Home Business Cyber ​​attackers target business intermediaries more

Cyber ​​attackers target business intermediaries more

"The attackers can not go through the door. They try to go out the window ». Presenting Monday, April 15 the annual report of the National Agency for the security of information systems (Anssi), Guillaume Poupard, its director general, wanted to characterize the new types of cyberattacks: failing to directly attack large organizations, which take the means to protect themselves from their aggressions, the attackers seek henceforth to reach them through their providers or suppliers.

1,869 reports, 16 major incidents and 14 cyber-defense operations were recorded by Anssi in 2018. About half of them are attacks. "Indirect".

France also the target of a "malicious cyberactivity"

One intermediary, several organizations

"The threat of these indirect attacks increases as the final targets become secure," explains the Anssi report. The cyberattackers manage to circumvent the security measures of very large organizations, more and more aware of the numerical risk.

Access to a single intermediary is sometimes enough to gain privileged access to several organizations, thereby increasing the return on investment of attackers. "They can then conduct large-scale campaigns targeting multiple targets of high strategic interest", says the report, exploiting a relationship of trust that intermediaries have with the final target.

Airbus: infiltration via a supplier

Last January, the aerospace giant Airbus announced that it had been the victim of a "Cybersecurity incident" in the computer systems of its commercial aviation branch. The cyber-investigators uncovered an attack of several weeks, conducted in two stages.

The cyberattackers began by penetrating the computer systems of one of the French suppliers of Airbus. Alerted by the Anssi in December 2018, the latter then informed the aeronautical group. After a few days of investigation, the experts realized that the attack on the subcontracting company was in fact aimed at the Airbus group itself.

Providers are often smaller companies, less prepared for this type of attack. It is then easier for attackers to have access to protected data, such as the identifiers or passwords of the final target.

Raise awareness among providers

The evolution of this threat over the past few months has prompted Anssi to raise the awareness of service providers about this type of risk. The agency handed over in June its first "Security visas" to 36 IT service providers, and wishes "Enhance the visibility of excellence solutions".

Anssi has also published the finalized version of its requirements repository for cloud computing service providers called "SecNumCloud" developed in consultation with market players. The list of service providers in qualification or qualified is available on the Anssi website.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

Officialist media criticize Cuban self-employed people for the price at which they sell beer

Posted on Wednesday, July 17, 2019 - 18:17 (GMT-5)Government media on the island have questioned the price of beer in bars, cafeterias and private...

Off. Dead migrants stranded on the beach

Avignon, special envoy. A universe of domestic chaos invades the play area. Tables and armchairs are overturned, entangled. Only at the center of this snobbish...

Areva's takeover of Uramin: new indictments of leaders, including Anne Lauvergeon

The Uramin affair is experiencing a new rebound. Parisian investigating judges have notified new indictments for former leaders of Areva (now Orano), including the...

OM: Florian Thauvin unavailable 4 to 5 weeks

Forced to give up the tour of Olympique Marseille in the United States because of his sprained right ankle contracted during the friendly against...

Your memories of the day when Man walked on the moon

Sophie, 54 years old, Baden-Baden (Germany)"The first steps...