English
Reporter: From your perspective, what are the most pressing cyber threats to European critical infrastructure and how do you see them evolving in the coming years?
Clement Domingo: The first position among the cyber attacks that we have observed on our critical infrastructure is ransomware. Currently, the number of cybercriminals who know that they can attack any public institution or any company, steal its data or block its activity, and then demand payment of a reward in exchange for information or for returning to the state before the block. But ransomware is not the only threat. In recent years, we have noticed that cybercriminals, near elections or important events - sports or government decisions - can also launch DDoS attacks. We see many such DdoS attacks, through which millions of requests (or accesses) are sent to a website in a very short time, and it crashes, putting pressure on companies and public institutions and, at the same time, amplifying a certain type of message. For example, we have seen this in the context of various conflicts that have taken place in the world, but these conflicts have also reached directly here in Europe: in France, in Spain and other countries. This shows us that everything can change. And, last but not least, we have observed that not only critical infrastructure has been attacked, but also smaller companies, which are not aware of cyber risks and may not even know much about IT. Entrepreneurs are just trying to run their businesses, but they have found that their companies have fallen prey to cyber attacks. Unfortunately, many times, these small businesses are essential for the smooth functioning of the economy, and if you don't pay attention to the cyberattacks that target them, everything becomes complicated.
Reporter: Given your experience in monitoring cybercrime on the dark web, have you noticed any recent changes in tactics or targets that worry you in the current geopolitical climate?
Clement Domingo: Yes, very much so. I think the changes started especially in 2022, after the pandemic. Cybercriminals have understood that they can attack not only large or small companies, but also individuals. Because if they steal your personal data and ask you for a few euros, you are willing to pay. Another phenomenon that I have noticed in the last two years is the increase in the use of artificial intelligence. AI is changing everything. For example, you can now access some AIs models like Grok, ChatGPT or Cloud, and through certain prompts (which are distributed not on the dark web, but on Telegram - which has become the new dark web) you can learn how to commit crimes. You join groups, write whatever you want, and in 5-10 minutes you find resources for illegal acts.
If you ask the AI "how to sell drugs” or "how to write ransomware”, it will answer that it is not allowed to help you. But if you use the right prompt, the AI can show you step by step how to launch a cyber attack. So the situation has changed a lot.
• FraudGPT or WormGPT - smart applications without ethical boundaries
Reporter: Regarding AI, what impact does it have on cybersecurity, especially in regions like Africa or Eastern Europe?
Clement Domingo: The current situation is worrying, because we are facing a constant, exponential increase in cyber attacks. Although there are still authorities or public institutions that still believe that most cyberattacks come from Eastern Europe, this is not really the case. For two reasons. First: anyone can rent or buy a VPN and change their location. I can appear to be in Paris, Moscow or Tel Aviv, even though I am in Madrid. So we have to be very careful about what we call "attribution” of the cyberattack. That is why we have specialized reports, which are based on "indicators of compromise” - that is, technical signals that suggest the source of the attack, such as the IP, code signature, etc. But these can also be easily faked, unfortunately. Second reason: AI is changing the rules of the game. Anyone can create their own application based on AI or use a "wrapper” - that is, an interface that bypasses the imposed limitations. You may have heard of "FraudGPT” or "WormGPT” - these AIs that have no moral boundaries and that practically teach you how to become a cybercriminal. These tools are no longer used only by elite hackers, but also by the smaller ones, who have understood that they can make money. That is the change that is happening. And I urge everyone - individuals, companies and public institutions - to be aware of this. The idea that only big hackers can attack you is no longer valid.
Reporter: As someone who has been involved in combating over 180 cyber attacks, what patterns or trends should European governments and private organizations be watching for?
Clement Domingo: First of all, they need to have a preparedness plan or what we call a cyber crisis exercise. Because many don't. And if you are not prepared, on the day you are attacked, you don't know what to do, who to call, where to start. If you have the steps ready, you can cope better on the critical day. Secondly, I have often noticed that in these organizations nothing works anymore, and people don't have a physical map of their IT assets. It may sound simple or trivial, but when you come and the systems are down, the first thing you want to know is: where are the servers? Where is the Active Directory? What IPs did the systems have? If you don't have this documentation, you lose hours or days redoing everything on paper - before you can actually start responding to the incident. And you don't have time. You lose money. So I think our organizations, including those with critical infrastructure, need to delve deeper into these aspects. We have regulations like DORA and NIS 2, but honestly, many organizations still don't implement them.
Reporter: How do you assess the level of collaboration in the field of cybersecurity between European countries and what improvements would you like to see in terms of unified strategic response and information exchange?
Clement Domingo: There are three important things here, and the first one is related to collaboration, which is the key to successfully preventing and combating cyber attacks. Unfortunately, authorities do not always collaborate effectively, they do not exchange information and, because of this, cybercriminals are always one step ahead. If we had a central platform where all services can contribute and access information, it would be a big step forward. The second thing is about policies. It all comes down to these, more specifically the regulations in the field. We have DORA, we have NIS 2, but honestly, in many countries - including France, my country - the authorities say: "We still have two and a half years for implementation”. This sends the wrong signal. Many will understand that this is not an emergency. But cyberattacks do not wait. And, in these conditions, how can we raise awareness among the population? Because, in the end, we are all the target audience. We need to understand that our data is valuable. We need to know how we give it, to whom we give it, how we protect it. For example, crossing the street is dangerous, but our parents taught us how to cross: we wait for the green light, we look left and right. But online, people are completely lost. They use the same password everywhere, and it only takes one breach for cybercriminals to get into your system and steal your datas and turn your life upside down. I have tools, which I bought from cybercriminals, through which they can find out everything about you with just an email or a password. In other words, for the successful prevention and fight against cybercrime, awareness of this phenomenon and digital and cybersecurity education are essential. Only on the basis of these will we succeed in changing the mentality of citizens and increasing the degree of security in the online environment.
Reporter: Thank you.
Euro
Dolar SUA
Franc elveţian
Liră sterlină
Gram de aur
Reader's Opinion