The Paris cybercrime brigade has just arrested a 22-year-old hacker, multiplying attacks against SMEs (small and medium-sized enterprises).
According to information from
Europe 1
, the investigation has been open since last April, accusing the engineering school student of extortion in an organized gang and criminal association.
Already known by the police for similar facts, the young man has been offering his services since 2019 on international hacker forums.
The principle is simple, it develops ransomware, which other hackers use to attack the computer systems of SMEs.
This collective operation constitutes "
a new mode of organization of cybercrime
", indicates
to Figaro
Mathis Hammel, specialist and sponsor of the Guardia Cybersecurity school: "
Historically, everyone developed viruses in their corner, today we are dealing with hackers who organize themselves into gangs.
The hacker who developed the software collects the money from the scams and redistributes it to his colleagues.
It is a very lucrative business.
»
Read alsoBehind the scenes of the IT Army, this group of amateur hackers serving Ukraine
For example, for the development of its software, the student hacker was paid between 1000 and 1500 euros per week.
“
These are generally young people who lack a framework and who want to prove things.
But they could put their talents at the service of the common good, and earn higher salaries in a legal way
, ”says Mathis Hammel.
In all, the 22-year-old defrauded 150 SMEs, of which some French women are among the victims.
More than one in two small businesses affected by a cyberattack
These SMEs are increasingly affected by cyberattacks.
In 2021, with ETIs (medium-sized companies) and VSEs (very small companies), they represented 52% of ransomware victims (up 53% compared to 2020), far ahead of local authorities (19% ) and strategic companies (10%), according to the panorama of the National Agency for the Security of Information Systems (Anssi).
"
As large organizations improve their defenses, small organizations are increasingly targeted by hackers because they can be reached more easily
," said Craig Dunn, cyber manager at insurer Hiscox Europe.
Read alsoAnssi recommends quickly remedying a widespread computer vulnerability
According to the Medef and the consulting firm BCG, small structures face a lack of knowledge of cyberattacks, in addition to an under-use of aid and public initiatives put in place by the State.
“
Despite their strengthening with the health crisis, 56% of companies say they are not aware of the aid from the digital component of the recovery plan and only 10% have benefited from aid or support in this context (even though 42% express a need for funding)
,” the statement noted.
These aids include the future investment program (PIA), the fourth part of which is endowed with 20 billion euros, intended to "
support innovation over the long term, in all its forms
" and to accelerate the strategy
Expert Mathis Hammel recommends that SMEs "
update their system very regularly
", "
make backups on hard drives disconnected from servers
" and if the company has the necessary means, "
carry out audits with outside companies
" to identify potential vulnerabilities.
It also recalls that guides are made available to companies, in order to embark on the protection of their computer systems.
SEE ALSO -
Founder of "Hackers Without Borders", Clément Domingo is on a war footing in the face of an upsurge in cyberattacks
