The news arrives on the same day that the website and logo of the Italian National Cybersecurity Agency (ACN) become public: even the highly protected Thales has fallen hostage to the Lockbit 2.0 ransomware.
It is the same, homonymous gang that manages it to let people know on its blog that there are 13 days left until the fateful date in which the treasure of the first 1320 exfiltrated files will be exposed to the public. Thales is a French electronics group specializing in aerospace, defense, security and its Italian branch, Thales Alenia Aerospace, is a world leader in space components, for example for the modules of the ISS, the International Space Station made in Turin. The cybercriminal gang does not provide any details, just a countdown before releasing the exfiltrated data. One way to give the French the time to negotiate a ransom note that Thales claims not to have received and which qualified sources believe, however, to already be negotiated. The new year could not have started worse after the alarms coming from various fronts on the future targets of cyber-vandals and digital criminals.
The situation in Italy
For Cybergon, Elmec Informatica’s business unit dedicated to cybersecurity, between the first and second half of 2021, the incidents related to attacks on Italian companies doubled, Yarix, a company of Var Group, had counted 57 thousand, and the Clusit 2021 Report had highlighted how the costs of cyber attacks on a global level had already exceeded the value of 6% of world GDP. 25% of these attacks mapped by the association of experts, only in the first half of 2021 were directed towards Europe.
Made in Italy had already been hit hard in 2020: Campari, Carraro, Luxottica, Geox, just to name a few, but in the second half of 2021 there was an escalation of Italian victims who helped to raise more more attention from the national press. Companies such as San Carlo, manufacturing, toys (Clementoni) and fashion (Miroglio Group, Zegna). Towards the end of the year, Sogin also had to report a cyber attack, in the same hours in which it communicated the effectiveness of the collaboration with the Environmental Protection and Ecological Transition Command of the Carabinieri in protecting nuclear decommissioning operations and management of radioactive waste.
For CybergON, the cyber attacks declared in the Bel Paese were 600 per day, with a concentration on the research and education sectors that allows us to get on the podium, in second place after India, for weekly average of attacks. According to Trend Micro’s “Attacks from All Angels” report, in the first half of 2021 Italy is the fourth most affected country in the world by cyber attacks, especially as regards sectors that deal with sensitive information such as telecommunications, the banking sector and financial and distribution.
Ransomware and vulnerabilities
The second part of the year highlighted a theme that will also be central in 2022: the exploitation of software vulnerabilities. The latest in order of time was the Java Log4j flaw and, for CybergON, the exploitation of vulnerabilities known to perpetrate cyber attacks has increased by 41% over the past year, second only to the use of malware (43 %) while foreseeing that the attackers will be able to act in less than 48 hours. In 2021 this time was around 48-72 hours.
The data are partially consistent with those of Yarix, with respect to which the CEO Mirko Gatto stated that “The cyber risk landscape in Italy is becoming increasingly worrying: we are no longer talking about sporadic threats to a limited group of companies, perceived by hackers as a holder of valuable assets, but of increasingly aggressive systemic attacks, ready to hit any industry and any company with data to protect. Our latest report (July 2020 and June 2021, ed.), Highlights this orientation well with about 5000 events per month on average, i.e. 167 per day, or 7 per hour, 24 hours a day, 7 days a week. ” As we can see, among the 3000 Italian cybersecurity companies, the way of calculating the number and damages caused by cyberattacks changes according to the perimeter they defend and the methodology they use to estimate the possibility of new attacks, but already from the first days of year, as global companies such as Fortinet, Kaspersky and Trend Micro had predicted, the ransomware the cyber extortion that breaks into the victim’s networks to encrypt data requires a ransom, which must be paid in cryptocurrency to release them is still the protagonist. This is the latest case of the USL of Padua, but the Italian hospitals have been in the crosshairs for a whole year with the very serious attack on the Lazio Region of which the report on the accident has never been disclosed. But ransomware is precisely the trending criminal technique driven by various factors such as the boom in the value of cryptocurrencies, the willingness of victims to pay and the difficulty that the authorities have in catching the attackers.
Cyber security firm SonicWall wrote in late October: “With 495 million ransomware attacks registered by the company this year to date, 2021 will be the most expensive and dangerous year on record.”
At this point the words of the professor of the University of Sannio are darkly prophetic Aaron Visaggio: “We need to focus on two issues: a) the firepower of cybercrime is growing exponentially in terms of capacity, infrastructure, software used; b) Many ransomware are clearly evasive of controls. Beyond the promises of excellence of the tools we use, it is all too clear that we use failure paradigms in identifying threats ”.
Meanwhile, on the ACN Computer Security Incident Response Team website, which maintains an updated list of all computer vulnerabilities found, various guides have been published to react to ransomware attacks and increase the resilience of affected organizations: to be read and framed.
.