Cybersécurité dans l'espace: comment Thales relève les défis à venir
A new group of pro-Russian hacktivists emerged via an attack claim on 5 October 2022. The group calls itself "We are Clowns" and claims to have launched a DDoS attack against the website of the Human Rights Centre in Slovakia. The group also stated the duration of the attack when it was carried out, namely two hours. The creation of this group and its attack on a Slovakian site is part of a new campaign by various Russian groups targeting countries supporting Ukraine's membership of NATO. Read more about it : here
According to the media outlet Ransomwaremap, the cybercriminal group LockBit 3.0 claimed responsibility for a ransomware attack on 16 September on the websites "kaffeberlin.com", a chain of cafés and restaurants in France, and "software-line.it", a group of computer system designers in Italy. Kaffeeberlin has 14 days and software-line 7 days before the stolen data is published. Read more about it : here and here
During the night of 14 to 15 October 2022, the computer servers of the Chaville town hall were the victims of a large-scale cyber attack. As a result, the main services associated with the town hall's servers were interrupted or disrupted. The cybercriminal group Cuba claimed responsibility for the attack on 18 October, confirming the ransomware attack. The impact of this attack could be significant if the town hall's servers are affected, beyond just some of the computers on the network. If the servers are down, it is possible that important data such as residents' personal data will be lost, but also that the council's services will be unavailable until the servers are replaced or the ransom is paid. Read more about it : here
One of the spokesmen for the pro-Ukraine hacktivist group TeamOneFist claimed responsibility for a major attack on the Russian satellite network "Gonets" during the "Pleiades" cyberoperation. The attack would have disabled the satellite network. He claims to have penetrated the CRM/customer database, which is referenced by the network in order to send/receive messages. Having failed to download the database, which was under heavy surveillance, the group decided to destroy it without being detected. From this data, the group discovered that the Gonets network was used by 97 organizations to transmit sensitive data, including fishing companies, energy companies and the FSB. Read more about it : here
The French hospital in Cahors was the victim of a cyber attack on Thursday 15 September. The attack mainly affected the hospital's internal messaging system, so patient care is continuing as normal. Internet access has been restricted in the hospital to ensure the security of the health facility. Patient data is not affected as it is hosted by another service provider. For the time being, the attack has not been claimed. Read more about it : here
On Thursday 20 October 2022, the German University of Ansbach was the target of an attack by cyber attackers. The attackers have not yet been identified and have not claimed responsibility for the attack. The targeted server could be isolated from the rest of the network, which prevented the attackers from doing significant damage. For security reasons, all access has been blocked for staff and students and it is not possible to connect to any of the university's computers. Virtual seminars are also expected to be partially cancelled. In view of the measures taken by the university, it is possible that this attempted attack is similar to a ransomware attack. Read more about it : here
ccording to a share from the media outlet "BetterCyber", on 9 October, the ransomware group "HiveLeak" claimed responsibility for an attack targeting the Portuguese municipality of Louros. The attack reportedly took place on 22 September and the stolen data was revealed between 9 and 10 October. The town of Louros has a small population and appears to be small in size, with an economy based primarily on tourism. It is likely that this ransomware attack will have a significant impact if the ransom demanded is high. Furthermore, despite the nature of the stolen data, the sample provided in the leak page includes contact, financial and administrative information, which may expose residents to further cyber threats if their data is revealed. Read more about it : here
On 2 September, the airline TAP Air Portugal said it had suffered a cyber attack, which was "quickly reported to the competent authorities". However, the Portuguese national airline recently admitted that the cyber attackers who attacked it in early September had stolen some of its customers' personal data and published it on the dark web. Despite this, the airline said all payment details appeared to be safe. Read more about it : here
On 18 October 2022, a backbone link carrying the Internet from the north to the south of France was physically cut near the town of Aix-en-Provence. According to the elements of the investigation reported by the police, this was an act of vandalism in which the criminals only had to lift a protective cover. After gaining access to the cables, the criminals cut them, thus destroying the backbone segment coming from Lyon, which is used to link the submarine cables in the Atlantic to the submarine cables that run from the Mediterranean to the sides of the Indian and Pacific Oceans. For the time being, no drop in internet throughput has been reported by Interxion, the region's data centre operator, which claims that the sabotage had no internet-wide consequences. The original information was made public on 20 October by a US company called Zscaler, which provides secure cloud access platforms. According to network tests carried out by this company following the incident, the outage would affect the delivery of Internet via submarine cables that leave the port of Marseille to serve Africa, the Middle East and Asia. Indeed, they suggest that some parts of the network are experiencing packet losses. Although the actual impact is minor, Zscaler warns that this could cause latency in users' internet requests. Zscaler also suggests, after testing, other possible degradations on two other backbone links, the one from Madrid that serves as a relay for other cables crossing the Atlantic and the one to Milan that serves South East Europe; although this has not yet been confirmed by investigators. At the same time, there has been confusion between several incidents in the media, as another cable damage has been reported in Great Britain. A link between the Shetland Islands and Scotland was severed on 20 October, completely cutting off the islands' telecommunications links. Although these incidents occurred at the same time, at the moment there is every reason to believe that they are completely uncorrelated. The impact of the cable cuts has therefore had a minor impact on the French telecoms network and its intercontinental dependencies, as the data rate has not decreased and the cables are being replaced. However, this is not an isolated incident, as cables of the same type were also vandalised earlier in May 2020 in the Paris region. As a result, a massive blackout affected the Ile-de-France region. Free and Orange were among those affected, but so was Scaleway (Iliad), whose boss explained that at least four operators in all had been affected by the outage. Extremist anti-5g activists have been suspected of acts of vandalism since 2019 and it has been assumed that some of these acts of destruction could be their doing. More organised and simultaneous sabotage could have almost similar consequences to the Shetland incident. However, such an operation requires a certain professionalism, site reconnaissance and a thorough knowledge of the French telecommunications wire network. These skills are rarely within the reach of ordinary vandals or activists, and no private contractor seeking retribution for payment problems would risk such large-scale attacks. Read more about it : here
On 8 October, the computer systems of three hospitals in Barcelona were disabled as a result of a cyber ransomware attack. As of 10 October, the system was still reportedly inoperative. The information systems of all departments of the Consorci Sanitari Integral (CSI), which includes several health centres, nursing homes and hospitals, were affected. The attack is said to be "serious" and to have hampered the functioning of the health centres. Staff were unable to access personal data and illness histories, or perform tests on devices running on the system. The group behind the attack has not yet claimed responsibility. From the feedback on the consequences of the attack, it would appear that the impact is severe and that all the resources of the different hospitals are in a degraded mode, reducing their capacity to admit patients with speed. The health of patients in the Madrid region is therefore possibly at risk. Read more about it : here