With 2.5 million visitors in 2021, Cybermalveillance.gouv.fr recorded record traffic on its platform, mainly focused on assistance, which reflects a growing need for cyber security among populations in the face of the resurgence of cyber criminal activities. Among the cyber-malicious acts most frequently encountered by different audiences: phishing or phishing in English, online account hacking and ransomware or ransomware in English.
What is cyber malware?
Cyber security: top 10 of the most frequent cyber attacks
What is cyber malware?
Cybermalveillance.gouv.fr is the national system for assisting victims of cyber-malicious acts, observing the threat and preventing and raising public awareness of cyber risks.
For Cybermalveillance.gouv.fr, cybermalveillance represents any offense committed digitally . It can be phishing or phishing, account or equipment hacking, identity theft, ransomware attack, etc.
To date, Cybermalveillance.gouv.fr lists 48 forms of cyber-maliciousness handled by its online assistance tool , which allows victims, by answering a few questions, to obtain a diagnosis of the problem encountered and to have access to cyber security advice. to deal with it.
Analysis of the use of this tool makes it possible to identify the main cyber-malicious trends described below.
START DIAGNOSTICS
1. Phishing or Phishing
The display of third-party “daily motion” content has been blocked in accordance with your preferences.
ALLOW DAILY MOTION CONTENT
Phishing or phishing constitutes the main cyber-maliciousness encountered, all audiences combined. This attack technique consists of sending an email or SMS to the victim by usurping the identity of a third party (a company, an administration, etc.), to encourage him to carry out an action such as communicating personal, professional information or bank accounts, or open a virus-infected link or attachment. Fairly simple, inexpensive and very profitable, this attack technique has become the main vector at the origin of a whole range of cyber-malicious attacks: account hacking, fraudulent bank debits, identity theft , etc. Among the most frequent phishing methods are can cite:fake child pornography offense messages , fake technical support scams , solicitations concerning the personal training account (CPF) or even parcel delivery scam messages .
Note the strong trend in the development of phishing by SMS, or smishing in English , cyber criminals taking advantage of the greater difficulty in identifying a fraudulent SMS on a telephone.
In 2021, the 10 main forms of phishing alone accounted for nearly 80% of searches for assistance on the Cybermalveillance.gouv.fr platform . This is why the device has devoted a complete file to it to be found here .
2. Online Account Hacking
The display of third-party “daily motion” content has been blocked in accordance with your preferences.
ALLOW DAILY MOTION CONTENT
Online account hacking represents the second most common threat encountered by both individuals and professionals, with an increase of +139% compared to 2020. If the hacking of online bank accounts and network accounts emerging as a prime target for cyber criminals, attackers’ interest is shifting more towards email accounts. Containing a large amount of information, emails represent a gold mine for cyber criminals who have understood that by taking control of a victim’s email, they could take control of almost their entire digital life. Especially since in the field of cyber security, the email is generally the central point allowing the reset of the password of all the other online accounts of the victim. The main identified causes of these hacks are the use of easily guessable passwords, the reuse of the same password on multiple accounts, one of which may have already been hacked, phishing and the absence of authentication. reinforced.
3. Fake tech support scam
The display of third-party “daily motion” content has been blocked in accordance with your preferences.
ALLOW DAILY MOTION CONTENT
The fake tech support scam (or computer repair fraud) comes in third place. This form of cyber-maliciousness consists mainly in blocking the victim’s computer by the appearance of a message evoking a cyber-security incident to frighten him in order to encourage him to call back a so-called official technical support and make him pay a pseudo- troubleshooting . This cyber threat mainly targets seniors who are less digitally savvy or professionals who do not have local IT support and who are therefore more likely to fall into this trap.
The bogus tech support scam sees its constantly evolving, both in the diversification of approach methods and in the consequences for the victims: telephone approaches, notifications from social networks containing malicious links which trigger the appearance of the fraudulent alert message, etc. As a result of this cyber-maliciousness, many cases of fraudulent bank transfers or hacking of online accounts of victims of fake technical support scams have also been reported. Indeed, when taking control of the victim’s device, the fake repairer steals more and more frequently identifiers and passwords which he will then make fraudulent use of.
4. Cyber bullying
In fourth position in the ranking, acts of cyber bullying increased sharply in 2021 compared to 2020 (+33%), mainly among individuals. Cyber bullying refers to the fact of making online in a repeated and intentional manner, publicly or in restricted circles, remarks or behavior whose purpose or consequence is a deterioration in the living conditions of the person who is the victim.. Cyber bullying can be done by a single person or by a group of people. Able to manifest itself in different forms – intimidation, insults, threats, rumours, publication of compromising photos or videos for cyber security – the consequences of cyber bullying can be dramatic for the victims: depression, dropping out of school or work, psychological or emotional disorders, violence, suicide, etc.
5. Personal Data Breach
The breach of personal data is the fifth most frequently encountered cyber attack, with the year 2021 having been marked by numerous cyber security incidents which led to leaks of personal data , and in particular medical data. As a reminder, personal data is information that directly or indirectly identifies a person. It can be a name, a photo, a postal or e-mail address, a telephone number, an IP address. The breach of personal data thus designates the destruction, loss, modification or unauthorized dissemination of this data.. Whether accidental or malicious in origin, a breach of personal data can have significant cyber security consequences for the individual or organization that is the victim: damage to reputation and/or privacy, financial loss, identity theft attempt, phishing attempt, etc.
6. Ransomware or ransomware
Ransomware attack , which refers to a cyber attack that blocks access to the device or to files by encrypting them and which demands that the victim pay a ransom to obtain access again , remains one of the main cyber security threats addressed by the platform, with, however, strong variations depending on the audience. The figures indeed show a decreasing interest of cyber criminals for individuals, who are probably considered less solvent, while ransomware is the first cyber threat among professionals ., with an increase of more than 95% in 2021. While cyber criminals have not given up targeting communities, statistics prove that they are targeting companies first, probably because they would be more inclined to pay the ransoms requested with regard to the economic and reputational impacts of this type of cyber attack for their activity. Unfortunately, this trend should continue to increase.
7. Spam
Electronic spam or telephone spam means unsolicited communication for advertising, commercial or malicious purposes . It can take different forms: SMS, MMS, email, instant messaging, social networks or phone call. In many cases, it involves commercial prospecting, but spam can also be malicious – incitement to call back a premium rate number, send an SMS to a chargeable number, etc. – or undermine the cyber security of the victim: attempts to phishing _or phishing to steal personal and/or confidential data. For example, have you received a phone call from someone who wants you to benefit from training financed by your Personal Training Account (CPF) ? This may be commercial prospecting, but be careful, as this can sometimes lead to a scam or the hacking of your account.