{"id":3878,"date":"2025-11-25T15:41:50","date_gmt":"2025-11-25T15:41:50","guid":{"rendered":"https:\/\/phishia.fr\/?p=3878"},"modified":"2025-11-25T16:03:52","modified_gmt":"2025-11-25T16:03:52","slug":"how-cti-could-have-prevented-a-cyber-attack","status":"publish","type":"post","link":"https:\/\/phishia.fr\/en\/blog\/monitoring\/how-cti-could-have-prevented-a-cyber-attack\/","title":{"rendered":"How CTI could have prevented a cyber-attack"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3878\" class=\"elementor elementor-3878\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ef1ccb0 e-flex e-con-boxed e-con e-parent\" data-id=\"ef1ccb0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5dac292 elementor-widget elementor-widget-text-editor\" data-id=\"5dac292\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>When a large public organization (city, hospital, metropolis...) suffers a massive cyberattack, the dominant impression is often :<\/p><p>\u201cThey fell on us all at once, we couldn't see it coming.\u201d<\/p><p>Except in reality,\u00a0<strong>a major attack almost never begins on Monday at 9 a.m.<\/strong>.<br \/>Weeks - sometimes months - before the final attack,\u00a0<strong>activity around the organization increases sharply on the dark web<\/strong>\u00a0:<\/p><ul><li>stolen identifiers,<\/li><li>VPN access for sale,<\/li><li>private discussions between cybercriminals,<\/li><li>access tests on various portals.<\/li><\/ul><div>\u00a0<\/div><p>With a genuine\u00a0<strong>Cyber Threat Intelligence (CTI)<\/strong>, these signals can be seen, analyzed... and\u00a0<strong>transformed into defense actions<\/strong>\u00a0before things get out of hand.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d90f733 e-flex e-con-boxed e-con e-parent\" data-id=\"d90f733\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8be2ce9 elementor-widget elementor-widget-heading\" data-id=\"8be2ce9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Before the attack: when the dark web gets restless<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dc3e04d e-flex e-con-boxed e-con e-parent\" data-id=\"dc3e04d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-65cc3b0 elementor-widget elementor-widget-text-editor\" data-id=\"65cc3b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Take the typical case of a large community or organization hit by ransomware:<\/p>\n<p><strong style=\"background-color: transparent;\">Months before: first discreet leaks<\/strong><\/p>\n<p>In leaked lists or on certain forums :<\/p>\n<ul>\n<li>from&nbsp;<strong>internal e-mail addresses<\/strong>&nbsp;associated with passwords,<\/li>\n<li>accounts linked to business portals,<\/li>\n<li>technical access (VPN, RDP, etc.) sold at low prices.<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<p>At this stage, the organization is not yet a \u201cpriority target\u201d, but it is on the attackers' radar:<br>it has interesting data, and&nbsp;<strong>doors begin to open<\/strong>.<\/p>\n<p><strong style=\"background-color: transparent;\">A few weeks before: net increase in activity<\/strong><\/p>\n<p>Gradually, activity related to the organization's domain name or addresses&nbsp;<strong>increases sharply<\/strong>&nbsp;:<\/p>\n<ul>\n<li>more mentions in leakage databases,<\/li>\n<li>more identifiers tested or offered for sale,<\/li>\n<li>targeted discussions around its services (such as agent portals, administrative accounts, etc.).<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8f0c4e elementor-widget elementor-widget-image\" data-id=\"c8f0c4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1024x576.png\" class=\"attachment-large size-large wp-image-3880\" alt=\"\" srcset=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1024x576.png 1024w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-300x169.png 300w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-768x432.png 768w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1536x864.png 1536w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-18x10.png 18w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1.png 1920w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dc1625d e-flex e-con-boxed e-con e-parent\" data-id=\"dc1625d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4fe2a9b elementor-widget elementor-widget-text-editor\" data-id=\"4fe2a9b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>You can clearly see a\u00a0<strong>jump from the usual \u201cbase line<\/strong>.<br \/>For a CTI eye, it's a red flag:<\/p><p>\u201cSomeone is much more interested in this organization than usual.\u201d<\/p><p><strong style=\"background-color: transparent;\">Just before the attack: ready-to-use access<\/strong><\/p><p>In the days leading up to the attack:<\/p><ul><li>certain accesses are tested (connection to portals, verification of identifiers),<\/li><li>access brokers\u201c resell reliable entrance doors,<\/li><li>ransomware groups are beginning to position themselves.<\/li><\/ul><div>\u00a0<\/div><p>When the attack finally begins,\u00a0<strong>preparation work is long over<\/strong>.<br \/>Encrypting systems is only the last step.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-50f30a9 e-flex e-con-boxed e-con e-parent\" data-id=\"50f30a9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e011edd elementor-widget elementor-widget-heading\" data-id=\"e011edd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What well-structured CTI monitoring would have seen<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8a9a2d5 e-flex e-con-boxed e-con e-parent\" data-id=\"8a9a2d5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f555797 elementor-widget elementor-widget-text-editor\" data-id=\"f555797\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>With real CTI capability in place, this scenario no longer looks like a complete surprise.