Connect with us


France warns of cyberattacks against service providers and engineering offices



Image: Getty Images/iStockphoto

France’s cyber-security agency has published an alert about cyber-espionage campaigns targeting the infrastructure of service providers and engineering firms.

“Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients,” the National Cybersecurity Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), said in a technical report published on Monday.

Samuel Hassine, the head of ANSSI’s Cyber Threat Intelligence division, said the agency compiled the report with information from recent ANSSI investigations following incident response activities.

“At this point, analysis suggests two waves of attacks separated in time and without technical evidence of a link between them,” ANSSI officials said. “The first wave uses mainly the PlugX malware. The second wave relies on legitimate tools and credentials theft.”

ANSSI officials didn’t name victims or attribute the attacks to any particular hacker group or foreign nation; however, the PlugX backdoor trojan mentioned in the report is a common utility that has been often used by Chinese-backed hacker groups in many intrusions over the past decade.

A trend

The ANSSI report fits a trend that has been observed over the past year, during which multiple news stories, technical reports, and security alerts from cyber-security agencies have blamed (and even indicted) Chinese hackers for multiple attacks on cloud service providers and the European industry.

This includes coordinated Chinese attacks on a wide range of cloud providers across the world (Operation Cloudhopper), such as Visma, HPE, and IBM; on France’s Airbus; French engineering and technology consultancy and supplier Expleo; British engine-maker Rolls-Royce; a years-long campaign targeting most of Germany’s biggest companies, such as ThyssenKrupp, BASF, Siemens, Henkel, Teamviewer, Valve, and Bayer.

Second report

In addition to the report on the attacks targeting service providers and engineering firms, ANSSI also published a second report.

This second report details a large-scale phishing and credentials gathering campaign that primarily targeted government bodies.

“The range of supposed targets is wide, including country officials and think tanks,” ANSSI officials said. “Five possibly targeted diplomatic entities belong to member countries of the United Nations Security Council (China, France, Belgium, Peru, South Africa).”

ANSSI said their report describes the same activities that have been previously documented over the summer and the past year by cyber-security firms like Anomali, Cisco Talos, ESTsecurity, and Palo Alto Networks.

These attacks, which were still ongoing, were linked to a threat actor known as Kimsuky (Group123), linked to the North Korean government.

ANSSI and its open approach to cyber-security

ANSSI said these two reports are just the beginning, and they plan to publish more in the future, on a dedicated page they’ve set up on the agency’s website. The reports, the agency hopes, will provide the technical details so French and foreign companies can set up defensive measures in place to prevent or block future attacks.

The French cyber-security agency is following a trend that’s been popularized by US and UK cyber-security agencies, which in the past year have begun sharing more information with the private sector about ongoing cyber-espionage operations, calling out foreign countries, and releasing internal tools to the general public (such as the NSA’s Ghidra malware analysis framework).

On this last front, ANSSI has been the most prolific of all agencies. In the past year, the agency open-sourced CLIP OS, a security-hardened Linux-based operating system used internally by the French government; Tchap, an end-to-end encrypted instant messaging client; and, more recently, OpenCTI, a platform for processing and sharing cyber threat intelligence information.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The Five Pillars of (Azure) Cloud-based Application Security



This 1-hour webinar from GigaOm brings together experts in Azure cloud application migration and security, featuring GigaOm analyst Jon Collins and special guests from Fortinet, Director of Product Marketing for Public Cloud, Daniel Schrader, and Global Director of Public Cloud Architecture and Engineering, Aidan Walden.

These interesting times have accelerated the drive towards digital transformation, application rationalization, and migration to cloud-based architectures. Enterprise organizations are looking to increase efficiency, but without impacting performance or increasing risk, either from infrastructure resilience or end-user behaviors.

Success requires a combination of best practice and appropriate use of technology, depending on where the organization is on its cloud journey. Elements such as zero-trust access and security-driven networking need to be deployed in parallel with security-first operations, breach prevention and response.

If you are looking to migrate applications to the cloud and want to be sure your approach maximizes delivery whilst minimizing risk, this webinar is for you.

Continue Reading


Data Management and Secure Data Storage for the Enterprise



This free 1-hour webinar from GigaOm Research brings together experts in data management and security, featuring GigaOm Analyst Enrico Signoretti and special guest from RackTop Systems, Jonathan Halstuch. The discussion will focus on data storage and how to protect data against cyberattacks.

Most of the recent news coverage and analysis of cyberattacks focus on hackers getting access and control of critical systems. Yet rarely is it mentioned that the most valuable asset for the organizations under attack is the data contained in these systems.

In this webinar, you will learn about the risks and costs of a poor data security management approach, and how to improve your data storage to prevent and mitigate the consequences of a compromised infrastructure.

Continue Reading


CISO Podcast: Talking Anti-Phishing Solutions



Simon Gibson earlier this year published the report, “GigaOm Radar for Phishing Prevention and Detection,” which assessed more than a dozen security solutions focused on detecting and mitigating email-borne threats and vulnerabilities. As Gibson noted in his report, email remains a prime vector for attack, reflecting the strategic role it plays in corporate communications.

Earlier this week, Gibson’s report was a featured topic of discussions on David Spark’s popular CISO Security Vendor Relationship Podcast. In it, Spark interviewed a pair of chief information security officers—Mike Johnson, CISO for SalesForce, and James Dolph, CISO for Guidewire Software—to get their take on the role of anti-phishing solutions.

“I want to first give GigaOm some credit here for really pointing out the need to decide what to do with detections,” Johnson said when asked for his thoughts about selecting an anti-phishing tool. “I think a lot of companies charge into a solution for anti-phishing without thinking about what they are going to do when the thing triggers.”

As Johnson noted, the needs and vulnerabilities of a large organization aligned on Microsoft 365 are very different from those of a smaller outfit working with GSuite. A malicious Excel macro-laden file, for example, poses a credible threat to a Microsoft shop and therefore argues for a detonation solution to detect and neutralize malicious payloads before they can spread and morph. On the other hand, a smaller company is more exposed to business email compromise (BEC) attacks, since spending authority is often spread among many employees in these businesses.

Gibson’s radar report describes both in-line and out-of-band solutions, but Johnson said cloud-aligned infrastructures argue against traditional in-line schemes.

“If you put an in-line solution in front of [Microsoft] 365 or in front of GSuite, you are likely decreasing your reliability, because you’ve now introduced this single point of failure. Google and Microsoft have this massive amount of reliability that is built in,” Johnson said.

So how should IT decision makers go about selecting an anti-phishing solution? Dolph answered that question with a series of questions of his own:

“Does it nail the basics? Does it fit with the technologies we have in place? And then secondarily, is it reliable, is it tunable, is it manageable?” he asked. “Because it can add a lot overhead, especially if you have a small team if these tools are really disruptive to the email flow.”

Dolph concluded by noting that it’s important for solutions to provide insight that can help organizations target their protections, as well as support both training and awareness around threats. Finally, he urged organizations to consider how they can measure the effectiveness of solutions.

“I may look at other solutions in the future and how do I compare those solutions to the benchmark of what we have in place?”

Listen to the Podcast: CISO Podcast

Continue Reading