Cyberattacks are the new scourge of businesses. Cyberattacks have been increasing exponentially in recent years. According to ANSSI, 8 out of 10 companies in France are affected by cyberattacks every year. In other words, the majority of them remain highly vulnerable and ill-equipped to deal with cyberattacks.
In 2020 alone: Lise Charmel, the Rabot Dutilleul construction group, the insurance company MMA, and many others—all fell victim to a ransomware cyberattack. Such attacks have severe consequences. This type of attack can even lead to a company’s bankruptcy. Most often, this type of malware (malicious software) enters an organization’s computer system via a fraudulent email. This is a widespread technique known as phishing. It is also a cyberattack that companies fear.
Furthermore, in 2020, the cybermalveillance website reported that the number of cyberattacks “skyrocketed” during the COVID-19 lockdown. According to a Tanium report (source: programmez.com), 93% of French organizations have seen an increase in cyberattacks since the start of the health crisis. Furthermore, hackers have taken advantage of the pandemic and the rushed implementation of remote work to carry out their cyberattacks. (source: Les Echos). In fact, phishing and ransomware attacks have increased exponentially. To prevent any cyberattacks, companies must be prepared. Employee awareness and training on cybersecurity remain essential.
Ledger: A Major Cyberattack
Have you heard of “Qui veut être mon associé,” which airs on M6? The show highlights entrepreneurs’ future projects. If they’re impressed, executives from major companies can invest in the projects presented.
The founder of Ledger appeared on one of these episodes.
On July 14, 2020, a cyberattack targeted the company, which specializes in cryptocurrency security solutions. In a press release issued on the morning of July 29, 2020, the company announced that it had been the victim of a cyberattack. On July 17, Ledger notified the CNIL of the millions of records stolen. Following its investigation, the company discovered that an attacker had exploited a security vulnerability affecting its website toward the end of June. The hacker thereby gained access to Ledger’s customer data.
The company is reassuring its customers: their wallets have not been compromised. However, their data (mailing addresses, phone numbers, email addresses, and order history) has been stolen. Payment information, however, remains secure. The repercussions of such a cyberattack on the reputation of this cybersecurity firm are, of course, significant.
The company is warning its customers about the risks of phishing
Stolen data is easily sold on the Dark Web. It can, for example, be used in targeted phishing campaigns. That is why Paul Gauthier, CEO of Ledger, is warning his customers about potential phishing attempts. He states that Ledger will “never ask for your 24-word recovery phrase. If you receive an email that appears to be from Ledger asking for your 24 words, you must absolutely treat it as a phishing attempt.” (source: clubic.com).
Despite the rise in phishing attacks, the strategies implemented by companies often fall short. Cybersecurity should not be viewed merely as a technical issue, but also as an organizational one. Therefore, it is essential to educate and train users on how to avoid phishing scams.
