France’s National Commission on Informatics and Liberty (CNIL) has called on operators of large-scale databases in the energy, transport, banking, and insurance sectors, as well as internet service providers and government agencies, to strengthen their cybersecurity defenses. The data regulator has opened a consultation session aimed at developing a set of recommended advanced security practices for these entities. This move comes in the wake of a recent data breach at Pôle emploi, the French government unemployment agency, which is believed to have affected over ten million individuals.
The consultation, which started on Monday, will run until October 8, with the CNIL’s recommendations expected to be released in 2024. The CNIL is specifically targeting organizations that manage significant quantities of personal and sensitive data, as they are particularly vulnerable to cyberattacks. By issuing recommended security practices, the CNIL aims to help these entities improve their cybersecurity posture and protect the data they handle.
The call for enhanced cybersecurity measures is in line with the growing threat landscape, where cyberattacks are becoming more frequent and sophisticated. As the reliance on technology and data continues to increase, so does the need for robust cybersecurity measures to safeguard sensitive information. The CNIL’s recommendations will provide guidance and best practices for these organizations to follow and implement to enhance their cybersecurity defenses.
In a related development, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a cybersecurity advisory following the recent takedown of the QakBot malware’s supporting botnet by the FBI. The advisory warns companies to remain vigilant as the QakBot malware has evolved from a banking trojan to a threat that deploys multiple types of malware, trojans, and highly-destructive ransomware variants.
The coordinated operation executed by the FBI and international partners disrupted the QakBot infrastructure worldwide. By taking control of the botnet, the FBI severed the connection between victim computers and the QakBot command and control servers. However, additional action is required to mitigate the lingering impact of QakBot. The malware not only infects devices but also attempts to steal email credentials to facilitate the spread of malicious software to other networks.
To identify potential QakBot infections, the FBI has identified the IP addresses of other potentially compromised computers and is notifying email service providers and hosting companies responsible for compromised accounts. CISA and the FBI are also sharing indicators of compromise to enable organizations to better detect and defend against possible attacks. This collaborative effort aims to minimize the risks associated with the QakBot malware and protect the targeted sectors, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.
Meanwhile, the United Nations is currently negotiating a new international cybercrime treaty that will lead to the development of new cybercrime laws worldwide. However, the proposed treaty has sparked controversy and raised concerns among human rights groups. The current draft of the treaty expands the definition of cybercrime, potentially enabling authoritarian regimes to abuse it for government censorship and unlawful surveillance.
The treaty’s origins, as proposed by Russia with support from countries like China and North Korea, further fuel concerns regarding potential violations of international human rights standards. Critics argue that the treaty risks criminalizing online expression and conduct protected under these standards. Additionally, it authorizes the use of intrusive tools for investigations without adequate safeguards and creates a global framework for international cooperation that may result in a race to the bottom in cross-border policing.
Microsoft has expressed criticism of the proposed treaty, highlighting its broad scope and the potential for it to grant authoritarian states excessive power in suppressing dissent under the pretense of fighting cybercrime. The tech giant recommends narrowing the definition of cybercrime to “core cybercrime offenses” and incorporating provisions to protect security researchers and limit government access to private data.
The negotiation session for the treaty is scheduled to conclude on Friday, with the final session expected to take place early next year. While it remains uncertain whether Microsoft’s message will be taken into consideration, there is hope that the UN will arrive at a more limited definition of cybercrime. The outcome of these negotiations will shape the future landscape of international cybersecurity and the protection of digital rights.