<br \/>In concrete terms, CTI will :<\/p><p><strong>Continuously monitor useful sources<\/strong> These include the \u00abclassic\u00bb web, the deep web (private spaces, encrypted channels), the dark web (closed forums, marketplaces, private groups) and public or semi-private data leakage databases.<\/p><p>Objective:\u00a0<strong>report anything that concerns your organization<\/strong><br \/>(domain names, e-mail addresses, trademarks, known IPs, main portals, etc.).<\/p><p data-start=\"0\" data-end=\"300\"><strong>Qualify what comes up : <\/strong>it's not a matter of saying \u201cwe've found some stuff\u201d, it's a matter of distinguishing what's really serious: an expired generic identifier remains of limited impact, whereas a valid VPN account with extended rights or an admin account on a critical internal portal reaches maximum criticality.<\/p><p data-start=\"302\" data-end=\"474\" data-is-last-node=\"\" data-is-only-node=\"\">For each event, a criticality is assigned according to the sensitivity of the access, its functional scope and its potential for exploitation by an attacker.<\/p><p data-start=\"0\" data-end=\"314\"><strong>Highlighting trends :<\/strong>\u00a0is precisely what <strong>CTI<\/strong> Rather than treating each leak as an isolated case, it tracks the volume of leaks linked to your organization, pinpoints unusual peaks in activity and detects repeated discussions around your access or systems.<\/p><p data-start=\"316\" data-end=\"557\" data-is-last-node=\"\" data-is-only-node=\"\">This is where the famous \u201cbefore\/after\u201d comes into play: a relatively stable, normal noise level, followed by a period of abnormal agitation before the attack, which signals an escalation of risk and allows us to anticipate rather than suffer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8ea364f e-flex e-con-boxed e-con e-parent\" data-id=\"8ea364f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2f9f761 elementor-align-center elementor-tablet-align-center elementor-widget elementor-widget-button\" data-id=\"2f9f761\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/phishia.fr\/en\/cti\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">See our Phishia CTI offer<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7810ddc elementor-widget elementor-widget-heading\" data-id=\"7810ddc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Phishia's concrete contribution to the CTI process<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a3914fa e-flex e-con-boxed e-con e-parent\" data-id=\"a3914fa\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8afda65 elementor-widget elementor-widget-text-editor\" data-id=\"8afda65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"149\" data-end=\"386\">In the <strong data-start=\"169\" data-end=\"180\">Phishia<\/strong>, We don't just \u201cwatch the dark web\u201d. We apply a structured approach to <strong data-start=\"272\" data-end=\"299\">see attacks coming<\/strong> and help <strong data-start=\"311\" data-end=\"329\">react in time<\/strong>, before the incident turned into a major crisis.<\/p><p data-start=\"388\" data-end=\"519\">In the case of an attack that paralyzes a large community or hospital, a <strong data-start=\"470\" data-end=\"503\">CTI really up and running<\/strong> would have enabled :<\/p><ul data-start=\"521\" data-end=\"1284\"><li data-start=\"521\" data-end=\"728\"><p data-start=\"523\" data-end=\"728\"><strong data-start=\"523\" data-end=\"544\">Early warning<\/strong> : as soon as the first really noticeable leaks (<strong data-start=\"592\" data-end=\"654\">critical accounts, valid VPN access, admin credentials<\/strong>...), when activity around the organization goes beyond normal levels.<\/p><\/li><li data-start=\"729\" data-end=\"1007\"><p data-start=\"731\" data-end=\"1007\"><strong data-start=\"731\" data-end=\"765\">Take targeted measures<\/strong> password reset, token invalidation, <strong data-start=\"829\" data-end=\"867\">enhanced authentication<\/strong> (MFA, geographic restrictions, IP filtering), verification of exposed portals, <strong data-start=\"951\" data-end=\"988\">quick access audit<\/strong> in leaks.<\/p><\/li><li data-start=\"1008\" data-end=\"1284\"><p data-start=\"1010\" data-end=\"1284\"><strong data-start=\"1010\" data-end=\"1051\">From \u201creactive\u201d to \u201cpreventive\u201d<\/strong> These include cutting off or closely monitoring compromised access, and controlling the most sensitive accounts, <strong data-start=\"1157\" data-end=\"1201\">prepare the IT department, CISO and management<\/strong> to increased risk rather than discovering the leak after server encryption.<\/p><\/li><\/ul><p data-start=\"1286\" data-end=\"1508\" data-is-last-node=\"\" data-is-only-node=\"\">We can't promise that <strong data-start=\"1315\" data-end=\"1332\">any attack<\/strong> would have been prevented at 100 %, but a well-exploited CTI <strong data-start=\"1390\" data-end=\"1410\">greatly reduces<\/strong>the probability of success, <strong data-start=\"1437\" data-end=\"1468\">limits the extent of the damage<\/strong>... and avoid the general surprise effect.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>When a large public organization (city, hospital, metropolis...) suffers a massive cyberattack, the prevailing impression is often: \u201cThey've come down on us all of a sudden, we couldn't see it coming.\u201d Except in reality, a major attack almost never starts on a Monday. Except that, in reality, a major attack almost never starts at 9 a.m. on a Monday. Weeks - sometimes months - before the final attack, the activity around the [...]<\/p>","protected":false},"author":3,"featured_media":3884,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[24],"tags":[],"class_list":["post-3878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-surveillance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phishia.fr\/en\/blog\/monitoring\/how-cti-could-have-prevented-a-cyber-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia\" \/>\n<meta property=\"og:description\" content=\"Lorsqu\u2019une grande organisation publique (ville, h\u00f4pital, m\u00e9tropole\u2026) subit une cyberattaque massive, l\u2019impression dominante est souvent : \u201cIls nous sont tomb\u00e9s dessus d\u2019un coup, on ne pouvait pas le voir venir.