By defrauding more than a hundred SMEs, the engineering school student collected between 1,000 and 1,500 euros per week.
The Paris cybercrime brigade has just arrested a 22-year-old hacker, multiplying attacks against SMEs (small and medium-sized enterprises). According to information fromEuropean 1, the investigation has been open since last April, accusing the engineering school student of extortion in an organized gang and criminal conspiracy. Already known by the police for similar facts, the young man has been offering his services since 2019 on international hacker forums.
The principle is simple, it develops ransomware, which other hackers use to attack the computer systems of SMEs. This collective functioning constitutesa new way of organizing cybercrime“, noted at Figaro Mathis Hammel, specialist and sponsor of the Guardia Cybersecurity school: “Historically, everyone developed viruses in their corner, today we are dealing with hackers who organize themselves into gangs. The hacker who developed the software collects the money from the scams and redistributes it to his colleagues. It is a very lucrative business.»
Read alsoBehind the scenes of the IT Army, this group of amateur hackers serving Ukraine
For example, for the development of his software, the student hacker was paid between 1000 and 1500 euros per week. “They are generally young people who lack a framework and who want to prove things. But they could put their talents to work for the common good, and earn higher wages legally.“says Mathis Hammel. In all, the 22-year-old defrauded 150 SMEs, of which some French women are among the victims.
More than one in two small businesses affected by a cyberattack
These SMEs are increasingly affected by cyberattacks. In 2021, with ETIs (medium-sized companies) and VSEs (very small companies), they represented 52% of ransomware victims (up 53% compared to 2020), far ahead of local authorities (19% ) and strategic companies (10%), according to the panorama of the National Agency for the Security of Information Systems (Anssi). “As large organizations improve their defenses, smaller organizations are increasingly targeted by hackers as they can be reached more easily“, underlines Craig Dunn, cyber manager at the insurer Hiscox Europe.
Read alsoAnssi recommends quickly remedying a widespread computer vulnerability
According to the Medef and the consulting firm BCG, small structures face a lack of knowledge of cyberattacks, in addition to an under-use of aid and public initiatives put in place by the State. “Despite their strengthening with the health crisis, 56% of companies say they are not aware of the aid from the digital component of the recovery plan and only 10% have benefited from aid or support in this context (even though 42% express a need funding)“, notes the press release. Among these aids, there is the program of investments for the future (PIA), the fourth part of which is endowed with 20 billion euros, intended to “long-term support for innovation, in all its formsand accelerate the state’s cybersecurity strategy.
Expert Mathis Hammel recommends SMEs to “update their system very regularly“, of “perform backups on hard drives disconnected from servers» and if the company has the necessary means, «carry out audits with external companiesto identify potential flaws. It also recalls that guides are made available to companies, in order to embark on the protection of their computer systems.
SEE ALSO – Founder of “Hackers Without Borders”, Clément Domingo is on a war footing in the face of an upsurge in cyberattacks