The supply chain and cloud are becoming key targets

Cesin’s annual report, as well as surveys by expert publishers emphasize the virulence of cyberattacks in 2021. If hackers continue to target the user, the “software supply chain” and the cloud are getting of their attention.

In early February, the Ministry of Justice stole confidential data. The hackers threatened to release confidential information if they did not get the ransom payment. The last episode of the long series! Since last year, one of France’s two largest companies has suffered at least one successful cyberattack. This is one of the key figures Cesin presented in January as part of its barometer for the year 2021, from a survey conducted by OpinionWay.

On a more positive note, the survey highlights the continued increase in budgets allocated to security, with 70% of companies giving them an increase last year. Another notable development is that seven out of ten companies have taken out cyber insurance.

This latest trend does not, after all, not meet all needs. Because insurers don’t have big data and history to assess the damage caused by cyberattacks, they sometimes tend to offer inadequate coverage, or even less than the ransom demanded by hackers. Last April, the head of Anssi, Guillaume Poupard, said he was worried about “chaotic game of some insurer“. Ten months later, things don’t seem to be progressing much.

At the salient points of this Cesin barometer, user awareness has been the subject of ongoing efforts, especially in the suppression of phishing which, despite these actions, has remained the first vector of attack on company last year. However, it should be noted that its level has dropped slightly compared to 2020.

Another a priori positive sign, the impunity enjoyed by the most dangerous hackers, such as APT (Advanced Persistent Threat) found in countries such as Russia or Korea can no longer be total. Last January, the FSB, the federal security service of the Russian Federation, announced through a press release that it had disbanded a group of hackers called REvil, at the request of the United States. An event that must be interpreted with extreme caution because of its apparent political motivation and the difficulty in ascertaining the veracity of this dismantling. Also, Russia is not the only country hosting APTs.

Finally, on the side of the French State, public authorities are stepping up the way. Anssi will create branches in the regions (see box). Finally, this balanced sheet of Cesin as the regionalization of the Agency indicates a growing awareness which is concretely translated into the ground.

PUBLISHER, CLOUD AND OPEN SOURCE: THE WEAK LINKS

These last few weeks have also provided an opportunity for expert publishers to create their own panoramas of hacker activity in 2021. An Orange Cyberdefense survey puts an increase between 2020 and 2021 in cyberattacks against private companies in 13% and in public organizations of France. In part, the Check Point Software 2022 report suggests a 50% increase in 2020 worldwide.

But despite this growth, this latest report highlights sensitive points, on the road to becoming the new weak link in information systems. First is the “software supply chain“. In the publisher’s classic phase, after Solarwinds at the end of 2020, publisher Codecov recognized in April that its Bash Uploader reporting tool could pose a threat to its customers. Last July, the publisher that Kaseya was in the storm.Hackers were able to spread their malware by forwarding them as updates from this publisher.

Large cloud providers are also not immune. According to a study by specialist company Ermetic, 90% of data stored in the AWS cloud is exposed to ransomware, a risk specifically associated with configuration problems. A vulnerability also featured by the Check Point report. According to him, “by 2021, the level of vulnerability of cloud providers has become more alarming than ever“.

Applications built using open source bricks are also in the spotlight, as the vulnerability in Log4j2 showed a few weeks ago. This software breakdown is not limited to cloud providers, publishers or open source libraries. According to the cloud security report from Sysdig, application containerizations, especially for the hybrid cloud, are growing rapidly. But problem: 75% of containers have critical vulnerabilities! (see Itforbusiness.fr)

The use of flaws in this software of all kinds owes nothing to chance. The eternal race between police and thieves drives the latter to look for weak points or less armed organizations. In other words, if users become more vigilant, the search for more technical flaws is necessary on the part of the hacker. It remains to be seen if all stakeholders, editors, cloud providers … and, in general, developers will be able to secure the code. A challenge far from won. Cigref is asking for some time for implementing the standards for publishers: “in the case of digital, no minimum security standard is imposed. The user remains solely responsible.Cigref’s request seems logical but, to be effective, must be accompanied by better security for the code developed by the user companies themselves and their use of open source bricks. However, asking developers to consider this enhanced security seems somewhat paradoxical at a time when, “force” of digital transformation, they should be delivering more open applications faster!

Also read:

> Ukraine: CIOs during the Cyber-War!

> ANSSI will have its 7 regional cyber-centers

> CESIN is interested in watching the major maneuvers around the sovereign cloud

> “Cyber-resilience won’t start once the IS attack has entered”

> CESIN warns against unavailability of Clouds

> In 2021, one in two large companies has suffered at least one successful cyber attack.

Leave a Comment