On April 15, 2019, ANSSI (the National Cybersecurity Agency of France), unveiled its annual report during a press conference. The agency identified 1869 alerts, 391 incidents without counting critical importance operators, 16 major incidents and 14 cyber defence operations for 2018. ANSSI also identified 5 major trends in terms of cyber threats observed in France and in Europe in 2018.
Analysis of cyber threat in 2018 – The 5 major trends
Major concern for ANSSI in 2018, according to the agency, cyber-espionage represents the highest risk for the organizations.
Extremely discrete, benefiting from important financial resources, the attackers plan for many years highly targeted and highly sophisticated attacks. In 2018, it was noted that the cyber attackers are increasingly interested in vital activity sectors and specific critical infrastructures like the defence, health or research sectors.
According to ANSSI, indirect attacks have known an important increase in 2018. Indeed, to avoid the security measures implemented by big companies, which are more and more aware of the cyber risk, the attackers aim intermediaries, like providers, who are more vulnerable, to reach their final targets.
Compromising one partner is enough to reach many companies. So it is essential to choose partners that place their information system’s security at the top of their concerns.
3.Destabilization and influence operations
Because of the nature of the targets and the claims, these attacks though technically moderate, have often an important symbolic impact. An increase has been observed in 2018.
For reminder, cryptojacking is a cyberattack that consists in using the computer’s power of its victim to mine cryptocurrency.
In 2018, many attacks of this kind were observed. The more and more organized attackers benefit from the security flaws to compromise their victims’ equipment by placing cryptocurrencies’ miners without them knowing it.
Online frauds represent as much of a constant cyber threat for the companies and the big organizations as for the individuals. ANSSI noted an important growth of online frauds last year. Big operators are becoming more concerned about cybersecurity, so the attackers turn towards targets less exposed but more vulnerable, like territorial authorities or actors in the health sector which thus were the targets of many phishing attacks in 2018.
The multiplicity and the magnitude of the attacks observed during 2018, prove that it is essential to implement security measures to prevent these cyber threats, within big organizations, big groups as well as small companies.
“The conclusion is clear: 2018 proves once again that digital risk, far from being ethereal, must be at the heart of our concerns. Not only those of ANSSI! The cyberattacks affect all of society. That is why we must all seize the matter.” explains Guillaume Poupard, ANSSI’s General Director.