L'alternative de confiance aux solutions de messagerie instantanée grand public.
Boostez la communication en invitant plusieurs milliers de membres dans des salons de discussions dédiés !
Comment pouvons-nous vous aider ? Vous trouverez l'aide qu'il vous faut.
S'enregistrer ou se connecter directement sur la plateforme Citadel Team
L'application est disponible sur toutes les plateformes.
Cryptobox est la solution de travail collaboratif et de transfert de fichiers agréée Diffusion Restreinte par l’ANSSI qui chiffre vos données de bout en bout, disponible en Cloud ou On Premise. Vos documents sont accessibles de manière totalement sécurisée depuis votre PC, smartphone et tablette.
Contrairement aux solutions grand public, Cryptobox est security by design : chaque fonctionnalité bénéficie nativement du plus haut niveau de sécurité. La solution offre diverses fonctionnalités pour vous permettre d’échanger en interne comme externe en toute confiance
La transformation numérique concerne toutes les organisations, privées ou publiques, des plus petites aux plus grandes. Les outils associés à cette transformation offrent de nombreux avantages : télétravail, partage d’informations simplifié, économies de temps et de coûts … et imposent de nouveaux défis concernant la protection des données collectées, stockées et partagées en interne et en externe.
Vos équipes pratiquent le télétravail ou travaillent à distance lors de déplacements. Vos équipes doivent avoir accès aux mêmes ressources que quand elles sont au bureau. Vos collaborateurs échangent des données sensibles. La DSI de votre entreprise doit pouvoir gérer les connexions à distance quel que soit le nombre de personnes connectées.
Vous stockez des informations professionnelles et personnelles sur votre smartphone Vous voyagez régulièrement à l’étranger et participez à des réunions téléphoniques Vous vous connectez fréquemment à des wifi publics Vous échangez des emails confidentiels via votre smartphone et votre tablette Vous accédez à des applications métier en mobilité Vous avez déjà perdu votre smartphone ou été victime d’un vol
Cybels Hub DR est la première solution cloud homologuée Diffusion Restreinte pour aider tous types d'entités à collaborer en toute sécurité avec des partenaires ! Collaborez en audio ou visio-conférence, échangez des données avec vos partenaires, le tout au niveau « Diffusion Restreinte » sur un cloud opéré et sécurisé par Thales.
Publié le 30 mars 2021
Coming out of a webinar dedicated to cyberattacks attribution, we interviewed the speaker Mohamed Ghozzi, Technology Analyst in Ercom, so that he will share his knowledge on the whys and wherefores of the investigation exercise implemented to find out a cybercriminal.
The attribution of a cyberattack is a very complex search process aiming at determining what is hidden behind a cyber-attack and find the motivations of the haker(s).
The stakes of assigning cyber attacks are multiple.
First of all, it serves to deter attackers by demonstrating to the world that their wrongdoings will not go unpunished. Second, attribution enable to dismantle criminal networks whose hacking activity is only one facet. Then, it allows to know the operating modes and motivations of the attackers to better protect computer systems. Finally, attribution consolidates a knowledge base that will help accelerating attribution of future attacks.
Depending on the target of the computer attack, one or more of the following actors may have authority to assign.
The first are the government services such as judicial police or intelligence services that intervene in a complaint or when the victim is an OVI (Operator of Vital Importance).
Then comes the computer security firms, essentially antivirus software vendors, serving customers who don’t necessarily want to go through police investigation.
Finally, cybersecurity research institutions often intervene in the case of unresolved attribution problems that require in-depth scientific research to better cross-reference data.
The attribution of an attack is a problem involving a combination of several analyses to stem this violation.
Among a non-exhaustive list, let’s focus on the two analyses that seem to me to be the most strategic in this resolution.
First there is the forensics analysis, or technique, which consists in exploiting the traces left by the attackers in their path by looking at the event log, malware or any other clue. At this level of the investigation, we seek to know what was the modus operandi followed by the hackers to enter in the system as well as the possible similarity of the malware used compared to those known today.
The second point, and not the least, is the geopolitical and economical context of the attack. This overview helps to determine the attacker’s motivations. Does the attacker wants to extract money? Does he want to steal industrial information? Or does he just want to harm his victim? This contextualization will also tell us more about the nature of these malicious actors: are we facing isolated criminals or forces sponsored by states?
To carry out this analysis it is necessary to take into consideration several things among which we can quote the scale of the attack (what means, human and material, did he implement to carry out the attack?), the nature of the data exfiltrated by the attackers (what is their value on the market?), the sector of activity of the targeted organisation and the geopolitical context of the country where the targeted organisation is located.
The search for the origin of an attack is based on the analysis of the traces left by the pirates, their operating mode and their motivations, the study of the profile of the victims… All these steps are difficult to grasp, for two main reasons.
First of all, the technical dimension is a huge impediment to investigations. In fact, attackers have at their disposal an arsenal of highly sophisticated tools allowing them to leave as few traces as possible and, most of teh time, their process consists in «redoing backwards» the path to erase the remaining traces. Time is their ally because, very often, the intrusion is detected long after the attack. In this case, the computer traces may be incomplete or not saved (rotation of the trace files)
Finally, attackers enjoy to lead us on false tracks by planting for example «false flags*» at the level of the computer traces left behind to create diversion.
The second barrier is the legal aspect. How is that a barrier? It is important to know that attackers do not carry out their attacks directly from their computers. Instead, they pass through several intermediate servers before reaching the target organization’s network. Most often, these servers are based in foreign countries that have different jurisdictions than the country that was the victim of the attack. For the purposes of the survey it is sometimes necessary to access the log of these servers. This access requires requests for authorisations to the judicial services of the countries concerned: these authorisations may be refused or at best granted with long waiting.
There are few official statistics on the topic but we notice a rising interest for attribution due to the explosion of more and more vicious and harmful cyberattacks these last months.
According to some estimations, the cost of harm attributable to cyber criminality would have stood at nearly $6trillion in 2021 vs. $3trillion in 2015.
Thank you for your time and see you soon for the next webinar!
*false flag: this term comes from navigation universe and designate an act committed with the intent of disguising the actual source of responsibility and pinning blame on a second party
What is a Technology Analyst in Ercom? The daily life of Technology Analyst in Ercom is about tree main missions. First, the analyst has to provide a support to Business Units for the scientific and technical understanding of technologies arousing interest: he will thus help to arbitrate the interest or not of this technology for their businesses. Concretely it means delivering presentation of technical analysis and necessary documentation. Then the expert has to lead a technology watch about topics identified which will fuel future analysis. To finish, he shares his knowledge in the form of event such as webinar, or continuing on forums or intranet.
The daily life of Technology Analyst in Ercom is about tree main missions.
First, the analyst has to provide a support to Business Units for the scientific and technical understanding of technologies arousing interest: he will thus help to arbitrate the interest or not of this technology for their businesses. Concretely it means delivering presentation of technical analysis and necessary documentation.
Then the expert has to lead a technology watch about topics identified which will fuel future analysis. To finish, he shares his knowledge in the form of event such as webinar, or continuing on forums or intranet.
Cet article vous a plu ? N'hésitez pas à le partager