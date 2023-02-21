Last year the Italian system has recorded an intensification of cyber attacks against SMEs, which have proved to be much more vulnerable than large organizations. As many as 80% of the attacks involved companies with a turnover of less than 250 million euros, while 51% of the affected realities have fewer than 100 employees.

To say it is the report on cybercriminal activities in the fourth quarter of 2022 conducted by Soc & Threat Intelligence Team di Swascanwhich undertook a profile analysis of victims worldwide targeted by gangs Criminal Hackers in the period considered. In this study, therefore, only companies were considered which, having chosen not to pay the requested ransom, have had their data published on data leak sites. In particular, data was collected regarding the victims of the 15 most active Ransomware gangs in the fourth quarter of 2022.

The vulnerabilities of Italian SMEs

Specifically, the Italian analysis was conducted randomly choosing ten victim companies for each of the ten ransomware gangs which distinguished themselves in the period between October and December 2022, for a total of one hundred companies analysed. The data was then aggregated based on the turnover and number of employees of the victims.

“The attention of the ransomware gangs towards the Italian SME”, he comments the CEO of Swascan, Pierguido Iezzi“must be traced back to the greater ease in hitting this sector, characterized by proportionally lower investments in cybersecurity, less available skills and a different awareness of personnel regarding network threats. Often these companies give in to blackmail more easily, since the backup systems are often not configured in security and consequently they too are encrypted: the payment of the blackmail then becomes the only way to be able to resume business operations. In addition to being an easier target, SMEs therefore guarantee a greater probability of earnings”.

An important clue in this regard comes from the decrease in attacks that became known with the publication of the exfiltrated data. In 2022 – with a global increase in cyber attacks of all types of 38% compared to the previous 12 months – ransomware, considering the data for the last quarter of 2022 and comparing it with the previous year, registers a decline of attacks with annexed data Breach of -23.7%. This discrepancy is most likely justified by the higher number of ransoms paid by the small and medium-sized enterprises affected: The attack took place, but as the ransom was paid, it was not disclosed.

“Italian SMEs”, continues Iezzi, “are a fundamental pillar of the Italian system: their knowledge, projects and patents constitute valuable information for criminal hackers, easily resold to hostile powers or to competing industries. The loss of this data represents a competitive damage at the geopolitical level in the medium and long term. On the one hand, SMEs need concrete aid for cybersecurity, while on the other, measures must be envisaged to hinder ransom payments and therefore discourage the work of cybercriminals”.

Italy is the European country most affected by malware attacks

That Italy is under attack is an established fact: we are the European country most affected by malware attacks in 2022. The data emerges from the latest Trend Micro Research report. The Trend Micro laboratories, according to a note, are analyzing all the data from the past year, but a first detail that emerges is that Italy has occupied the top step of the podium in the ranking of European countries most affected by malware in the months of April, May, June, July, September, October, November and December: eight months out of 12. In the last quarter of 2022 Italy was also third in the world, preceded only by Japan and the United States. In total, the malware that hit Italy in 2022 was 247,040,439

The data is the result of the analysis of the Smart Protection Network, Trend Micro’s global intelligence network that identifies and analyzes threats and constantly updates the online database of cyber incidents, to block attacks in real time using the best technology available on the market. The Smart Protection Network consists of over 250 million sensors and blocks an average of 65 billion threats annually, with a record 94 billion threats blocked in 2021.

