Key figures
- +15% of security events handled by ANSSI (4,386).
- +100% increase in denial-of-service (DDoS) attacks
- 50% of incidents involved known but unpatched vulnerabilities
Opportunities for attackers
Paris 2024 Olympic Games
The high level of preparation ensured the smooth running of the Olympic Games. During this period, only two significant cyber events affected France (Grand Palais Network – Réunion des Musées Nationaux, and the French anti-doping laboratory).
Technical weaknesses
ANSSI warns about the obsolescence of many Microsoft environments (Windows Server 2012R2) and devices running Windows 10, whose support will no longer be provided as of October 2025.
Exploited vulnerabilities
Edge devices (exposed to the internet) are particularly targeted:
- Over time, new devices with known vulnerabilities accumulate, increasing the attack surface
- Exploiting these vulnerabilities is simple and can be industrialized
- They provide an entry point to the information system
These vulnerabilities are often exploited on a large scale for financial gain. They are at the heart of the Cyber Resilience Act, which will enforce minimum security requirements (Security by Design, component origin, vulnerability reporting, continuous maintenance, etc.).
Attackers’ methods
Supply chain targeting
A central focus of NIS 2, this type of targeting is clearly illustrated in this 2024 overview:
- Via software (e.g., 3CX in 2023): a software vendor is compromised, allowing attackers to reach all users
- Via a service provider: attackers exploit access granted to digital service providers (DSPs such as managed service providers) to infiltrate and corrupt an information system
Evolution of tools and attack infrastructure
Attackers rely on anonymization through networks of infected computers to carry out complex attacks that are hard to counter (brute force, password spraying, phishing). It’s difficult to distinguish legitimate users from malicious ones and to trace the attacker’s origin.
For their part, capacity attacks aim to gather data in preparation for large-scale future attacks (Nobelium).
These two methods are used by both state-sponsored actors and cybercriminals—sometimes simultaneously.
Cyber mercenaries and service providers
Offensive ecosystems are available to states, which use them for economic, political, or intelligence purposes. In such cases, mobile phones are particularly targeted.
Attack motivations
Financial gain remains the primary motivation. This includes data theft (to resell) and/or data encryption to demand ransom. Infostealers (programs designed to harvest credentials) are generally unsophisticated but deployed at scale.
Destabilization is the second motivation.
- Hacktivism aims to draw attention and is often expressed through sabotage of small industrial systems
- DDoS attacks target critical infrastructure and are launched by cybercriminals or states
- So-called “advanced” actors aim to destroy capabilities or infiltrate strategic systems over the long term
Espionage rounds out the top three motivations, targeting states’ strategic interests and the telecommunications sector.
SPAC Alliance Recommendations
This overview is a strong signal to adopt best cybersecurity practices in depth:
- Stay informed about threats and regulatory developments – Join us!
- Audit your security and establish a resilience plan – Take our free mini-audit!
- Collect only the data that is strictly necessary
- Isolate your critical information systems to limit the impact of an attack
- Train your users and regularly test your physical and logical defenses
