Panocrim 2022: cybercrime flooding the realm of possibilities

Clusif, the French Club for Computer Security, which is celebrating its 30^th anniversary, presented the 23^rd edition of its “Panocrim”, a yearly overview of cybersecurity, at the end of January. Led by a working group of 35 experts, it reported on trends and situations from sources that are open to the public. A quick glance at its various stories and themes.

No rest for cybercriminals. They are everywhere: from the Russian-Ukrainian conflict to smartphones and promising blockchain, as evidenced by Clusif’s cybercrime overview.

Any developments on the ransomware front?

Ransomware and groups behind them remain the main cyberthreat targeting private and public organizations. The year 2022 seemed to be off to a good start, however, with the arrest by Russian authorities, on Russian soil, of the REvil ransomware gang, one of the leaders in the area. Indeed, this sent a message to all ransomware communities, a warning that maybe their days of impunity were over. Unfortunately this bit of good news was short-lived; the war in Ukraine brought cooperation on the issue between the United States, Russia and other countries, to a screeching halt.

Among the French companies targeted by ransomware in 2022: Thales, La Poste Mobile, Damart, and even Intersport’s northern franchises. France ranks 3^rd among the most ransomed countries, behind the United States and Germany. Hospitals are also still in the sights of cybercriminals, so much so that, over the summer of 2022, ANSSI granted them a new 20 million euro subsidy to help them strengthen IT security.

Another significant attack in 2022, this time abroad, struck Costa Rica. The Central American state was hit on April 17, 2022, a day before tax filing was due. The ransomware “unicorn”, Conti, paralyzed the Department of Finance, halting the tax collection process. Two days later, it put the Department of Science and Telecommunications and the Institute of Meteorology out of commission. The group then declared they were “testing a beta version of a comprehensive cyberattack designed to take out a State ».

Conti then took aim at the Social Security fund and the Department of Labor, wreaking havoc to the extent that the newly elected president, Rodrigo Chaves Robles, had no choice but to declare a state of emergency. But Conti did not stop there: the group knocked out the power supply in the city of Cartago, then the University of Alajuela, before attempting to paralyze the Department of Justice and the State lottery. This series of attacks created unprecedented disorder in the country. It was, however, abruptly halted by the war in Ukraine, as Conti decided to side with Russia.

Multifactor authentication no longer reigning supreme?

Multifactor authentication (MFA) proved to be a real success, used by 63% of large companies for end-users and 71% of them for admin. It is one of the top security measures, and therefore a choice target for cybercriminals who are now trying to hijack it by all means. One of these, a novel method in 2022, is the so-called “MFA fatigue” technique. The target receives a notification on their smartphone, requesting access, and repeated countless times, until the target, annoyed by this incessant harassment, gives in and grants access. That being said, it is “better to have an MFA that is open to attack, than no MFA at all,” according to Clusif.

2022, the year of cyberwarfare?

In 2022, the cyber-geopolitical landscape was particularly eventful: Julian Assange’s extradition, Edward Snowden’s new passport and developments on the Pegasus spyware. There were also new consequences of cyberattacks on nations, from having to declare a state of emergency to cutting diplomatic ties. Clusif presented examples of this escalation of cyberconflict: Albania, Montenegro, even the Republic of Vanuatu.

The Russian-Ukrainian conflict in cyberspace

Warring parties conducted several operations in cyberspace. Russia led destructive cyberattacks in Ukraine, bombing Ukrainian State datacenters, penetrating networks and conducting espionage outside Ukraine, orchestrating cyber information campaigns worldwide… Ukraine retaliated in various ways, making use of cyber threat intelligence and creating an “IT Army of Ukraine”.

Storm warning in the cloud

According to several studies, a third of businesses that use cloud hosting declared they had suffered security incidents. However, 30% of these incidents were due to configuration errors related to immature cloud hosting infrastructure. There were issues with publicly accessible configuration, architecture and information assets, such as virtual machines, storage, databases and web applications

The issue that now arises is the durability of the cloud. In regard to costs, providers are well aware their offer is too wide and too cheap. Some customers even want out of the public cloud. As for the high concentration of customers in the hands of a select group of providers, it has the effect of drawing cyber assailants. And all this does not take into account the consequences of the energy crisis, which will affect this type of service provider.

Cybercriminal damages in 2022 were estimated at over 2.3 billion USD. There is no shortage of scams, yet these remain fairly standard: hacking (exploiting vulnerabilities, phishing etc.), spamming (fake platforms, counterfeit crypto donations). And, in spite of them, security and trust in blockchain were not questioned, as the attacks only affected blockchain-connected ancillary services.

Huge sums of money were stolen yet the attacks did not garner much media attention because the impact was less visible, compared to ransomware attacks that leave a company paralyzed for several days, weeks or even months. The potential for vulnerability remains very high in the future because this is new technology and considerable sums are at stake.

Law enforcement and courts: results

The year 2022 saw an increase in threats but also legal outcomes, which were the fruit of constant adaptation to cybercrime. The legal framework was also strengthened through LOPMI (the Ministry of Interior’s orientation and programming act), and thanks to courts taking into account procedures allowing for swift justice to be rendered.

Thus, for the first time, an NFT was seized and is now in the care of the agency in charge of recovering stolen assets, a ransomware developer was arrested thanks to international cooperation, and their encryption keys were shared on the nomoreransom.org website.

The general public in France is also a victim of cyberattacks

Under this new Panocrim theme, which is part of Clusif’s efforts to be recognized as promoting the public interest, two main topics were broached: smishing and the fake technical support scam, a growing trend.