During this period, on the 30th of April, we celebrated the « World Wide Web » which entered the public domain 30 years ago. Happy Birthday, Internet! (Source 1)
Another celebration takes place every year on the first Thursday in May. This is World Password Day, which occurred on 4 May this year. On this occasion, some cybersecurity providers reminded us of the importance of taking special care with passwords. Technological advances are providing cybercriminals with new tools to carry out their attacks. Brute force attacks that seek to guess passwords now use graphics cards that are more powerful than processors, allowing them to check more than a million keys per second, thus improving their effectiveness. Passwords must meet new requirements to be truly secure (minimum number of 12 characters, use of upper and lower case letters, numbers and special characters). In addition, to ensure good security, passwords must be varied, easy to remember, complex to guess, unique and not reused. Passwords once considered secure are now outdated, creating new vulnerabilities (Source 2).
Also, on Password Day, Google introduced a single sign-on for all accounts, called Passkey, allowing facial recognition, fingerprint or PIN to be used as the sole means of logging in. This private key will be stored on a device (usually a smartphone) and can be synced with an account to access it from other devices. This new feature aims to remove passwords and stop phishing (Source 3). In addition, the latest update to Google Authenticator now allows one-time passcodes to be securely stored on the Google Account, instead of a single device. This feature allows users to access their dual authentication codes even if the device is lost or stolen (Source 4). However, security experts recommend not enabling this feature as it adds new security risks. Syncing in the cloud can allow Google and anyone with access to the Google account to see the secrets needed for two-factor authentication. The researchers recommend keeping the sync option disabled, even if it means a loss of convenience. The added risks of syncing in the cloud could make Google accounts even more attractive to malicious actors. It is important to note that two-factor authentication with Google Authenticator remains a more secure option than SMS codes. Also, syncing in the cloud is not enabled by default and does not offer additional security precautions over Google’s standard measures (Source 5).
The end of the first quarter of 2023 is also an opportunity to take stock of computer threat trends. In this context, Kaspersky has published a report on Advanced Persistent Threats (APT). According to the report, cyber threats continue to evolve with the use of different programming languages and new campaigns by new malicious actors. Established groups such as Turla, MuddyWater, Winnti, Lazarus and ScarCruft are still developing their tools. The targets are diverse, ranging from government sectors to the gaming industry to telecommunications. Geopolitics remains a vital driver for APT development, and the main objective of APT campaigns is computer espionage (Source 6). It is also important to note that other types of threats exist outside APTs, such as the Hacktivist group Killnet. Since the beginning of the Russian-Ukrainian war, this pro-Russian group has directed large-scale DDoS attacks against government entities and critical infrastructure. The cyber attacks intensified in June 2022, when the US and French presidents reaffirmed their support for Ukraine at the G7 summit. DDoS attacks spread across Europe, affecting the websites of airports, hospitals and financial organizations. Organizations need to be aware of these threats in a complex geopolitical context and have appropriate protection systems in place. (Source 7)
Furthermore, the UN Convention on Cybercrime has become a battleground between the European Union and other Western countries on the one hand and China, Russia and other authoritarian regimes on the other. The fifth negotiating session of the Ad Hoc Committee on the Convention took place in Vienna (Austria) on 21 April. It focused on the chapter on international cooperation and implementation of the Convention. The EU insists that cooperation under the Convention must respect international law and protect human rights, while Russia wants the Convention to potentially cover any criminal offense. The EU also advocates safeguards for personal data, but China is trying to remove this provision. (Source 8)
In parallel, the Financial Times report published an alarming article on cyber risk management in Japan. Japanese companies have long believed in the « myth of security » (language barrier and insularity as factors in keeping attackers at bay). This has prevented them from taking adequate security measures. Larger Japanese companies have strengthened their defenses against ransomware, but smaller ones have become easy targets for cybercriminals. In addition, Japan’s aging population and growing shortage of cybersecurity experts also pose a challenge (Source 9).
Finally, a new malicious hacking tool called EvilExtractor has recently appeared on the darknet. For only $59, it offers a complete toolkit for stealing data and files from Windows systems and can even act as ransomware. Its author, Kodex, claims that the tool is for educational purposes. However, the tool’s features include downloading system metadata, passwords and cookies as well as recording keystrokes. This raises questions about the tool. Is it really intended for legal purposes or can it easily turn anyone into a potential hacker? (Source 10)
Il y a 30 ans, le World Wide Web entrait dans le domaine public
Date: 2 May 2023
Thirty years ago, the World Wide Web was released by CERN to enable the sharing of information among scientists around the world.
Les mauvaises habitudes ont la vie dure – Comment créer un mot de passe inviolable pour protéger… son mot de passe
Date: 27 April 2023
On the occasion of World Password Day, a leading cybersecurity provider reminds us of the importance of taking special care with passwords
Google propose de supprimer définitivement le mot de passe
Date: 4 May 2023
Google has launched Passkey, a single sign-on for accounts that uses facial recognition, fingerprint or PIN in an effort to eliminate passwords and stop phishing.
Google Authenticator permet enfin de synchroniser ses codes 2FA dans son cloud
Source : Nextimpact
Date : 26 April 2023
Google Authenticator now makes it possible to securely save 2FA codes on the Google Account, for access from any device in case of loss or theft.
Google peut voir vos secrets lorsque la synchronisation dans le cloud est activée pour Google Authenticator
Source : Le Journal du hack
Date : 27 April 2023
Google has announced that its two-factor authentication app supports syncing in the cloud, but security experts recommend against enabling it due to security risks
APT trends report Q1 2023
Source : Securelist
Author : GReAT
Date : 27 April 2023
Advanced Persistent Threat (APT) activity is reported in quarterly summaries published by Kaspersky’s Global Research and Analysis Team (GReAT).
Attaques DDoS : comment le groupe pro-russe Killnet choisit-il ses cibles et pourquoi ?
Source : Undernews
Date : 2 May 2023
Since the beginning of the Russian-Ukrainian war, the Killnet group has been conducting large-scale DDoS attacks on critical infrastructure
L’Occident se heurte à la Chine et à la Russie au sujet de la Convention des Nations unies sur la cybercriminalité
Source : Euractiv
Date : 24 April 2023
During the 5th negotiating session on the UN Convention on Cybercrime, there were significant differences between the stakeholders.
Japan’s ‘myth of security’ raises cyber attack risk
Source : Financial Times
Date : 5 May 2023
This article discusses the increased cyber risks that Japan may face due to its culture, as well as the shortage of cyber security experts in the country.
EvilExtractor, le code malveillant venu de Turquie
Source : Zataz
Date : 2 May 2023
EvilExtractor, a new malicious hacking tool for stealing data and files from Windows systems, with the ability to act as ransomware. Its author, Kodex, claims that it is intended for educational purposes.