France/Cyberattack: local authorities, hospitals and SMEs increasingly targeted, even in Limousin
The cyberattack of which the local authority of Grand Guéret was victim, on Monday 29 November, is not an isolated event. These attacks, often coming from abroad, are more and more frequent, and more frequently target small structures in the region than large national or international groups, often better armed or defended. Potential targets therefore exist in Limousin.
In fact, during a conference on cybercrime organized in June 2021 in Limoges, the figure of two to four victims per week, between Limousin and Poitou-Charentes, had been put forward, whether they were companies, communities or public structures!
If private individuals are also increasingly targeted, these cyberattacks aimed at companies and/or communities are often of a different nature.
These are mainly :
- Installation of spyware and hacker programs
- Phishing (a fraud technique in which cybercriminals pretend to be a trusted third party in order to obtain sensitive or confidential information)
- Denial of service on sites, which then become unavailable.
- Intrusion and/or theft of information.
- And last but not least, often coupled with one or more of the previous ones, "ransomware", which, in simple terms, amounts to a ransom demand in exchange for restitution or unblocking, depending on the attack used.
An economic devastation
Thierry Berthier, a university professor in Limoges, expert and consultant for many structures in the field of cybercrime, sees the "ransomware" as one of the worst scourges of the economy, whatever the scale considered.
"It does a lot of damage, it can quickly 'sink' any business, or put any community in an extremely difficult situation. On a global scale, "ransomware" generates more profits for cybercriminals than the entire drug trade! ".
The targets? "Smart is beautiful!
If we see large groups (such as IKEA currently) or even States being victims of such practices, the targets are however generally of a much smaller size.
"Today,it is mainly public or local authorities, as in the Guéret example, structures such as hospitals, and above all small and medium-sized businesses that are subject to such attacks.
And this is logical: large groups are better armed, better prepared and better defended. Attacking them could, on paper, be more profitable, but the "success" is more uncertain.
Especially since it is easier to attack smaller structures, which also allows a form of "industrialization" of these attacks. Instead of launching a single attack, cybercriminals launch several at once, thus multiplying their chances of success.
In 95% of cases, these attacks are launched via the internal messaging systems of companies or public authorities. And as it is often just a click away..." Thierry Berthier
What to do in such cases?
On the one hand, there are legal obligations, and on the other hand, there are "attempted solutions".
The first are established by the RGPD (General Data Protection Regulation), a European regulation.
In the event of a hacking and/or data breach, it is mandatory to report it to the competent authority, in France theANSSI.
In addition, the persons and/or customers whose data has been hacked must also be notified.
Then, of course, there are complaints. However, as attacks mainly come from abroad, they are often difficult to trace, and finding and, even more, convicting their perpetrators is even more difficult.
Finally, it is necessary to "solve" the problems and, in almost all the cases, it is impossible without calling upon specialized companies (of which, according to Thierry Berthier, there are few examples in Limousin). But as there is rarely a miracle solution in this area, the process can be long (nearly twenty days before returning to normal in the case of the Cognac town hall!) and a total recovery and/or a 100% return to normal are not always possible.
"Very often, we have to recreate the entire IT structure from scratch!
As for paying the requested ransom, this is obviously not recommended.
However, without ever admitting it publicly, some victims resign themselves to it, because they see it as a simpler, faster and less expensive solution in the end.
"It may seem paradoxical, but it is estimated that nearly 2/3 of the ransom paid results in the return of data or the unblocking of sites. It's as if the hackers had an entrepreneurial spirit, and a goal of profitability, and that their "honesty" guaranteed the continuity of their business!" Thierry Berthier