
Two Russian subsidiaries of the Mulliez group, Auchan and Leroy Merlin, were the victims of data leaks. The pro-Ukrainian hacktivists NLB posted an initial archive of 437 megabytes of data stolen from Auchan’s Russian subsidiary on their Telegram channel, announcing a « cyber offensive » against 12 major companies. Two days later, the same group leaked a new archive of 523 megabytes of data stolen from Leroy Merlin. The compromised data includes personal information such as customers’ identities, telephone numbers, email and delivery addresses. Auchan Retail has confirmed the data leak while launching an internal investigation to determine the source. These retailers were prime targets because of their presence in Russia and war-related events. Leroy Merlin was already planning to sell its Russian operations, while Auchan maintained its presence to protect its employees and the interests of its customers. (source 7)
Pro-Ukrainian hackers also launched a cyber attack against the Russian Internet operator Infotel, responsible for the country’s interbank transactions. This attack paralyzed the Russian banking sector, preventing institutions from communicating essential financial information. According to the hackers, Infotel’s infrastructure was destroyed, who also claimed to have recovered the operator’s databases. Infotel manages the Central Bank of Russia’s automated electronic interaction system, linking commercial banks, credit unions and businesses. The online services of the Russian bank Sberbank were also affected. Hackers also modified several websites of Russian institutions and companies to display messages favorable to Ukraine. The situation has persisted since the attack began (source 8).
States: players in data theft
Nevertheless, States are not always the victims of cyber attacks but have also become major players in cyber attacks. They often use considerable capabilities and resources to conduct offensive operations in cyberspace.
Alleged Chinese state-backed hackers have exploited a security flaw in a popular messaging security appliance to infiltrate the networks of hundreds of organizations, nearly a third of which are government agencies, according to cyber security firm Mandiant. This cyber espionage campaign is believed to be the most extensive since the massive Microsoft Exchange exploit in 2021. Hackers sent emails with malicious attachments to gain access to the devices and data of targeted organizations. The victims were mainly in the Americas, Asia-Pacific, Europe, the Middle East, and Africa, including foreign ministries and academic organizations. Barracuda Networks, the vulnerable email security appliance manufacturer, recommended replacing the appliances entirely after discovering the hack. The hacking group identified by Mandiant targeted victims in at least 16 countries.. (source 14)
States also do not hesitate to participate in data theft as part of their espionage operations.
A declassified report reveals that the US government is collecting the personal data of millions of citizens on a massive scale, without any mandate or safeguards, by buying the data from data brokers. This practice came to light following a request from the Director of US Intelligence in 2021. The data collected includes individuals’ location, social interactions and reading habits, raising major concerns about privacy and civil liberties. Civil rights campaigners see this as a nightmare, as the usual legal protections do not apply when the government buys this data rather than obtaining it through a court order. Moreover, even though this data is supposed to be anonymized, it is often possible to link it to specific individuals. Experts are calling on Congress to regulate data brokers and reform the personal data market. (source 13)
Strengthening the fight against cyber-attacks
These activities highlight the growing sophistication of cyber-attacks and the need for organizations to step up their vigilance and preparedness in the face of these threats.
- Strengthening resilience to cyber attacks
Indeed, a study reveals that only 20% of companies have a well-documented, tested and up-to-date disaster recovery plan. Nearly half of companies say they cannot restore all their data after an incident. This highlights companies’ lack of preparedness for cyber attacks. Despite the high risk, 81% of companies do not have a defined resilience plan. These figures are worrying, especially as 68% of French respondents have experienced data loss in the last five years. Companies need to pay more attention to security and business continuity. (source 3)
This lack of resilience in organizations is also a challenge for cyber insurance. Although take-up of cyber insurance has increased in recent years in response to ransomware and attacks, insurers are now realizing that the risk is much higher than expected. Insurance quotes are being revised upwards, compensation terms are being changed, and it is becoming more difficult for organizations to get compensation after a cyber attack.
This development could make insurance less effective in protecting organizations against the consequences of a cyber attack.
Some organizations that have taken out cyber insurance may be tempted to rely excessively on this protection rather than strengthen their security measures.
Cyber insurance should only be considered a last resort, not a total guarantee.
Insurers are beginning to realize the scale of the long-term costs. They are assessing the risk level of organizations according to the quality of their cyber-security defenses, which influences the terms of cover and rates offered. (source 12)
It is therefore preferable to put in place solid security measures and adequate employee awareness to reduce the risk of successful attacks.
- Reinforcing security measures
Some remind us that easy-to-implement solutions exist and that they are no longer optional extras.
For example, using a password manager and adopting multi-factor authentication could deal with the growing threat of identification data-stealing malware. For instance, Redline and Vidar recently shared the identification data of almost 2,600 personal computers on a Telegram channel, free of charge. This data can contain identifiers for hundreds of online services, both personal and professional, making it possible to reconstruct a person’s physical identity (source 5).
States: key players in the fight against cybercrime
Cyber security is a global issue that transcends national borders. States must step up their international cooperation to deal with transnational cyber threats. This involves exchanging information on threats, coordinating efforts to respond to incidents, adopting common cybersecurity standards and promoting trust and cooperation between states.
States must develop advanced digital investigation capabilities and cooperate with other States to share intelligence and evidence.
