New cyberattack hits La Poste parcel and banking service

France’s La Poste service was hit with a new cyberattack on January 1, resulting in several services being unavailable for much of the day. 

This included all online services through its website, including parcel tracking. 

Its banking arm, La Banque Postale, was also affected with online services being unavailable, although customers could still confirm online card payments through SMS messages as opposed to via the app or website.

All services were restored by the end of the day, and appear to be functioning as normal as of 08:00 on January 2.

It is the second major attack of the holiday season, following a major issue on December 22, which saw parcel tracking services unavailable for several days and affected a number of French banks. 

The first attack took up to five days for all La Poste services to be restored. However, the delivery of Christmas parcels was mostly unaffected. 

Attacks look to wreak havoc, not steal data 

The two attacks are believed to be linked. A hacking group called ‘Noname057’ - which French media reports as pro-Russian - took responsibility for the first attack and are the main suspects for Thursday’s disruption. 

Unlike several recent major attacks, in which hackers gained access to classified areas including police records to steal data such as names, addresses and even in some extreme cases banking details, the La Poste attacks are thought to be aimed at causing disruption rather than for data theft.

The method used for both disruptions was a distributed denial-of-service (DDoS), which focuses on overwhelming a system using bogus requests. 

This causes it to slow, and eventually be unavailable altogether, making it impossible for genuine clients to use services. 

This can limit usability for both everyday clients and, in the case of La Poste, workers who use these connections to organise deliveries.

European banking authorities warned in December of an expected increase in DDoS-style attacks, mostly relating to the War in Ukraine and launched by pro-Russian hackers. 

The targets are expected to be key infrastructure, such as banks and public services and possibly public transport and electricity networks, in Ukraine and its EU allies.