Since last Wednesday, the website of the town hall of Lille no longer responds. It was hacked, or at least cyberattacked. The origin of the attack still remains unknown. “The technical diagnosis is at this time still in progress to determine the origin and the gravity of the intrusion”, it is specified in a press release published the evening of the attack by the Lille municipality. And “until further notice”, all computers must remain off, “as a precaution”, reported Friday France 3 Hauts-de-France.
In recent months, cyberattacks have multiplied against public establishments and French local authorities. The regions of Normandy and Guadeloupe, or the departments of Seine-Maritime and Seine-et-Marne are among the communities recently affected. Municipalities are also affected by the phenomenon. In 2022, at least ten cities have been targeted, including Brunoy (Essonne), Saint-Cloud (Hauts-de-Seine) or Caen. In question, according to several specialists, the too few resources allocated to cybersecurity, but also a multiplication of malicious actors.
“Not so much whether they are going to be cyber-attacked, but when”
In his cyber threat overview, published in January, the National Information Systems Security Agency (Anssi) points out that local authorities are the second category of victim most affected by ransomware attacks behind VSEs, SMEs and ETIs. “They thus represent 23% of incidents related to ransomware processed by or reported to Anssi in 2022”, reports the organization.
“As far as town halls are concerned, the question today is not so much whether they are going to be cyber-attacked, but rather when,” said Tanguy Gernot, cybersecurity researcher at GREYC in Caen. In question, according to him: the giant playground that these administrations represent for hackers. “From an IT point of view, town halls are generally large open spaces, with a multitude of employees with various missions and a large audience, he explains. In addition, the software used is likely to have gaps. All of these elements ultimately give a huge surface area to attack.”
Municipalities, however, are not among the priority targets of hackers. For Corinne Henin, independent cybersecurity expert, it would be on the contrary random attacks, which turn into a conclusive test when there is a reaction at the end of the chain. “Hackers fish big, they send their virus to a multitude of email addresses from very different sectors, develops the researcher. Sometimes it falls on a municipal user, and this allows them to enter the system, or part of it. this one.”
This is called ransomware (or ransomware): malicious software or a virus that blocks access to the computer or its files and demands that the victim pay a ransom to obtain it access again. In most cases hackers perform these operations hoping for financial gain. But some attempts hide acts of espionage or destabilization.
According to Anssi, this increase in proven intrusions into information systems for several years is explained by the considerable improvement in the capacities of malicious actors. “They have been able to seize a multitude of opportunities offered by the generalization of often poorly controlled digital uses”, indicates the agency.
An underestimated threat
In a press release issued on Friday March 3, the Cyber-Sentinelle association, which presents itself as specializing in the preventive security of local authority information systems, declares that “the town hall of Lille could have avoided the cyberattack”. The same press release indicates that on January 31, “the Cyber-Sentinel service informed 602 municipalities in France of the risk of cyberattack concerning them, and invited them to set up a security procedure”. Before adding: “The town hall of Lille was one of the communities identified at risk by the association”. The Cyber-sentinel association more generally points out the shortcomings of local authorities and administrations in protecting against cyberattacks.
“Computer security is underestimated, opines Tanguy Gernot. While in fact, the interruption of service, as is the case for the town hall of Lille, has a cost; the resumption of activity also has a cost ; as well as the work time lost due to the attack”. Indeed, according to Anssi, the consequences of these attacks are particularly important for the communities concerned. “These sometimes destructive attacks notably disrupt payroll services, the payment of social benefits and the management of civil status”. For example, the town hall of Caen, targeted last September, is still not fully recovered. His site is not operating at maximum capacity.
For Corinne Henin, IT security in administrations and in companies is the victim of a cognitive bias: unrealistic optimism. “It’s a tendency to believe that it only happens to others, she says. This bias is broken when you come to identify with a victim.” So far the town halls – in particular – did not imagine this threat. “But there is an awareness and more and more resources are allocated to it”, notes the researcher.
More than a year after being the victim of a cyberattack paralyzing a large part of municipal services, the town hall of Douai has doubled its IT security budget. Tanguy Gernot recalls that the employee prevention component is just as essential. “The problem is between the chair and the keyboard,” he insists.