Massive phishing cyberattack targets Paris Court
"On Thursday morning, I saw that I was receiving emails from people who hadn't emailed me in three years, about old issues. I didn't understand what was going on. The day before, I had vaguely seen a strange email, which I had tried to open."
This testimony from Maître Jean-Marc Delas, one of the victims of phishing, shows that phishing spares no domain and no individual.
Last week, several members of the judiciary clicked on phishing emails that they should not have clicked on. Hackers sent fake emails to magistrates in the financial division and Parisian lawyers handling sensitive cases. According to Le Parisien, this malicious act also targeted the Paris public prosecutor, Rémy Heitz.
The "inadvertent" opening of these emails had significant consequences. The cyberattack spread to numerous devices.
And once the trap had been sprung, the Paris Court's computer system ceased to function normally for more than a day.
In addition, the investigations conducted by investigating judge Aude Buresi and the summonses scheduled for several weeks had to be postponed. It should be noted that the magistrate is in charge of sensitive cases.
What did hackers have access to for more than 24 hours?
Only the investigation launched into "attacks against automated data processing systems containing personal data implemented by the State" will reveal the answer. The investigations have been entrusted to the DGSI (General Directorate for Internal Security). (source: LeParisien).
The IT department of the Paris Court, on alert, has issued its recommendations to all magistrates.
A large-scale phishing cyberattack
It appears that this phishing cyberattack is not limited to the Paris Court: a few days earlier, the Ministry of the Interior was also targeted by a campaign of email attacks. It is unclear whether there is a correlation between these two malicious acts.
Attacking magistrates and high institutions is not insignificant. They hold personal and confidential data on clients, employees, and even witnesses in legal cases. In addition, they have information on ongoing operations, trade secrets, executives, etc.
Highly profitable data for hackers!
Phishing remains the preferred method used by hackers to launch their attacks. It remains the most prevalent cyber threat. In fact, 80% of cyberattacks originate from a fraudulent email that a user should not have clicked on.
And yet the technique is simple and proven. In the case of the Paris Court, it involved fraudulent emails that appeared to be old exchanges between colleagues and associates. It should be noted that the General Data Protection Regulation (GDPR) makes public and private organizations that process data accountable. Any breach is subject to penalties from the CNIL.
Opening such emails can have serious consequences:
- Fraudulent collection of personal data;
- Computer system breach;
- Identity theft;
- Fraud;
- Spreading malware such as ransomware, for example...
However, organizations still struggle to protect themselves from phishing. Therefore, training users to avoid phishing traps must be a priority in order to reduce cyber risk.
