Menu Close

Cyber Monitoring #8 (February 2023)

ESXiArgs Ransomware cyberattacks
International 

In early February, a wave of ransomware cyber attacks named ESXiArgs quickly spread across VMware ESXI servers and affected numerous actors and businesses. A first version was distributed, exploiting vulnerabilities in ESXI hypervisors and encrypting data on the compromised servers. A second modified version of the virus took over a few days later, making it more difficult to recover files and sometimes reinfecting servers that had already been affected by the first wave. Recovery methods and tools were quickly set up : the CISA notably published a recovery script on GitHub to assist affected organizations in decrypting infected documents.
 


5th France-USA cybersecurity dialogue 
International

The fifth France-USA cybersecurity dialogue took place in Paris on the 14th of February 2023. The two countries reaffirmed their commitment to ensuring the respect of the current international normative framework related to cyberattacks and cybercrimes. They also agreed on pursuing their advocacy for increased cyber defense capabilities on a global scale.They defined priorities, particularly regarding ongoing discussions in various multilateral forums such as the UN where France and its allies advocate for the creation of an ambitious Cybersecurity Action Program. They also talked about the Paris Call for Trust and Security in Cyberspace objectives and discussed prospects for strengthening their bilateral coordination in response to cyber threats.
 


Anti-scam filter ans cyber “nutri-score”: two upcoming innovations for digital users
France 

The French government wants to implement  two innovative tools to strengthen digital security: a cyber-score and an anti-scam filter.The idea is to take the ‘Nutri-score’ model and adapt it to the digital world. Thus, users will be able to assess the level of security of the most used websites. Jean-Noël Barrot, Minister for Digital Transition and Telecommunications also announced the creation of an anti-scam filter that will warn users when they are about to access a fraudulent site. A first experimental version should be available for the Rugby World Cup.
 


Finland lauches the Cyber Citizen Project to pave the way for a common digital culture in the EU 
Finland

Finland has embarked on an ambitious project to teach cybersecurity skills to EU citizens. The Cyber Citizen Project aims to develop the EU citizen’s digital skills. The EU invested EUR 5 million for this project which is divided into three steps. The first objective was to take into account a large number of factors such as the member states’ different guidelines for teaching cybersecurity and to assess the digital characteristics of the EU countries.These data are crucial for the second phase of the Cyber Citizen Project which is the development of a common model for teaching digital skills.The project’s ultimate step is to create a learning portal which will help EU citizens to acquire knowledge and develop a good digital hygiene.
 


European Commission bans staff using Tiktok on work device over security concerns 
European Union 

Due to cybersecurity concerns, The European Commission has banned the use of TikTok by its staff, subsequently ordering its employees to delete the app from all work and personal devices by March 15. Furthermore, The Commission has stated that it will keep its internal cybersecurity policies for other social media platforms under constant review.In response to the Commission’s decision, ByteDance, the parent company of TikTok, has denied that there have been any data security concerns related to its products and have considered the decision as “misguided” and based on “fundamental misconceptions”. Overall, amid fears that user data may be accessed by Beijing, E.U. Member States and the U.S. have already taken similar steps to limit the use of TikTok by their government officials and employees.
 


Hackers use fake ChatGPT apps to push Windows and Android malware 
International

Cybercriminals are increasingly exploiting the popularity of OpenAI’s ChatGPT chatbot to distribute Windows and Android malware to direct unsuspecting victims to phishing pages or fake apps.Recently, cybercriminals have taken advantage of the ChatGPT Plus subscription by promising free access to its premium features. The offers are false, with the goal of luring users into installing malware or providing account credentials. Security researchers at Cyble have discovered malicious domains, such as “chat-gpt-pc.online” and “chatgpt-go.online,” that distribute malware capable of stealing clipboard contents of Windows devices. Additionally, Cyble discovered over 50 fake apps that use the ChatGPT’s icon and a similar name, with the capabilities to steal call logs, contact lists, SMS, and files from android devices.Therefore, it should be emphasised that currently, ChatGPT is an online-based tool available only at “chat.openai.com“. OpenAI does not offer any mobile or desktop apps at the moment.