Also for the year 2023, the Agency for Digital Italy has published the synthetic framework on the numbers of the main malicious campaigns that affected Italy in 2023.
Over the course of the year, a total of 1,713 malicious campaigns were identified and countered, sharing as many as 20,603 indicators with the public administrations accredited to the CERT-AGID Indicators of Compromise (IoC Feed) flow.
The information was collected by CERT-AGID which, among its tasks, plays a support role to public administrations in preventing and combating malicious activities related to IT security.
General trends and numbers
The analysis of general trends highlighted that:
– ransomware remains the most relevant and widely discussed threat in 2023; a single case of ransomware (Knight) was found in Italy distributed through a loader delivered via email while the majority of compromises continue to be carried out manually;
– alongside the constant spread of Infostealers, a growth has been observed in the illicit use of remote control tools, such as ScreenConnect or UltraVNC, which allow you to take control of the victims’ machines, viewing the contents of their screen and interacting with it as a local user would do using mouse and keyboard;
– the trend of spyware attacks with RAT functionality, carried out through smishing campaigns and aimed at obtaining complete control of Android devices, is growing strongly in Italy;
– there has been a constant decrease in the number of malware campaigns conducted through compromised Certified Email (PEC) accounts.
In total, CERT-AGID identified 54 malware families, of which 78% fell into the Infostealer category and the remaining 22% into the RAT (Remote Access Trojan) category.
During 2023, AgentTesla established itself as the most widespread malware in Italy, followed by Formbook and Ursnif. Also among the top ten is SpyNote, a well-known spyware designed for Android devices.
The main themes exploited to convey malware remained unchanged compared to previous years, with the theme of balance payments in first place; the theme “Revenue Agency” is growing, and was mainly used in Ursnif campaigns.
Among the channels for spreading malicious campaigns, compared to a significant decrease in campaigns conveyed through PEC accounts, there is a notable increase in smishing (which consists of the massive sending of SMS with deceptive communications).
The role of AgID
The Agency for Digital Italy plays a significant role in the prevention and dissemination of the culture of cybersecurity in public administration.
By virtue of its institutional mandate, and in line with the objectives of the three-year plan for IT in public administration, AgID is therefore committed to maintaining and developing preventive security services and accompanying functions aimed at administrations.
For AgID, aspects of IT security also take on a strong central role for other institutional functions such as opinions, supervision and the issuing of guidelines.