Lockbit 3.0: A threat to corporate IT security
Ransomware with a global reach
Since its appearance in 2019, Lockbit 3.0 has been one of the most formidable ransomware programs in the digital world. With over 1700 attacks listed worldwide since 2020, including renowned companies such as Thales, Continental and TSMC, its presence poses a serious threat to organizations IT security.
Decline of a giant
February 20, 2024 marked a turning point in the fight against this threat, with the dismantling of Lockbit during a vast international police operation named 'cronos'. Coordinated by Europol and the National Crime Agency, this investigation launched in 2022 resulted in the seizure of almost 200 crypto-currency wallets, the dismantling of 34 servers and the recovery of over 1,000 decryption keys worldwide.
Following this intervention, the LockBit 3.0 showcase site was no longer accessible, nor was the portal used for negotiations. Instead, an image was displayed with the message: "This site is now under law enforcement control".
An unexpected comeback
However, despite these efforts, Lockbit is still active. On February 25, 2024, the group relaunched its activities with a new showcase site based on the same structure as the old one, with already, new victims. In addition, a statement against the FBI and the 'cronos' operation was released.
Lockbit examined the vectors that facilitated the law enforcement operation. The head of the group acknowledged his errors, admitting "negligence" and "lack of responsibility" in delaying the update of Lockbit PHP servers. This oversight gave the authorities the opportunity to exploit a security flaw in the PHP programming language.
News
Industrial cybersecurity attacks are no longer fiction or rare exceptions. From attempted poisoning to power outages, safety system overrides, and global ransomware paralysis, real-world OT attacks are on the rise. These incidents expose critical vulnerabilities in industrial environments and underscore a crucial reality: operational systems have become high-value strategic targets.
Cyber attacks on industrial infrastructures have increased dramatically in recent years. For example, 420 million attacks against critical infrastructures (energy, transport, telecoms) took place between January 2023 and January 2024. This trend can be explained by the emergence of new attack techniques and vulnerabilities in architectures. To remedy this, manufacturers are using trends and tools to help them protect their IoT networks.
The Military Programming Law (LPM) constitutes a central legislative framework for defense and security policies in France. Adopted every five to seven years, it sets the main strategic orientations, financial means, and operational priorities of the French armed forces. The latest version in force, LPM 2024-2030, includes strengthened provisions for cybersecurity, a national priority in the face of the rapid evolution of digital threats. In this article, we will explore the foundations of the LPM, its main provisions, and its impact on industrial cybersecurity, a key area for critical infrastructure and national sovereignty.
The Cyber Resilience Act (CRA), recently adopted by the European Union on March 12, 2024, marks a decisive turning point in the fight against cyber threats facing our increasingly digital society. This regulation aims to establish a robust framework to ensure the cybersecurity of digital products and services by imposing strict requirements on manufacturers, importers, and distributors. By integrating security standards from the design stage of products, the CRA aims to protect not only businesses but also consumers, thereby strengthening trust in the digital economy.