\u201d Sauf que dans la r\u00e9alit\u00e9,\u00a0une attaque majeure ne commence presque jamais le lundi \u00e0 9h.Des semaines \u2013 parfois des mois \u2013 avant l&rsquo;attaque finale,\u00a0l\u2019activit\u00e9 autour [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phishia.fr\/en\/blog\/monitoring\/how-cti-could-have-prevented-a-cyber-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Phishia\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T15:41:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-25T16:03:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"912\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"},\"author\":{\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\"},\"headline\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque\",\"datePublished\":\"2025-11-25T15:41:50+00:00\",\"dateModified\":\"2025-11-25T16:03:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"},\"wordCount\":950,\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"articleSection\":[\"Surveillance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\",\"name\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"datePublished\":\"2025-11-25T15:41:50+00:00\",\"dateModified\":\"2025-11-25T16:03:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"width\":1600,\"height\":912},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/phishia.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Surveillance\",\"item\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/category\\\/surveillance\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"name\":\"Phishia\",\"description\":\"Cabinet de Conseil IT, Cybers\u00e9curit\u00e9, Durabilit\u00e9\",\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/phishia.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\",\"name\":\"Phishia\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"width\":512,\"height\":128,\"caption\":\"Phishia\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/phishia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\",\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How CTI could have prevented a cyber-attack - Phishia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phishia.fr\/en\/blog\/monitoring\/how-cti-could-have-prevented-a-cyber-attack\/","og_locale":"en_US","og_type":"article","og_title":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia","og_description":"Lorsqu\u2019une grande organisation publique (ville, h\u00f4pital, m\u00e9tropole\u2026) subit une cyberattaque massive, l\u2019impression dominante est souvent : \u201cIls nous sont tomb\u00e9s dessus d\u2019un coup, on ne pouvait pas le voir venir.\u201d Sauf que dans la r\u00e9alit\u00e9,\u00a0une attaque majeure ne commence presque jamais le lundi \u00e0 9h.Des semaines \u2013 parfois des mois \u2013 avant l&rsquo;attaque finale,\u00a0l\u2019activit\u00e9 autour [&hellip;]","og_url":"https:\/\/phishia.fr\/en\/blog\/monitoring\/how-cti-could-have-prevented-a-cyber-attack\/","og_site_name":"Phishia","article_published_time":"2025-11-25T15:41:50+00:00","article_modified_time":"2025-11-25T16:03:52+00:00","og_image":[{"width":1600,"height":912,"url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","type":"image\/jpeg"}],"author":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#article","isPartOf":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"},"author":{"name":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528"},"headline":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque","datePublished":"2025-11-25T15:41:50+00:00","dateModified":"2025-11-25T16:03:52+00:00","mainEntityOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"},"wordCount":950,"publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","articleSection":["Surveillance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/","url":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/","name":"How CTI could have prevented a cyber-attack - Phishia","isPartOf":{"@id":"https:\/\/phishia.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","datePublished":"2025-11-25T15:41:50+00:00","dateModified":"2025-11-25T16:03:52+00:00","breadcrumb":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","width":1600,"height":912},{"@type":"BreadcrumbList","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/phishia.fr\/"},{"@type":"ListItem","position":2,"name":"Surveillance","item":"https:\/\/phishia.fr\/blog\/category\/surveillance\/"},{"@type":"ListItem","position":3,"name":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque"}]},{"@type":"WebSite","@id":"https:\/\/phishia.fr\/#website","url":"https:\/\/phishia.fr\/","name":"Phishia","description":"IT Consulting, Cybersecurity, Sustainability","publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phishia.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/phishia.fr\/#organization","name":"Phishia","url":"https:\/\/phishia.fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","width":512,"height":128,"caption":"Phishia"},"image":{"@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/phishia\/"]},{"@type":"Person","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528","name":"Enzo Debosque, Junior CyberSecurity Consultant"}]}},"_links":{"self":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/comments?post=3878"}],"version-history":[{"count":27,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3878\/revisions"}],"predecessor-version":[{"id":3976,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3878\/revisions\/3976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media\/3884"}],"wp:attachment":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media?parent=3878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/categories?post=3878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/tags?post=3878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}