Panocrim du Clusif 2022: Faced with ransomware, the response is organized

It is an understatement to say that ransomware has marked the last few months. In the latest edition of its Panocrim 2022, the Clusif returned to cyber threats and, unsurprisingly, ransomware of course occupied a prominent place. Among the main attacks, those of REvil occupied a prominent place in the 2021 list. in the 2nd quarter of 2021”, continues Gérôme Billois, administrator of Clusif. However, the latter also had to solve some HR problems… “The ecosystem of professional ransomers and affiliates had to manage recruitment problems”, he underlined.

To combat cybercrime, operational and legal responses were provided throughout the past year. “There have been a lot of actions and arrests made public and searches all over Korea, in Ukraine”, explained Eric Freyssinet, second in command of the gendarmerie in cyberspace. The response to cybercrime is being organized with unprecedented international cooperation efforts. “Legal responses to ransomware are exponential and increasingly effective,” said Garance Mathias, lawyer and Clusif administrator. In the United States, the recent executive order aimed at improving the response in terms of the fight against cybercrime is a highlight of a proactive policy. Among the other levers activated: monitoring and prevention with the CISA, sanctions with the OFAC… “It now remains to be seen what responses will be provided in France and in Europe”, asks Garance Mathias.

Malicious zero-click strategies are a worrying source of threat for Loïc Guezo, secretary general of Clusif. (credit: Clusif)

Notable cyberattacks

2021 has seen a slew of cyberattacks that go far beyond ransomware. And Loïc Guezo, secretary general of the Clusif to recall the world-scale espionage operation Pegasus resulting from an Israeli software used against journalists, lawyers, politicians including in France the Prime Minister and the President of the Republic. These state-scale cyber threats are all the more powerful as the deployment strategy relies more and more on zero clicks.

“Computer systems are more and more robust, but 2021 was a record year in terms of vulnerabilities, all infrastructures, devices and OS combined”, said Hervé Schauer, administrator of Clusif. The number of contests and bug bounty and the arrival of a new generation of security researchers is surely not unrelated to the fact of having discovered an increasing number of vulns. Among the latest highlights, there is the Proxylogon flaw linked to Exchange, which Hervé Schauer does not hesitate to describe as “incredible”. Or that “the most delusional and catastrophic that one can imagine” which targeted CosmoDB Azure, via the ChaosDB flaw, the internal database via a visualization function. Not to mention other attack vectors based on the software supply chain (integration pipeline and continuous development). “The question of the time required to implement patches arises. There have been and there will always be loopholes as long as the legislators do not take the problem head on and the very rich users are not put to contribution, ”says Hervé Schauer.

The Azure flaw in its databases via ChaosDB has been described as “the most delusional and catastrophic one can imagine” for Hervé Schauer, administrator of Clusif. (credit: Clusif)

Solarwinds and Kaseya in power

Increases in bounce attacks also exploded in 2021, with 4 times more such operations compared to 2020 according to ENISA. With also 93% of companies having suffered from a cyber attack caused by a weakness of one of their suppliers according to a report by BlueVoyant. Among the most notable, Solarwinds and the trapped update of the Orion IT systems monitoring software with more than 18,000 victims, or even Kaseya (17 countries affected, 54 direct customers victims and between 800 and 1,500 end customers). Other cyberattacks also marked the year, one of which was particularly striking, affecting the Florida water treatment information system in the town of Oldsmar. Attacks that mark, according to many observers, a turning point in modern cyber warfare.

Le Clusif concluded its Panocrim by citing the increasingly successful Log4shell and deepfake audio attacks. For the next edition, Gérôme Billois evokes an analysis of the REvil cybergang whose members have been arrested. Without however specifying that large-scale events could perhaps be even more significant in 2022. There is no doubt about it.