Jean-Jacques Latour: “To date, we have not identified any new threat linked to artificial intelligence”

When Cybermalveillance.gouv.fr presented its 2023 activity report on Tuesday, it raised the hot topic of the use of artificial intelligence in cyberattacks. While cybercriminals, like everyone else, use AI to their advantage, it remains just one tool among many to make their malicious acts ever more sophisticated, with phishing remaining the main vector. 

“To date, we have not identified any new threat linked to artificial intelligence. Within the scope of Cybermalveillance.gouv.fr, no case can be directly attributed to AI. We do not know whether a malicious program was created using AI or not. Attacks may perhaps become increasingly sophisticated, more intense thanks to AI, but it remains just one tool among many for cybercriminals,” said Jean-Jacques Latour, Director of Cybermalveillance.gouv.fr’s Expertise division, during the presentation of the platform’s 2023 activity report. 

In 2023, the number of visitors to the site – 3.7 million – was roughly the same as the previous year, a sign that the threat continues unabated. “This stagnation shows that a certain limit has been reached, which can only be surpassed if our resources increase in the coming years,” added Jérôme Notin, Managing Director of Cybermalveillance.gouv.fr. In 2023, the platform’s budget for its 19 agents was €2.5 million.

Phishing still tops the list of threats

More than 280,000 requests for assistance (+13%) were recorded on the platform in 2023. Their analysis provides an overview of the different forms of cyber malice encountered by the system’s audience (individuals, businesses, associations, local authorities and government agencies). Phishing remains the predominant threat and the main attack vector for both private individuals and businesses. It represents 38% of assistance requests. “Phishing is the main cause of many acts of cyber malice, – account hacking, fraudulent bank debits, viruses, ransomware, fake bank advisors… -. We’re talking more about an attack vector than an attack,” says Jean-Jacques Latour.

In his opinion, we are currently facing a genuine cybercriminal phishing ecosystem. “Today, phishing kits are sold on the darknet and are generally very well made,” he pointed out. “Sometimes, fake sites look more real than the real thing. They are used by people with few technical skills. They will then collect data and resell it to cybercriminals who will use it for identity theft, fake bank adviser scams, etc.” Mobile phones remain a prime target for cybercriminals, with SMS “smishing” and the fake fine scam taking over from the Crit’Air sticker scam.

The boom in increasingly sophisticated fake bank advisor scams

Similar to phishing, fake bank advisor scams, which we already saw in 2022, increased sharply by 78% and now represent the 7th largest threat facing private individuals. These can also be the work of “infostealers“. 2023 saw these attacks become more sophisticated. “The victim is no longer called by a fake bank advisor. Instead, they receive a fake purchase confirmation email or SMS telling them a payment is being made with their bank card and asking them to contact the call center if they are not the one making the purchase,” said Jean-Jaques Latour. “The approach is much smarter, since the victim is the one calling and will give the fake call center their personal and confidential information in order to supposedly secure their funds“.

Account hacking is the second top threat for all publics. “Unlike phishing, which remained stable over the previous year, it increased sharply (+22%),” said Jean-Jacques Latour. “Email accounts are a prime target for cybercriminals because they allow them to take control over a person’s digital life.” He also notes many social networking account hacks, particularly among professionals, bank account hacks often used in fake bank adviser scams, as well as phone operator hacks aimed at taking over a person’s phone line (“SIM swapping”) and administrative account hacks (social security, tax, etc.).

A surge in viruses targeting private individuals

Hacking into their accounts can result in financial damage, identity theft, and wire transfer or banking detail fraud for victims. “In many cases, when it comes to social networking accounts, especially those for professional purposes, we see cybercriminals trying to blackmail people. They demand that victims pay a certain amount to get their accounts back, or else they will delete them,” says Jean-Jacques Latour. “Here, criminals play on the difficulty victims have in recovering their accounts from social networking platforms.“

For several years now, fake technical support scams have been a major threat (the third most common for private individuals), the Expertise department manager reminded us, believing them to be underreported, especially by the media. “It’s a real mass phenomenon that affects seniors in particular, but not exclusively,” he asserted. Since late 2022, the modus operandi of these crooks has become much more aggressive. “In addition to offering fake troubleshooting, they take advantage of their presence on the user’s machine to tell them that their bank account has been hacked. They then take control of the account with their consent to create a recipient on their account and wire all their money,” he said. Whereas in previous years financial losses amounted to a few hundred euros, today they can reach several thousand or even tens of thousands of euros. There seems to be no limit to how sophisticated cyberattacks can become.

Ransomware, a major threat to professionals

Malicious programs, commonly known as viruses, are making a strong comeback. They rank fourth among the main causes for assistance requests from private customers, with an increase of 67% in 2023. As Jean-Jacques Latour points out, “as with phishing, this has created a veritable cybercriminal ecosystem, selling highly sophisticated, turnkey viruses that can be used by newbies with instruction manuals, making them increasingly widespread. These programs can also be rented, so a person implementing a virus today doesn’t need to have advanced programming skills.”

Cybermalveillance.gouv.fr completes its overview of cybersecurity threats by focusing on ransomware, which remains the major threat to professionals and is on the rise compared to 2022. “The biggest increase was among local authorities,” said Jean-Jacques Latour. This sector of cybercriminal activity is booming. “It is increasingly competitive, and a whole range of services is being created. In addition, the dismantling of a number of groups such as Conti, LockBit and Qbot has led to a splintering of cybercriminals.” As we can see, the threat is far from weakening, and it can strike any type of user.