In a recent report by the French National Agency for Information Systems Security (ANSSI), it was revealed that the surge of cyberattacks targeting French companies has not spared them amidst the wave of attacks on edge devices. The annual report highlighted the challenges faced by the state cybersecurity agency in responding to more than 4,300 incidents in 2024, reflecting a 15% increase compared to the previous year.
The spike in cyber incidents was largely attributed to the hosting of the Paris Summer Olympics, during which cyber actors attempted to disrupt the games. The attacks came in various forms, including distributed denial of service attacks by self-proclaimed hacktivist groups, ransomware attacks, and a suspected Chinese cyber espionage operation. Despite these challenges, the Olympics proceeded smoothly without major disruptions.
One notable attack mentioned in the report involved hackers exploiting a vulnerability in Palo Alto firewalls, specifically CVE-2024-3400, to launch a ransomware attack on a telecom firm. Additionally, the report outlined a list of edge device vulnerabilities that ANSSI addressed, with a significant number of incidents stemming from zero-day exploits in Ivanti gateways. The agency also observed instances of hackers targeting devices from Fortinet, Check Point, and other Ivanti devices.
The report also detailed a cyber threat group, tracked as UNC5174, utilizing zero-day exploits in Ivanti’s Cloud Service Appliance, indicating sophisticated tactics employed by these threat actors. In particular, French telecom companies were a frequent target of cyber espionage activities, with ANSSI responding to several compromises within the sector. These incidents included compromises of core networks and satellite communications operators, highlighting the pervasive nature of cyber threats in the telecommunications industry.
To evade detection and attribution, hackers utilized operational relay box networks (ORBs) to obfuscate their origins and complicate defense efforts. The use of legitimate network devices further complicates detection and blocking of malicious traffic, making it challenging for organizations to identify and mitigate cyber threats effectively.
Overall, the report underscores the evolving landscape of cybersecurity threats faced by French companies, particularly in the context of edge device hacking and nation-state driven attacks. ANSSI continues to adapt its strategies to combat these threats and enhance the resilience of critical infrastructure against cyber adversaries. The resurgence of cyberattacks targeting France in 2024 serves as a poignant reminder of the importance of robust cybersecurity measures to safeguard against evolving threats in an increasingly digital world.