France steps up cyber defence efforts

French state cyber agency ANSSI has reported that cyber espionage remained high last year, with a significant increase in attacks on individuals and non-governmental structures that create, host or transmit sensitive data.

In its Cyber Threat Overview 2023, ANSSI notes an increase in attacks on business and personal cell phones aimed at targeted individuals. There was also a surge in attacks carried out using methods publicly associated with the Russian government against organisations located in France.

Computer attacks for extortion purposes also remained at a high level in 2023, as evidenced by the total number of ransomware attacks reported to ANSSI, which was 30% higher than  2022. The previous year, ransomware attacks had actually reduced.

In a tense geopolitical context, the agency noted new destabilisaing operations aimed primarily at promoting a political discourse, hindering access to online content or damaging an organisation’s image.

“While distributed denial-of-service (DDoS) attacks by pro-Russian hacktivists, often with limited impact, were the most common, pre-positioning activities targeting several critical infrastructures in Europe, North America and Asia were also detected. The latter, although more discreet, may nevertheless be aimed at larger-scale operations carried out by state actors waiting for the right moment to act,” said ANSSI.

The agency said that attackers are perfecting their techniques to avoid detection, tracking and even identification. “In particular, it appears that cybercriminal modus operandi could be instrumentalised by state actors to conduct espionage operations. What’s more, the cybercriminal ecosystem is now taking advantage of widely available tools and methods to target particularly vulnerable sectors,” said ANSSI.

Despite security efforts in certain sectors, attackers continue to exploit the same technical weaknesses to gain access to networks, added the agency. So the exploitation of ‘day-zero’ and ‘day-one’ vulnerabilities remains a prime entry point for attackers, who still too often take advantage of poor administration practices, delays in patching and the absence of encryption mechanisms.

“Finally, the major events scheduled to take place in France in 2024, first and foremost the Paris Olympic and Paralympic Games, could offer attackers additional opportunities to act. Similarly, attackers could also be incited to break into and maintain themselves on critically important networks, in the context of international tensions. The risk of strategic confrontation between major powers cannot be ruled out,” said ANSSI.

As a result, ANSSI is calling on French organisations to develop improved detection capabilities, implement information systems backup strategies, and draw up business continuity and recovery plans.

“In 2024, ANSSI will be largely mobilised for the cybersecurity of the Olympic Games, for which the agency has defined, in cooperation with the various government departments involved, a reinforced system for monitoring, alerting and handling IT security incidents,” said the agency.

“ANSSI intends to build on the entry into force this year of the NIS 2 directive, which will regulate several thousand new entities and gradually strengthen their IT security levels,” it said.

In addition, the agency will continue supporting international operations to dismantle cybercriminal networks, such as the one against the QakBot group in 2023.

“The constant development of the threat and attackers demonstrates the need for ANSSI to evolve its way of working, in particular by collaborating with new operational actors, in order to better organise and strengthen French cybersecurity,” said Vincent Strubel, director general at the agency.