Intelligence on alert: "Cyber threat potentially damaging for Italy"

The Security Information Department warns: "The stability of the country's system is at risk". Public administration and healthcare are the most targeted sectors. Attacks conducted by "state actors" are growing strongly, from 5% to 23% of the total 28 Feb 2022 Federica Meta Journalist

“A peculiar contemporary paradigm of the threat is the cyber threat”. This is what emerges from the Annual Intelligence Report, according to which "cyberspace can open up extraordinary possibilities for progress or expose to dangers, even potentially damaging for the stability of the country system, whose safety cannot, therefore, ignore the necessary overview of the complex implications of digital transformation, nor from a correlated, clear distinction of roles and skills ". More generally, the intelligence writes, even during 2021, the attacks "continued to affect mainly the IT infrastructures of the Public Administration (69%, down by 14 percentage points compared to 2020)". Actions to the detriment of public objectives mainly concerned Central State Administrations (56%, a value up by more than 18 percentage points compared to the previous year) and IT infrastructures referable to local authorities and health facilities (for a total of 30% of the total). Attacks against private entities mainly affected the energy sectors (24%, a significant increase compared to last year), transport (18%, an increase of 16 percentage points) and telecommunications (12%, an increase of 10%). percentage points compared to 2020). The Dis Report underlines that in 2021, there was a reversal of the trend, attested by the significant decrease in hacktivist activities compared to the previous year (23% of the total), also due to possible changes that affected the internal organization of the Anonymous Italia collective. Compared to hacktivist groups, in confirming the tendency to claim and advertise their work through the main social platforms, they did not register structured campaigns in 2021, nor any resurgence of previous activities. Cyber-attacks conducted against Italian targets by “state actors” increased sharply in 2021, passing from 5% to 23% of the total. In the reporting period, attempts were observed by those same actors to exploit the vulnerabilities present in the main remote connection systems - widely used during the health emergency for teleworking purposes - in an attempt to earn, through the spread of malware, access to IT resources of companies and organizations. On the other hand, actions of an unidentifiable matrix are constantly increasing (40%) attributable to the use, by actors of various kinds, of offensive tools freely available or distributed on parallel digital markets, often present on the deep and dark web. As for the types of attacks, there has been a renewed interest, by most of the actors of the threat, in terms of domain registration (about 37%, an increase of more than 35 percentage points compared to 2020) connoted, by denomination and characteristics, from a high similarity with those of institutional and government sites. With the creation of these domains, the goal was to hijack unsuspecting users, through the so-called typosquatting technique, on sites containing malicious tools. Added to this is the use of research activities for the technical vulnerabilities exposed by the selected targets (so-called Bug Hunting, at 20%), preparatory to attempts to violate their IT networks, often through SQL Injection attacks (23%) . As regards the outcomes of hostile actions, also for 2021 there was a slight prevalence of prodromal actions to potential subsequent attacks (about 42% of the total, down 11 percentage points compared to the previous year), followed by those aimed at subtracting information from effectively compromised assets (about 34%, almost stable compared to 2020). In the face of a significant number of hostile initiatives to which it was not possible to attribute a clear purpose (67%, a slight increase compared to the previous year), the consistency of which is linked to the number of actions prodromal to subsequent attacks, remained high. '' attention to intelligence on espionage campaigns (23%) conducted by structured groups, often contiguous to government apparatuses, from which they receive strategic guidelines and financial support (so-called Advanced Persistent Threat-APT), which have involved national strategic realities, in first and foremost those operating in the telecommunications and defense industry sectors. The chip crisis In the context of the crises that hit global value chains in 2021, the strong imbalance recorded between supply and demand for semiconductors was a particularly critical element for a plurality of production sectors. It emerges that the cause of this imbalance, the economic impact of which reverberated along the supply chains concerned with costs estimated at hundreds of billions of dollars, was caused by a plurality of largely unforeseen and dissociated factors.

cyber threat