April 2024

Cyber threats
Barometer

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
175 650
Identified Indicators of Compromise (IOCs)
75 263
Identified compromise reports (sum of IoCs)

Highlight of the month

Just a few months after the international coalition-led Cronos Operation, the Lockbit group seems to be experiencing a resurgence in activity. Despite the efforts of the authorities to neutralize it, the cybercriminal group has claimed a new victim in the healthcare sector. The Simone-Veil hospital in Cannes has suffered a data compromise, adding to the long list of attacks carried out in recent months by other ransomware players against the university hospitals of Rennes, Brest and Lille.

Once the data had been extracted from the hospital on April 17, 2024, an announcement concerning their compromise was made on Lockbit’s showcase site on April 29, 2024. According to the cybercriminals’ terms, the hospital had until midnight on May 1, 2024 to pay the ransom.

 

Screenshot of the notice of the compromise of the CHU de Cannes on the Lockbit website

As there was no willingness to pay the ransom, 61 GB of data were published on the group’s showcase site in the dark web immediately after the ultimatum had expired. The leaked documents contain a large amount of sensitive information (personal and health data) on patients, hospital staff and the operation of the facility. The modus operandi of this prolific Ransomware as a Service (RaaS) group has already been described at length in the last CTSR. Lockbit is said to be responsible for more than a quarter of all ransomware demands in France.

As a reminder, ransomware victims are strongly advised not to pay ransom, as there is no guarantee that data will be recovered or that the system will be fully restored.

TOP

COMMON VULNERABILITIES & EXPOSURES  (%)

TOP

TARGETED BUSINESS SECTORS (%)

Definition of the month

The Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP) are practices that form part of a risk management process. Although often used interchangeably, they differ in their objectives. Although they are often used interchangeably, there are differences in their objectives.

The Business Continuity Plan is a holistic system designed to identify the various threats that could affect the smooth running of a company or, more specifically, an information system. The BCP also enables preventive measures to be put in place so that the organization can maintain its activity after a hazard, including a “degraded mode” if necessary. In this case, only essential functions are assured, sometimes with reduced intensity, while ensuring that there is never any interruption of service or loss/corruption of data.

The Disaster Recovery Plan (DRP) comes into play in the event of failure or absence of a BCP. Its aim is to determine the steps, resources and procedures required to rebuild the affected organizational system, as well as a number of associated elements. These include the Recovery Time Objective (RTO), defining the acceptable length of service interruption, and the Recovery Point Objective (RPO), determining the acceptable loss of data (1 hour, 1 day, 1 month before the incident).

TOP

MALWARE FAMILIES (%)

TOP

THREAT CATEGORIES (%)

About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyberthreat overview as seen by Gatewatcher’s CTI analysts