The Risk of Second Cyberattacks: Case Studies and Vulnerabilities to Address

When there are more, well there are still more! Coming out of a cyberattack doesn’t mean that hackers will stop there. Regardless of the state of the company, cybercriminals can come back to finish the job or pass the torch to other “colleagues” who will take advantage of the victim’s weaknesses. In 2022, the cybersecurity company Cybereason indicated in a report that 74% of companies which paid a sum to hackers were subject to a new attack, less than a month after the first. Even if the statistic is considered exaggerated in the cyber world, it is nevertheless worth looking into cases of second attacks, which are more common than we think.

AISI, a cybersecurity company specializing in SMEs, presented us with two cases of attacks encountered in 2023. After suffering an initial compromise, the targeted organization experiences, six months later, a new cyberattack by ransomware. “ The concern lies first in the lack of investigation. The alerted company manages to stop the compromise. Once the inventory is done and the system can be restarted, it fully restarts its activity for the sake of production », Tells us Rodolphe Amewoui, technical director at AISI.

« By restarting the machine so quickly, we lose a lot of information to understand the origin of the attack. As for the cybercriminal, he sees that he still has access to the victim. He can therefore restart the infiltration work in the system until launching data encryption, as was the case for the victim », Adds the cyber expert.

Vulnerabilities to fill

In the other case, the attack was carried out more deeply, and the victim refuses to pay the ransom. Despite rebuilding the system, she fell victim to another ransomware a few months later. “ If we do not correct all the flaws that allowed the compromise, there is a high probability of cyberattacks. Ransomware groups chat among themselves. It’s a small industry and everyone is trying to make money. They therefore share victims and organizations that are already weakened. », explains Pierre-Antoine Bonifacio, cybersecurity manager at AISI.

« Here, it is the sanitation work that will be decisive. It is not enough to restore the data, all the flaws must be closed to prevent attackers from repeating the same breaches “, he specifies. VSEs, SMEs and ETIs were particularly targeted in 2022 by cyberattacks. They represent 40% of ransomware attacks processed or reported to the National Information Systems Security Agency (Anssi) in 2022. And, for certain companies specializing in digital, losing all of their files and customer interfaces in one evening, it is synonymous with bankruptcy.

Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!