{"id":8183,"date":"2015-08-24T14:00:59","date_gmt":"2015-08-24T13:00:59","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=8183"},"modified":"2019-12-31T10:35:53","modified_gmt":"2019-12-31T09:35:53","slug":"attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/","title":{"rendered":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants"},"content":{"rendered":"

L\u2019affaire Ashley Madison semble le prouver une fois de plus, les cybercriminels commettent des erreurs qui peuvent leur nuire. D\u00e9tecter ces fautes et savoir les utiliser sont des \u00e9l\u00e9ments essentiels dans la gestion des crises cyber.<\/em><\/p>\n

Des attaques dont les objectifs sont souvent difficiles \u00e0 cerner<\/h2>\n

L\u2019actualit\u00e9 le montre trop r\u00e9guli\u00e8rement, les actes cybercriminels se multiplient et visent tous types d\u2019organisation. Certains sont revendiqu\u00e9s et leurs objectifs sont rapidement connus. C\u2019est le cas pas exemple de l\u2019attaque visant le site Ashley Madison o\u00f9 les motivations sont explicites<\/a>.<\/p>\n

Mais dans la plupart des cas, les objectifs de l\u2019attaquant sont beaucoup plus difficiles \u00e0 identifier ! Il est pourtant crucial de le faire pour pouvoir r\u00e9agir au mieux et prot\u00e9ger rapidement ce qui n\u2019a pas encore \u00e9t\u00e9 touch\u00e9 par l\u2019attaque.<\/p>\n

Une des cl\u00e9s pour mieux comprendre une attaque consiste \u00e0 exploiter les erreurs des attaquants. En effet, malgr\u00e9 leur niveau de comp\u00e9tences potentiellement \u00e9lev\u00e9, les pirates restent des humains et commettent souvent des erreurs. Des fautes qu\u2019il est possible d\u2019exploiter pour mieux comprendre l\u2019attaque et la contrer, mais aussi pour identifier ceux \u00e0 son origine.<\/p>\n

Utiliser les erreurs des attaquants pour mieux les comprendre<\/h2>\n

Le cas r\u00e9cent d\u2019Ashley Madison semble \u00eatre un bon exemple, m\u00eame s\u2019il faudra attendre les investigations compl\u00e8tes pour confirmer tous les \u00e9l\u00e9ments. Les attaquants auraient diffus\u00e9 les donn\u00e9es vol\u00e9es via BitTorrent<\/em> en utilisant un serveur lou\u00e9 chez un h\u00e9bergeur aux Pays Bas. Ils auraient cependant oubli\u00e9 de s\u00e9curiser ce serveur<\/a>, en particulier ils n\u2019ont pas mis de mot de passe sur les interfaces d\u2019administration web. M\u00eame si cela ne permet pas de les identifier directement, il s\u2019agit d\u2019une piste de premier choix pour les forces de l\u2019ordre en charge des investigations. Il faut cependant rester prudent car cela peut aussi \u00eatre une forme de diversion r\u00e9alis\u00e9e par les attaquants. Affaire \u00e0 suivre !<\/p>\n

Autre exemple, le cas \u00ab Red October<\/em> \u00bb. C\u2019est l\u2019affaire d\u2019une vaste op\u00e9ration de cyber espionnage qui a commenc\u00e9 en mai 2007 et qui a \u00e9t\u00e9 d\u00e9couverte par le cabinet Kaspersky quelques ann\u00e9es plus tard. Le cabinet a r\u00e9ussi \u00e0 identifier, bloquer et neutraliser le logiciel malveillant en utilisant une faille de l\u2019attaque<\/a>. En effet, les noms de domaines pour les serveurs d\u2019exfiltration qui \u00e9taient utilis\u00e9s dans le code malveillant n\u2019avaient pas \u00e9t\u00e9 r\u00e9serv\u00e9s par les attaquants. Cela a permis \u00e0 Kaspersky de simuler un de ces serveurs et de voir qui \u00e9tait infect\u00e9 et quelles donn\u00e9es \u00e9taient captur\u00e9es.<\/p>\n

Parfois, ces erreurs permettent m\u00eame d\u2019identifier les auteurs de l\u2019attaque, comme ce fut le cas avec la traque de la personne derri\u00e8re le malware PlugX.<\/a><\/p>\n

Nos consultants ont d\u2019ailleurs eux aussi rencontr\u00e9 ce genre de situation dans le cadre d’une attaque cibl\u00e9e chez un de nos clients. Les pirates\u00a0avaient en effet \u00ab oubli\u00e9 \u00bb la pr\u00e9sence d\u2019un keylogger<\/em> sur les serveurs internes utilis\u00e9s pour l\u2019exfiltration des donn\u00e9es, ce qui a permis \u00e0 nos experts d\u2019identifier quelles donn\u00e9es \u00e9taient cibl\u00e9es et o\u00f9 elles \u00e9taient envoy\u00e9es. Nous avons m\u00eame pu r\u00e9cup\u00e9rer le login et le mot de passe utilis\u00e9s par les attaquants. Le concept de \u00ab l\u2019arroseur arros\u00e9 \u00bb remis au go\u00fbt du jour.<\/p>\n

