Cyber Threat Overview 2024: mobilisation and vigilance against attackers

Over the course of 2024, ANSSI handled 4,386 security events, with varying levels of mobilisation, representing a 15% increase compared to the previous year. A total of 3,004 reports and 1,361 incidents were brought to the Agency's attention.

Three main threats: cybercriminals, attackers reputedly linked to Russia, and attackers reputedly linked to China

The threat posed by the cybercriminal ecosystem - mainly characterised by attacks aimed at extorting ransom, via data leaks and ransomware attacks - has established itself as a global, everyday risk for all French organisations. Among the ransomware victims known to ANSSI, private companies (37%), local authorities (17%), higher education establishments (12%), and strategic companies (12%) have been particularly affected – often with very serious consequences for their operations, reputation, and business continuity.

A rise in destabilisation attacks was also observed, generally carried out by “hacktivist” groups seeking to attract attention by implementing low-tech but high-visibility attacks. For example, DDoS attacks against French targets doubled compared to 2023, with an upsurge observed during the Olympics Games. Despite the limited consequences of these attacks, the sabotage of small industrial installations has also been noted. These attacks are indicative of an evolution towards sabotage, which calls for heightened vigilance.

As with previous years, ANSSI's operational teams were most involved in handling espionage attacks. Attackers reputedly linked to Russian strategic interests continued their attacks, primarily guided by the desire to obtain information to support their military or diplomatic efforts. Meanwhile, activity associated with Chinese intrusion sets was particularly dense and widespread, aimed at gathering strategic and economic intelligence. In addition, the targeting of telecommunications operators was intense, and several major incidents were handled by the Agency.

The mobilisation and vigilance of French actors: indispensable legacy of the Games

The year 2024 was marked by the organisation of the Olympic Games, whose media exposure and attack surface represented major opportunities for malicious actors. However, none of these attacks affected the running of the event – thanks to the thorough preparation and mobilisation of ANSSI’s teams and of the entire French cyber ecosystem.

In addition to short-term opportunities such as the Games, attackers seize every technical weakness exposed by information systems (IS). Faced with this inadequate level of security, the Agency urges organisations to harden and maintain their ISs in secure condition, in order to reduce the attack surface. Given the sheer number and impact of vulnerabilities affecting IS edge security equipment - which accounted for more than half of ANSSI's cyber defense operations - the Agency notably reiterates the urgent need to apply security patches as quickly as possible to prevent opportunistic exploitation.

ANSSI at the heart of a collective, for a cyber-resilient nation

The past year has confirmed the Agency's determination to consolidate an effective relay ecosystem. Indeed, the strengthening of its component actors, such as territorial, sectoral, or ministerial cyber-incident response centres (CSIRTs), has already enabled ANSSI to focus its efforts on attacks with more critical impacts.

Faced with all of these threats, France is not defenceless: work on the cyber section of the Resilience Act, aimed at transposing the NIS 2 Directive into French law, is an essential part of its response. The co-construction approach chosen for this transposition has enabled us to adapt the text as closely as possible to the realities and challenges faced by our entities, in order to promote its appropriation and implementation.

Finally, it is essential for ANSSI to keep up the pressure exerted on the cybercriminal ecosystem by continuing its cooperation with other government departments and international partners. This cooperation has led to a number of dismantling operations over the past year.