ANSSI publishes the 2023 Cyber Threat Overview

In its Cyber Threat Overview 2023, the Agency reports a steadily rising cyber threat level, against a backdrop of new geopolitical tensions and international events being held in France. At a time when attackers are constantly improving and seizing every opportunity, ANSSI insists more than ever for a better application of basic recommendations.

A rise in the level of the cyber threat

In 2023, espionage remained at a high level, with a significant increase in the targeting of individuals and non-governmental structures that create, host or transmit sensitive data. Among the new trends in espionage, ANSSI noted an increase in attacks on business and personal cell phones aimed at targeted individuals, as well as an upsurge in those carried out using modus operandi publicly associated with the Russian government against organizations located in France.

Computer attacks for extortion purposes also remained at a high level in 2023, as evidenced by the total number of ransomware attacks reported to ANSSI, which was 30% higher than over the same period in 2022. This upsurge breaks with the decrease observed by the Agency in the previous Cyber Threat Overview.

Furthermore, in a tense geopolitical context, the Agency has noted new destabilization operations aimed primarily at promoting a political discourse, hindering access to online content or damaging an organization's image.While distributed denial-of-service (DDoS) attacks by pro-Russian hacktivists, often with limited impact, were the most common, pre-positioning activities targeting several critical infrastructures in Europe, North America and Asia were also detected. The latter, although more discreet, may nevertheless be aimed at larger-scale operations carried out by state actors waiting for the right moment to act.

Attackers improve and take advantage of technical weaknesses

Overall, the year 2023 has seen significant changes in the structure and methods of attackers. Attackers are perfecting their techniques to avoid detection, tracking and even identification. In particular, it appears that cybercriminal modus operandi could be instrumentalized by state actors to conduct espionage operations. What's more, the cybercriminal ecosystem is now taking advantage of widely available tools and methods to target particularly vulnerable sectors.

Despite security efforts in certain sectors, attackers continue to exploit the same technical weaknesses to gain access to networks. Thus, the exploitation of "day-zero" and "day-one" vulnerabilities remains a prime entry point for attackers, who still too often take advantage of poor administration practices, delays in patching and the absence of encryption mechanisms.

Finally, the major events scheduled to take place in France in 2024, and first and foremost the Paris Olympic and Paralympic Games, could offer attackers additional opportunities to act. Similarly, attackers could also be incited to break into and maintain themselves on critically important networks, in the context of international tensions. The risk of strategic confrontation between major powers cannot be ruled out.

ANSSI increasingly mobilized to raise cybersecurity standards

ANSSI is calling on French organizations to better apply essential recommendations such as developing detection capabilities, implementing an information systems backup strategy, and drawing up business continuity and recovery plans. In addition, regular monitoring of CERT-FR publications on the most common threats and vulnerabilities is an indispensable resource for achieving the right level of cybersecurity.

In 2024, ANSSI will be largely mobilized for the cybersecurity of the Olympic Games, for which the Agency has defined, in cooperation with the various government departments involved, a reinforced system for monitoring, alerting and handling IT security incidents.

Finally, to ensure the nation's protection in the years to come, and to cope with the constant upsurge in threats and ever-improving attackers, ANSSI intends to build on the entry into force this year of the NIS 2 directive, which will regulate several thousand new entities and gradually strengthen their IT security levels. In addition, the Agency intends to continue supporting international operations to dismantle cybercriminal networks, such as the one against the QakBot group in 2023.