[Cyber Recap] 141 cyberattacks at the Paris Olympics, Pavel Durov arrested, McDonald's hacked on Instagram

🔒 As the Paris Olympic Games drew to a close a few weeks ago, ANSSI reports that it recorded 141 cyberattacks - mostly distributed denial-of-service (DDoS) attacks - 22 of which succeeded in reaching their target (15%). The sectors most affected by the disruptions were transport and telecommunications, as well as certain government and sports infrastructures.

However, thanks to meticulous preparation and enhanced security measures, none of these attacks caused any major disruptions. Thus, the balance sheet of these Paris 2024 Olympics seems rather positive, especially considering that Tokyo had counted nearly 450 million cyberattacks in 2021.

‍

🎨 Among the few cyberattacks during the Olympic period that hit their targets, a ransomware attack hit some 40 museums in France on the night of August 3 to 4. The cybercriminals - whose identity has yet to be revealed - targeted a system shared by these institutions enabling the "centralization of financial data".

The official list of museums affected by the attack has not been released, but an investigation has been launched and is still underway.

‍

📱 Pavel Durov, the CEO of Telegram, was arrested on Saturday August 24 at Le Bourget airport in France. He was the subject of a search warrant issued by France's Office de lutte contre les violences faites aux mineurs, as part of investigations into numerous offenses linked to the use of Telegram: fraud, trafficking, cyberstalking, apology for terrorism, money laundering, and child pornography.

Telegram, known for its protection of privacy, could face legal and technical challenges following this arrest. Pavel Durov is accused of failing to moderate such content, and of failing to cooperate with the judicial authorities to investigate such behavior.

‍

🍔 On August 21, McDonald's Instagram account was hacked to promote a fake cryptocurrency - "GRIMACE" - based on Solana, and steal nearly $700,000 in the process. At the time of the scam, the value of the fictitious cryptocurrency soared, only to plummet again when the scam was revealed.

McDonald's was able to regain control of its account within a few hours, and reported no direct financial consequences. In addition, in recent weeks, Instagram seemed to be behaving strangely, notably preventing users from accessing two-factor authentication (2FA).

‍

🎓 The University of Paris-Saclay has announced that it was the target of a ransomware attack on August 11. While it claims to be accompanied by ANSSI to resolve the incident, the establishment has not communicated on the scale or nature of the incident.

As a reminder, the Université Paris-Saclay brings together 48,000 students in several faculties, three IUTs, and the ENS Paris-Saclay, AgroParisTech and CentraleSupélec grandes écoles.

‍

🎫 Quarkslab, a French cybersecurity company, has announced that it has discovered a backdoor present in millions of MIFARE contactless cards used worldwide. They are used in particular for contactless payments, transport ticketing and access control cards.

‍

And what cyber news has impressed you the most this week?

If you don't know me yet: every week, I select and present you with a recap of the world's cybersecurity highlights. Follow me on LinkedIn so you don't miss out!