Traffic light protocol white: the news first classified as confidential becomes public, from the red light it passes to the orange one and then to the white one, which in the world of cyber defense means that it has reached public opinion, and the news is that “Sunday 6 March there could be cyber attacks in Italy against government and industrial entities that are not better defined “.
The alarm was raised by Csirt, the Computer Security Incident Response Team of the National Cybersecurity Agency: “In recalling the need to adopt all the protection measures for IT assets, in particular those subject to specific alerts already issued by ‘Cybersecurity Agency – Csirt Italia, it is recommended to pay particular attention on the indicated day and communicate any evidence of malicious activity using the communication channels of Csirt Italia ”.
We expected it. It had been talked about for a long time in these days when the military conflict between Russia and Ukraine had also taken the form of a cyber conflict. It all started – as we reported – from the spread of a dangerous malware of Russian origin, a wiper, capable of erasing the memory of computers and making them useless, and had continued with the incursions of Anonymous and about thirty other hacker groups from the fanciful names that had blocked the computer resources once of the Russians once of the Ukrainians. All in the name of fear of a NATO intervention which according to article 5 can intervene in defense of a country of the alliance, even in the event of a cyber attack.
Now, as expected, the concern is that even a distant country like Italy, which has taken a stand against Putin’s war, may be involved in the cyber war.
Already a few days ago, however, this notice could be read on the Csirt website “Although there are currently no indicators in this sense, it is highlighted the significant cyber risk deriving from possible collateral impacts on ICT infrastructures interconnected with the Ukrainian cyberspace, with particular reference to entities, organizations and companies that have relations with Ukrainian subjects and with which telematic interconnections are in place. Such impacts could derive from the interconnected nature of the Internet, as malicious actions, directed towards a part of it, can extend to contiguous infrastructures as demonstrated by previous infections with global impact such as NotPetya and Wannacry “.
In short, the alarm does not really concern everyone, but the managers of essential services and those who operate critical infrastructures.
Despite the alarm that appeared on press agencies, confidential sources contacted by us however tell us that there are no attack indices (IoA), yet in cyber defense environments there are specialists who speak in forums and private chats about Italy as possible target and cite the immediate likelihood of an attack on the national cyber perimeter.
However, they also don’t know if it will be the wiper or if we should expect DDoS (Distributed Denial of Service Attacks) attacks such as those that blocked Russian ministerial sites, RT TV or Gazprom. Someone else talked about possible attacks on the supply chain in which global technology providers could release malicious software updates capable of interfering with the functioning of the electrical, transportation, healthcare and manufacturing systems that are now mediated by the code. computer scientist.
However, the danger is plausible. The National Cybersecurity Agency had also issued a communication asking to reduce the external and internal attack surfaces, to verify the access control to the systems, to raise the monitoring levels of IT infrastructures, to adopt plans for the preparation and management situations of cyber crisis, and ensure the exchange of information both internally and externally towards the relevant cyber articulations, the CSIRT Italy first of all.
In the communication, the measures to be observed are the following:
• constantly make users aware of the risks deriving from malicious files or links received through communications that could constitute phishing (email, sms, instant messaging);
• verify the correct application of the password policies, evaluating the possibility of carrying out a password reset for all users;
• verify the functionality and effectiveness of the data backup and recovery systems, providing for the off-line maintenance of the back up if not already implemented;
• if not already adopted, plan and implement “zero trust” security models, or models that go beyond the concept of a secure and reliable network perimeter, providing for the authorization and authentication of each individual access to IT services and segregation capillary of network components;
• reduce the level of external exposure, by reducing to the essentials the services displayed and the communication channels, such as secondary internet connections that are not adequately protected.
According to a qualified source at a large national operator who cannot be named: “It will be months of tears and blood, the Russians will want to punish those who sanctioned them, we will witness a silent war in which the national and European economic system will be digitally bombed. . It will be a marathon, what we are experiencing is not a Twin Towers context, but a daily trickle for the economic sector. We must learn to assume a new posture and this is not only true for the 100 big names in our economy. It has become the problem of an entire society ”.