Savoir tirer parti de ces informations pour mieux g\u00e9rer la crise<\/h2>\n

Les informations obtenues gr\u00e2ce \u00e0 ces erreurs sont tr\u00e8s pr\u00e9cieuses, elles permettent ensuite d\u2019adapter la r\u00e9ponse \u00e0 l\u2019incident. D\u2019autant plus que les attaquants utilisent parfois des m\u00e9canismes de diversion \u00ab bruyants \u00bb (red\u00e9marrage de machines, effacement de fichiers, forte activit\u00e9 CPU, voir d\u00e9ni de service\u2026) afin de d\u00e9tourner l\u2019attention des vrais donn\u00e9es qu\u2019ils visent. Une compr\u00e9hension \u00ab m\u00e9tier \u00bb des objectifs de l\u2019attaque permet d\u2019\u00e9viter de se focaliser sur ces pi\u00e8ges.
\nIl est m\u00eame souvent int\u00e9ressant de laisser l\u2019attaque se d\u00e9rouler pour mieux la comprendre.<\/p>\n

Les r\u00e9flexes face aux incidents de s\u00e9curit\u00e9 \u00ab classiques \u00bb (d\u00e9ployer des signatures antivirales, r\u00e9installer des serveurs\u2026) sont donc aujourd\u2019hui largement r\u00e9volus. Il faut adopter une approche dynamique de la crise, s\u2019int\u00e9resser \u00e0 son objectif m\u00e9tier et utiliser les erreurs des attaquants pour \u00eatre plus pertinent, en pouvant m\u00eame envisager des r\u00e9ponses \u00ab actives \u00bb \u00e0 l\u2019attaque<\/a>. Un challenge pour les \u00e9quipes de r\u00e9ponses \u00e0 incidents, qui doivent adapter leurs m\u00e9thodologies et leurs r\u00e9flexes, mais un objectif crucial pour lutter contre ces attaques<\/p>\n","protected":false},"excerpt":{"rendered":"

L\u2019affaire Ashley Madison semble le prouver une fois de plus, les cybercriminels commettent des erreurs qui peuvent leur nuire. D\u00e9tecter ces fautes et savoir les utiliser sont des \u00e9l\u00e9ments essentiels dans la gestion des crises cyber. Des attaques dont les…<\/p>\n","protected":false},"author":15,"featured_media":8184,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[3021,175,474,3319,244,1241],"coauthors":[837],"class_list":["post-8183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-analyse","tag-apt","tag-attaque","tag-audit-pentesting","tag-crise","tag-cyberattaque"],"acf":[],"yoast_head":"\nCybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight<\/title>\n<meta name=\"description\" content=\"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-24T13:00:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:35:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants\",\"datePublished\":\"2015-08-24T13:00:59+00:00\",\"dateModified\":\"2019-12-31T09:35:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\"},\"wordCount\":787,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg\",\"keywords\":[\"analyse\",\"APT\",\"attaque\",\"audit & pentesting\",\"crise\",\"Cyberattaque\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Ethical Hacking & Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\",\"name\":\"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg\",\"datePublished\":\"2015-08-24T13:00:59+00:00\",\"dateModified\":\"2019-12-31T09:35:53+00:00\",\"description\":\"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378,\"caption\":\"analyser les attaquants\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight","description":"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/","og_locale":"en_US","og_type":"article","og_title":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight","og_description":"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer","og_url":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/","og_site_name":"RiskInsight","article_published_time":"2015-08-24T13:00:59+00:00","article_modified_time":"2019-12-31T09:35:53+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants","datePublished":"2015-08-24T13:00:59+00:00","dateModified":"2019-12-31T09:35:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/"},"wordCount":787,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg","keywords":["analyse","APT","attaque","audit & pentesting","crise","Cyberattaque"],"articleSection":["Cybersecurity & Digital Trust","Ethical Hacking & Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/","url":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/","name":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg","datePublished":"2015-08-24T13:00:59+00:00","dateModified":"2019-12-31T09:35:53+00:00","description":"Profiter des erreurs des attaquants pour mieux les comprendre et les contrer","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/08\/Fotolia_78673393_Subscription_Monthly_M.jpg","width":1378,"height":1378,"caption":"analyser les attaquants"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/08\/attaques-ciblees-profiter-des-erreurs-des-attaquants-pour-mieux-les-comprendre-et-les-contrer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybercriminalit\u00e9 : savoir profiter des erreurs des attaquants"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8183"}],"version-history":[{"count":5,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8183\/revisions"}],"predecessor-version":[{"id":12405,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8183\/revisions\/12405"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8184"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8183"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}