- Legislative cooperation
The European Parliament is currently discussing a legislative proposal called the Cyber Resilience Act, which aims to impose cyber security requirements on manufacturers of connected Internet of Things (IoT) devices. During the discussions, legislators consider introducing obligations for online marketplaces, including establishing a single point of contact for cybersecurity issues with market surveillance authorities. The authorities could also draw the order of products presenting significant cybersecurity risks. The coverage of open-source software remains a subject of debate. The legislation also proposes a list of critical products subject to external audits to demonstrate compliance. Manufacturers would be required to report incidents and exploited vulnerabilities to the European Union Agency for Cybersecurity (ENISA). Amendments are also proposed concerning the lifespan of products, the allocation of fines and the inclusion of users’ right to withdraw their data securely. (source 6)
- International cooperation in investigations
This week, a Russian Lockbit cybercrime group member was arrested in the United States. Ruslan Magomedovich Astamirov, a 20-year-old Russian national, is accused of participating in attacks using LockBit ransomware between August 2020 and March 2023. According to the American justice system, he directly executed at least five attacks against computer systems in the United States and abroad. He is the third Lockbit member to be charged and the second to be apprehended. (source 15)
Data on the LockBit website shows 1,653 claimed victims worldwide, with ransoms worth at least $91 million.
The fight against cybercriminals remains an international priority, requiring cooperation between countries to end these attacks.
This is why seven international cybersecurity agencies, including ANSSI, published a user guide on Wednesday, 14 June, to counter the hacker group. The instructions provide information on the methods used by LockBit and advice on how to protect yourself from their attacks. (source 10)
This report marks increased cooperation between partner cybersecurity agencies to tackling this growing threat.
In conclusion, recent attacks show that hackers are targeting government agencies, small and large businesses and individual users.
Software and social engineering techniques vulnerabilities are being exploited to steal sensitive data and harm organizations.
Furthermore, it is worrying that most businesses do not have adequate disaster recovery plans in place, exposing them to significant risks. Data security, resilience and international cooperation must be priorities for organizations to deal with the growing threats in cyberspace.
The malicious hacker named Rhysida, after attacking Martinique, is now threatening the Chilean military and offering for sale the data that this hacker claims to have extracted from the computers of the local army.
- Source : Zataz
- Author : Damien Bancal
- Date : 13 Juin 2023
On Monday 5 June, the Paris public prosecutor’s office confirmed that an investigation had been opened into the attack carried out by the Russian-speaking hacker group LockBit.
- Source : Le Monde
- Author : N/A
- Date : 7 juin 2023
Despite the risk involved, only 20% of businesses have a well-documented, rigorously tested and up-to-date disaster recovery plan, according to a survey of 1,121 IT decision-makers worldwide carried out by Dimensional Research for Arcserve.
- Source : IT for Business
- Author : Marie Varandat
- Date : 13 juin 2023
The pro-Russian « NoName » hackers struck again on Monday, this time attacking several federal government websites. Their aim? To warn the public and members of parliament ahead of the Ukrainian president’s address to the Swiss parliament.
- Source : RTS
- Author : Fabien Grenon and Valérie Hauert
- Date : 13 June 2023
On Tuesday 16 May 2023, the siphoned identification data of almost 2,600 PCs around the world were shared free of charge on a Telegram channel. The threat of identification data-stealing malware is exploding silently.
- Source : LeMagIT
- Author : Valéry Rieß-Marchive
- Date : June 12, 2023
Requirements for online markets, the scope of the cybersecurity regulation and provisions on critical and highly critical products, among others, are due to be discussed in the European Parliament on Tuesday (13 June).
- Source : Euractiv
- Author : Luca Bertuzzi
- Date : June 12, 2023
The Mulliez Group suffers 2 data leaks. An attack claimed by pro-Ukrainian hacktivists.
- Source : Zdnet
- Author : Gabriel Thierry
- Date : June 9, 2023
Hackers supporting Ukraine have attacked the Russian Internet operator Infotel. The problem is that this operator handles most of the country’s interbank transactions.
- Source : Futura Sciences
- Author : Sylvain Biget
- Date : June 9, 2023
The official websites of Geneva Tourism, the canton of Basel-Stadt and the towns of Lausanne and Montreux were hit on Wednesday. The sabotage was carried out by pro-Russian cybercriminals from the « NoName » group, who justified their attacks by referring to the Ukrainian president’s speech to the Swiss parliament, scheduled for Thursday, 15 June.
- Source : Radiolac
- Author : Solène Revillard
- Date : June 14, 2023
The cybersecurity agencies of seven Western countries (United States, Australia, Canada, United Kingdom, Germany, France and New Zealand), including ANSSI, have jointly published instructions for countering the formidable Russian-speaking hacker group LockBit.
- Source : BFMTV
- Author : Victoria Beurnez
- Date : June 14, 2023
Des données personnelles de cheminots ont été volées à cause d’une faille de sécurité”
The personal data of SNCF employees has been stolen following a security error by a subcontractor.
- Source : RTL
- Author : Arnaud Tousch
- Date : June 13, 2023
The success of ransomware has wreaked such havoc on cyber insurers that a wave of fear and doubt has swept through the industry worldwide.
- Source : IT for Business
- Author : Jelle Wieringa
- Date : June 14, 2023
The US government is alleged « persistently » tracking the phones of « millions of Americans » without a warrant or safeguards, paying data brokers to obtain this data, according to a declassified report that has just been published.
- Source : 01.net
- Author : Stéphanie Bascou
- Date : June 14, 2023
Suspected Chinese state-backed hackers have exploited a security flaw in a popular messaging security appliance to infiltrate the networks of hundreds of organizations, nearly a third of which are government agencies, according to cyber security firm Mandiant.
- Source : Abcnews
- Author : FRANK BAJAK
- Date : June 15, 2023
According to a report by seven cybersecurity agencies, the LockBit cybercrime gang is responsible for 11% of ransomware attacks in France, totaling 69 raids since 2020.
- Source : ZDNet
- Author : Gabriel Thierry
- Date : June 16, 2023
A 20-year-old Russian national accused of being a member of the Lockbit cybercrime collective has been arrested in the United States for hacking.
- Source : Numera
- Author : Bogdan Bodnar
- Date : June 16, 2023