This will give food for thought to Anssi, which was eyeing a new power of injunction to encourage organizations to react more quickly to its alerts. On the occasion of the presentation of his panorama of the cyberthreat 2022, Tuesday January 24, the cyber-firefighter of the State, who has just changed boss, with the arrival of Vincent Strubel at the helm, has indeed a new once lamented the exploitation of known vulnerabilities by attackers last year.
Thus, half of the top 10 most exploited known vulnerabilities identified by Anssi in 2022 refer to flaws discovered and corrected in… 2021. [pour installer les correctifs], it’s taking reckless risks”, recalled Mathieu Feuillet, the deputy director of operations at Anssi. “You have to patch and fast,” he added.
Four Exchange Flaws
In June 2021, the slowness in installing patches prompted Anssi to plead for a new injunction power. A provision, like the prerogatives of its American counterpart, which “would be an additional step in the development of our cyber ecosystem and would further motivate those who benefit from our services”, Guillaume Poupard explained at the time. The former boss of Anssi was particularly annoyed by the very low rate of return after the reporting to the organizations concerned of 15,000 servers vulnerable to Proxylogon flaws.
Eighteen months later, Anssi did not specify whether it still counted on such a strengthening of its powers. However, the situation does not seem to have fundamentally changed. In 2022, according to the agency’s count, four of the ten vulnerabilities most exploited by attackers relate to Microsoft Exchange. The most used, ProxyShell, corrected in July 2021, allows you to take control of a mail server. Similarly, attackers rely on Apache Log4j library flaw, reported in December 2021, to execute arbitrary code remotely and vulnerability in Atlassian confluence, patched in June 2022, to install backdoors on servers compromise.
Vulnerabilities a little less old?
Only good news: if the general picture is still worrying, the exploited flaws seem however a little less old. It must be said that we are probably coming back from afar. Last year, Anssi had, for example, noted the presence of a vulnerability dating from 2018 in the top 7 flaws exploited in 2021. Similarly, again a year earlier, the agency reported the presence of a flaw of 2017 and two flaws of 2018 in the top 9 of the most exploited vulnerabilities in 2020.
If the agency insists so much on these computer hygiene measures to be put in place, it is because taking corrective measures into account makes it possible to avoid many disasters. As Anssi reminds us, when faced with opportunistic cybercriminals, minimal cybersecurity makes it possible to pass under the radar of groups that favor the simplest attacks, failing to be able to contain any more targeted attacks.
Possible to defend oneself
An important message to remember, the year 2022 having just shown that the worst was never certain in terms of computer security. Thus, Anssi notes that one of the lessons of the Russian-Ukrainian conflict is that it is “possible to protect oneself from cyberattacks”. Ukraine has indeed succeeded, so far, in avoiding an IT collapse. An observation shared by the cyber boss of the armies, Aymeric Bonnemaison. “The defense can take over the offensive,” he said ten days ago to the press.
If it is therefore possible to defend oneself, one must however be aware that the threat remains at a very high level. In addition to the fight against attacks aimed at spying on organizations, the bulk of the work of Anssi, the agency counted in 2022 109 ransomware attacks, the modus operandi favored by large cybercriminal groups. This figure is down sharply from 2021, when 203 such attacks were counted.
Prudently, Anssi notes that this drop is perhaps due to a combination of several factors, such as the maturation of the cyber ecosystem, legal or national security actions against criminal groups, and a Russian invasion which disrupted the functioning of certain gangs.