Skip to main content

Cyberthreats: major vulnerabilities and attacks in 2014

CERT-IST (Computer Emergency Response Team – Industry, Services and Tertiary) is a national computer security incident response team. Its annual review looks back at the most significant events and trends of the previous year to help organisations protect themselves more effectively.

Four major trends were identified in 2014: increasingly sophisticated attacks, leading to a shift in the level of risk, many attacks on encryption systems, cyber-spying campaigns involving governments and a wave of scams affecting French companies.

The CERT-IST annual review draws attention to the high number of sophisticated attacks observed in 2014. Examples include the Havex attack on industrial systems, the Zombie Zero attack using infected barcode readers, the attack on Target, the US retail chain, resulting in the theft of payment card data for millions of customers, and the intrusion into Sony Pictures Entertainment’s information system, leading to the delayed release of The Interview (film) and a diplomatic escalation between America and North Korea.

Cyber-intrusion, a growing risk

The techniques used are relatively simple and the weaknesses they exploit have been known for many years. However, the sharp rise in reported incidents shows that the risk of cyber-intrusion is becoming more significant and that high-profile attacks are providing inspiration for others. With the wave of APT-type (advanced persistent threat) infiltration attacks reported in 2014, it is vital for companies to strengthen their security or at least reassess the levels of protection they have in place to counter this kind of threat.

Since 2010, when infiltration attacks began to be widely reported in the media, it would appear that governments have developed the most advanced techniques for cyber-intrusion and cyber-spying. This observation was further confirmed in 2014, when various operations came to light, some of which had been ongoing for a number of years. Clearly, governments have long understood the scope afforded by the internet for surveillance and espionage operations and have been quietly acquiring the capabilities they need. Today, these types of operations have been brought to public attention, probably because they are now being practised on an increasingly wide scale.

Lastly, encryption systems, a crucial component of information system security, were widely targeted in 2014. Numerous vulnerabilities were discovered in SSL and TSL protocols[1], the TrueCrypt[2] encryption utility was suddenly discontinued and various attacks attempted to reduce the anonymity provided by TOR[3]

Cybercrime: scams on the rise

On the cybercrime front, CERT-IST uncovered numerous scams in 2014, including fake transfer orders (also known as President scams), crypto-ransomware attacks, where user data is encrypted and a ransom demanded for its release, and a wave of attacks targeting payment terminals in the US, using a special kind of malware called a RAM scraper, which steals payment card information.

The CERT-IST annual review for 2014 confirms an increased level of risk for companies, which must respond appropriately to an increasingly complex threat environment. Through its continuous monitoring and regular reports, CERT-IST provides companies with a clear and detailed picture of the evolving situation. It gives them the information they need to build and update effective cybersecurity strategies and strengthen their defences against the growing risk of intrusion and specifically targeted cyber-spying and cyber-sabotage attackers.

More information:

Download the CERT-IST annual review for 2014 in French or English.

Contact us to find out how we can help to defend your information systems against attacks.

CERT-IST at a glance

CERT-IST was established in 1999 by a consortium of French companies. Since 2003, it has operated as a non-profit association bringing together numerous companies from across the industrial, space, defence, banking, insurance, energy, transport, healthcare and other sectors.*

CERT-IST provides its members with a threat vulnerability and monitoring service as well as optional assistance in the event of an incident. CERT-IST serves the wider community by sharing knowledge and experience, independently of manufacturers and publishers.

CERT-IST’s prevention activity is based on daily analysis of new vulnerabilities, their severity and the measures needed to counter them. CERT-IST issues its members with security advisories and alerts, keeping them informed of evolving threats and solutions (around 1,000 direct recipients).

Over 1 million PCs, servers and other equipment are currently administered on the basis of information produced by CERT-IST. Each year, CERT-IST issues over 1,000 advisories and a dozen alerts and makes more than 2,900 updates to its vulnerabilities database, which has been maintained since 1997 and covers more than 1,650 products and 13,300 versions. 

 

More information: www.cert-ist.com

*They include Alcatel-Lucent (whose cybersecurity teams became part of Thales on 1 January 2015), Thales, Orange, BNP Paribas and Française des Jeux. 

[1]Secure Sockets Layer (SSL) is a cryptographic protocol designed to provide communication security over the internet. It became the Transport Layer Security (TLS) protocol in 2001.

[2]TrueCrypt is a discontinued encrypted file system format and on-the-fly encryption utility. It is no longer maintained by its original authors, as of 28 May 2014.

[3]TOR (The Onion Router) is an overlaid, decentralised worldwide computer network, composed of routers organised into layers, called onion nodes, which transmit TCP streams anonymously. The TOR network can thus provide anonymity for all internet exchanges using the TCP communication protocol.