Serial hacking, digital scams, massive attacks on infrastructures: faced with a threat that is exploding and constantly changing, the French Ministry of the Interior is responding with an unprecedented three-year national plan. At the helm: COMCYBER-MI, the armed wing of domestic cyber security. The aim? To anticipate offensives, track cybercriminals down to their furthest reaches, and embed a lasting culture of resilience within the State and society. An ambitious roadmap, commensurate with the stakes. But will it be enough to contain a threat as fluid as it is relentless?
By S&D Magazine
Cybercrime as a service
In five years, digital attacks have soared by 74%! In 2024, cyberattacks are gaining in intensity: they are multiplying and targeting their victims more precisely. Detecting them is becoming more complicated and complex. AI is a great help. In fact, COMCYBER-MI has observed a real industrialization of cybercrime, marked by a division of roles, increasing automation and streamlined organization of attacks. Some groups specialize in the design of malicious tools, while others sell stolen databases or initial access to systems. This organization relies on subcontracting and outsourcing of skills, giving rise to a veritable “cybercrime as a service” market.
Strengthening police response
"Because every one of our compatriots, every one of our companies and every one of our institutions can be a target for cybercriminals, all the services of the Ministry of the Interior must be fully mobilized. This is already the case, to ensure that impunity cannot flourish anywhere", insists Bruno Retailleau, Minister of the Interior.
The Ministry of the Interior's new roadmap sets out 84 measures to step up the fight against cybercrime, with a major “operational” component. One of the key challenges is to improve the flow of information between specialized services (OFAC, UNCyber, BL2C) and other investigators. The Ministry wishes to rely on technical investigation and data management to reinforce its actions.
The fight against cybercrime will also involve combating the trafficking of illicit products online, particularly on the darkweb or encrypted messaging services. 60% of content on the darkweb is illegal... To carry out their activities, cybercriminals regularly use crypto-assets. Intensifying the fight against online money laundering and increasing knowledge about the use of crypto assets would enable more regular tracing and seizures. Operation Endgame represents one of law enforcement's greatest successes, coordinated on a European scale, with the freezing of 99 criminal crypto-asset wallets containing over €70 million. The police are also looking to step up their preventive initiatives aimed at the general public, and plan to set up a documentary database of advice sheets for users.
Detect, understand, organize
In its new strategy, the French Ministry of the Interior stresses the need not only to step up detection of cyberthreats, but also to process and exploit the data generated by attacks. To anticipate the threat, security forces will have to track down the new tools used by cybercriminals: clandestine applications or encrypted telephony solutions designed to evade the authorities. “When you know who the criminals are, you can counter them better,” stresses Lieutenant-Colonel Sophie Lambert, Deputy Head of the Cyber Knowledge, Anticipation and Crisis Management Division at the French Ministry of the Interior Command, adding: "AI is a means, but criminals are structuring themselves like a real business. Criminals specialize by profession: developers, brokers, kit designers. They reinvest their profits, finance new attacks, build new malware, resell data... It's like classic crime, but in cyberspace. The criminals meet on forums, encrypted discussion channels. One is in Brazil, the other in China and so on. This context makes the fight more complex. If they're organized, then we have to be organized against them too"
Communicate, share, cooperate
Each year, COMCYBER-MI will publish a new report on the state of the threat, for the benefit of both the Ministry and the general public. Public-private partnerships will also be strengthened, particularly in the area of intelligence sharing. Cross-analyses on cyber-threat-related themes will also be produced.
Crisis management and resilience
Crisis management and resilience are also dedicated. "The aim is to help prepare, train and improve resilience, as well as knowledge of the threat and its concrete consequences, upstream of the crisis, with the support of departmental prefects in the territories, while natively integrating the judicial component. Next, we need to learn from and share the lessons of cyber crises, through feedback," explains the roadmap. Feedback will be at the heart of the strategy. COMCYBER-MI will not only contribute to this at ministerial level, but will also support the dissemination of RETEX from victims of large-scale criminal cyberattacks. The aim is to better prepare local authorities and public institutions for attacks, by strengthening their resilience in the face of digital crises. This commitment to resilience also includes the need to run broader awareness campaigns throughout the country. Two other components complete this ministerial strategy: “competence and attractiveness” and “partnership, competence and management”.
At a time when digital attacks are growing in sophistication and intensity - as the news of the last few days has shown once again - the Ministry's new strategy is intended to be broad-spectrum and ambitious. Anchored in the long term, it will have to cope with the industrialization of cybercrime and its capacity for innovation. While efforts, resources and determination are clearly on display, there can be no doubt that the future will not be a long, quiet river... and that, once again, there will be strength in numbers.