October 2024

Cyber threats
Barometer

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
183 874
Identified Indicators of Compromise (IOCs)
106 332
Identified compromise reports (sum of IoCs)

Highlight of the month

On October 21, following a data leak affecting the internet provider, part of Free‘s customer database was published on the Breachforum website. This platform, familiar to international authorities, enables criminals to illegally exchange and sell sensitive or personal data collected during attacks.Here is the original publication of the sale of hacked data from the french ISP:

 

The attack, which is believed to have affected more than 20 million customers, has enabled, according to the seller, the exfiltration of several types of customer information, including :

  • Personal identifiers: first and last names of subscribers
  • Contact details: e-mail addresses, postal addresses and telephone numbers
  • Bank details: for some subscribers, the IBAN was available
  • Contract information: including contract type and subscription date.

Despite the media attention, and the seriousness of the compromised information, Free has declined to comment publicly at this stage. However, a notification email has been sent to its subscribers, in which the operator states that it has lodged a complaint with the public prosecutor and declared this cyberattack to CNIL and ANSSI government agencies, in accordance with the requirements of the GDPR. It also calls on its customers to exercise “the utmost vigilance with regard to the risks of fraudulent e-mails, SMS messages or calls”.
The stolen data, put up for sale for $175,000, quickly found a buyer on BreachForum, confirming the interest it is arousing among cybercriminals.

 

With this information at their disposal, attackers have the credibility to orchestrate large-scale phishing and fraud campaigns, with significant revenue opportunities. In the case of the attack that affected Free customers, particular attention is drawn to attempts at fraudulent banking operations based on stolen IBANs, as well as “SIM swapping”, offering access to certain double authentication processes via the telephone number.

TOP

COMMON VULNERABILITIES & EXPOSURES  (%)

TOP

TARGETED BUSINESS SECTORS (%)

Definition of the month

Data exfiltration is the process by which an attacker, having penetrated a system or network, or bypassed the proper functioning of an application or api, unauthorizedly extracts sensitive information to an external destination under his or her control.

This phase generally occurs after a successful compromise, and is one of the main objectives of many cyber attacks, particularly for the theft of confidential data or information of commercial value.

TOP

MALWARE FAMILIES (%)

TOP

THREAT CATEGORIES (%)

About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyber threats overview as seen by Gatewatcher’s CTI analysts