Boom of identity theft in Italy. This is highlighted by the Report on information security policy for 2022, edited by the Intelligence Department in the section dedicated to the cyber threat (DOWNLOAD THE DOCUMENT HERE).
“The improved attribution capacity acquired by Intelligence and the wider recourse by state or ‘state sponsored’ actors to tools also used by criminal groups has made it possible to detect a significant growth in criminally motivated attacks, amounting to 47% of the total (+33 percentage points compared to 2021) – it is underlined – The recourse by the main actors of the threat to the registration of malicious domains was also confirmed for 2022 (about 41%, an increase of 5 percentage points compared to 2021 ), i.e. those characterized, by name and characteristics, by a high similarity with those of institutional and government sites, in order to unknowingly divert users to compromised websites (‘typosquatting’ technique)”.
Although in sharp decline, the search for technical vulnerabilities exposed by selected targets continued (so-called Bug Hunting, at 3.7%) preparatory to attempts to violate their computer networks, as well as attacks of the Sql Injection type (at 14%). This contraction was offset by an increase in the use of malware by criminal actors (mainly ransomware, 28% of the total, up by more than 15 percentage points compared to the previous year).
Individuals in the crosshairs
In 2022, cyber attacks mainly affected IT infrastructures attributable to private individuals (56%, up by 32 percentage points compared to 2021), with particular attention to the digital infrastructure/IT services sectors (22%, up by 16 percentage points), transport (18%, stable compared to the previous year) and banking (12%, up by 5 percentage points compared to 2021).
Cyber threats and cyber incidents: activate your resilience in 10 steps
“The actions against public objectives (43%, down by 26 percentage points) mostly concerned the Central Administrations of the State (62% of the total, an increase of 6 percentage points compared to the previous year) and IT infrastructures referable to premises and health facilities (for a total of 20% of the total)”, reads the report.
The results of hostile actions
As regards the results of hostile actions, there was a significant prevalence of offensives aimed at inhibiting the provision of services, through the use of digital weapons capable of eliminating data and programs present in the systems of target devices, making them unusable (approx. 31% of the total, an increase of 30 percentage points compared to the previous year), followed by actions functional to subsequent attacks (dropped to 11%, with a difference of around 30 percentage points compared to 2021). The campaigns for espionage purposes (3%), – as the intelligence points out – albeit in marginal numerical terms compared to the total, were directed towards the systems of the CISR Dicasteries and of primary national suppliers of electronic communication services, and conducted through highly structured actions and with the use of sophisticated techniques and tools.
Attacks for economic purposes
There is “a significant increase in offensives aimed at guaranteeing an economic advantage for the attacker (53%, up by 44 percentage points compared to the previous year), similarly to the drastic increase in digital incursions aimed at undermining the credibility and reputation of those targets considered supporters of one of the parties involved in the Russian-Ukrainian conflict (31%, up by 30 percentage points), to the detriment of those initiatives to which it was not possible to attribute a clear purpose (13%, a significant reduction compared to the year previous)”.
Cyber-espionage is growing slightly
The report records a slight increase (+3 percentage points) with reference to state or state-sponsored groups that have resorted to cyber espionage actions, which amounted to 26% of the total”. “In the period under review, attempts by these actors to exploit the vulnerabilities present in remote connection systems – used for teleworking purposes – with the aim of gaining access to IT resources of companies and organizations were observed”, continue the document.
Russia’s interference
According to the report, “Moscow will not stop interfering in the political dynamics and decision-making processes within NATO countries, resorting even more than in the past to coercive and manipulative methods, such as cyber attacks, disinformation, blackmail and the use of levers such as migration and energy ”. The latter is destined – according to 007 – to lose relevance with the Western commitment to find alternatives to energy dependence on Russia.
The future fide
Many of the challenges that Intelligence is called upon to face can benefit from technological advances and must at the same time manage the new risks they entail.
“State and non-state hostile actors can count on a number of tools, often cheap and highly effective, which allow them to exploit, on the one hand, new attack vectors (as in the case of ransomware-type ones) and to amplify , on the other hand, the effect and scope of more traditional activities, such as disinformation and espionage operations”, he explains.
The difficulties posed to the intelligence activity – and to the confidentiality on which it is based
fonda – from the development and application of the most advanced technologies are therefore multiple and derive from various domains. “These include the new generation telecommunications networks, for which the risk of state interference by means of equipment made by unreliable manufacturers appears very concrete; the cc.dd. ‘frontier technologies’ (blockchain, artificial intelligence), the improper use of which opens up unprecedented methods of attack by malicious actors (as in the case of deepfakes and chatbots); the transition to new computational paradigms (“quantum computing”), whose capabilities – still not fully explored – appear such as to be able to easily undermine the foundations on which the current concept of IT security is based, primarily in relation to the possibility of violating today’s encryption algorithms.
According to the Intelligence, the effective implementation of technological innovation in the sector can benefit from the adoption of a structured approach towards research and innovation.
“Only through the consolidation of the Public-Private Partnership
between Intelligence and national realities (industrial, academic, research, start-ups) it will, in fact, be possible for the Section to guarantee the implementation of its mission to protect national political, economic and military interests and the industrial and scientific heritage of the System Country – he concludes – With the aim of facing the growing threats, in recent years there has been an additional commitment towards digitization and innovation within the Sector, both for legal-administrative activities and for info- operational. This effort, in addition to a significant action to prevent and contrast the threat, represents a significant opportunity for strengthening and optimizing Intelligence activities”.
@ALL RIGHTS RESERVED