APT? French firms are struggling to cope even with unsophisticated threats
Ransomware, banking malware, and sextortion scams are some of the top threats facing cybercrime defenders in France, according to a recent report from the country’s Interior Ministry.
Much like trends seen elsewhere in the world, France recorded attackers shifting their use of ransomware from consumers and small business towards large corporate targets throughout the latter part of last year, with the number of incidents of cyber-enabled crime doubling between 2016 and 2018.
The Ministry’s 2019 Cyber Threats report – its third annual analysis of the French digital threat landscape – outlined the defensive actions taken by Paris in June to mitigate the tide of ransomware targeting enterprises.
This included the release of a PyLocky decryption tool, as the ransomware family continued to present problems for French and European businesses, the Interior Ministry said.
But despite the attention paid to ransomware attacks on massive organizations such as the French engineering firm Altran, many incidents likely go unreported, says Gerome Billois, cybersecurity consultant at Wavestone and board member of the French security association CLUSIF.
“Ransomware is a real problem in France,” Billois told The Daily Swig.
“We have a lot of people who have computers stuck with ransomware and we’re still struggling to find a solution because it’s difficult for the general public to understand what to do, or spend, on cybersecurity.”
Unreported incidents
Billlois explained that cyber-attacks, whether perpetrated through ransomware or other means, often go unreported due to embarrassment or the fallout to a company’s brand, particularly as the majority of incidents tend to have been preventable in the first place.
“Most of the attacks that hit large companies aren’t very sophisticated,” Billois said.
“Maybe one part of the attack was new, like to bypass things such as an antivirus, but we know this methodology and the tools that get used are quite common.
“It’s not the work of spy agencies or very advanced technical experts,” he added, choosing to point the finger at poorly maintained systems instead.
Regardless of the type of attack, the country appears to be on the frontline of cyber malevolence.
A study by Symantec found that 19.3 million French citizens were affected by cybercrime in 2017.
The attacks, however, rarely appear to be perpetuated from inside the country, Billois said.
“I’ve never seen an attack coming from inside France,” he said, “if you want to investigate, then you need cooperation with another country.”
He added: “It’s very difficult for police forces to find the culprit, so most of the companies don’t know what the police can even do.”
Police support
Disorganization across France’s multiple police forces was partially responsible for a notable lack of focus on cyber threats, Billois said.
“I think we are below the number of cyber police officers that we should have at a national level,” he said, while praising various initiatives taken by the Interior Ministry such as alerts given to the public on cyber threats, and steps for resolving any data security issues that may arise.
The Agence nationale de la sécurité des systèmes d'information (ANSSI), the French equivalent to the UK’s NCSC, was also paving the way for better cyber practice, although the agency’s modest size meant it can only handle so many incidents, Billois said.
“There are so many SMEs and so many people that need help,” he said.
“So we go to the police forces to at least file a complaint, but they won’t get a lot of operational help, and that’s where you have companies that can provide this help, such as computer emergency response teams, which can assist companies when they get breached.
He added: “There are dozens in France.”
While there is much to be done to increase the France’s cybersecurity posture, Billois praised both law enforcement and the Interior Ministry for its collaboration with European and international law enforcement, including efforts to help French companies comply with GDPR.
