New Video from No Limit Secu Discusses ANSSI's "Panorama de la Cybermenace 2024"

In this new video from No Limit Secu, the weekly French-language podcast dedicated to cybersecurity, Sébastien Rumelart, Deputy Operational Director at ANSSI (National Agency for Information Systems Security), discusses the document "Panorama de la Cybermenace 2024." He is joined by several contributors, including Nicolas Ruf, Hervé Chaur, Christophe Renard, and Paul Amar. The document, in its fourth edition, is the result of ANSSI's observations on cyber threats between January 1 and December 31, 2024. Unlike previous editions, this version begins with the opportunities exploited by attackers, followed by the means implemented and the objectives. This structure reflects the growing importance of vulnerabilities in information systems and the weaknesses exploited by offensive actors. Sébastien Rumelart explains that ANSSI's triptych – hardening, detection, and response – is more crucial than ever. Hardening involves making the attackers' work complex and costly, particularly through vulnerability management. Detection works better on hardened systems, and response includes crisis management, digital investigations, and remediation to prevent the same causes from producing the same effects. The year 2024 was marked by an increase in attacks on edge devices, such as firewalls, VPNs, and filtering gateways. An Rtex document published by ANSSI in June 2024 details these targeted campaigns. Edge security equipment, often accessible from the Internet, is particularly vulnerable. Attackers exploit these weaknesses to access broader information systems. The increase in attacks is partly due to an observation bias: once a vulnerability is discovered, it is tested on different vendors, and if it works, it is widely exploited. Moreover, information system managers must better configure and supervise these devices, as they are not secure by default. The 2024 Olympic Games also put enormous pressure on the French defense apparatus. Although DDoS attacks were observed, none had a significant impact on the games. The attack on the interministerial network of the State in March raised awareness among authorities about the importance of protecting against DDoS attacks. To protect against attacks on edge devices, ANSSI recommends not exposing administrative interfaces on attack source networks, keeping equipment up to date, and supervising systems. Vulnerabilities on administrative interfaces are often exploited, and the use of WAF (Web Application Firewall) can be a solution. The panorama also addresses the weaknesses of Active Directory infrastructures. Dangerous practices, such as privileged accounts with unchanged passwords for years, persist. Tools like ADES help measure and improve the security of these infrastructures. In 2024, revelations about the Chinese company ISOUN showed integration between the state apparatus, the economic apparatus, and the academic apparatus to serve the strategic interests of the Chinese government. ANSSI does not make direct attributions but highlights the similar characteristics between several attack modes and Chinese interests. In conclusion, the threat panorama is a collective work of ANSSI, aiming to help beneficiaries better understand and protect against cyber threats. Companies can learn lessons about the importance of rigor, securing, detecting, and responding to incidents. For more information, watch the full video: https://www.youtube.com/watch?v=j1tT-JT8pYY