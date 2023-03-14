Cyber ​​attacks in Italy are increasing by 25% year on year, but at the same time the awareness of companies and the PA is growing. This is what emerges from the analysis of the data Security Operation Center (Soc) and Fastweb IT security centres which, like every year, participates in the elaboration of the Clusit Report.

From the analysis of Fastweb’s network infrastructure, made up of over 6.5 million public IP addresses, on each of which hundreds of devices and servers can communicate, over 56 million security events were recorded, an increase of 25 % compared to the events detected in 2021.

Defense measures are more effective

In general, the phenomena and effects related to cybercrime observed in 2022 are, for the most part, in continuity with what was observed in 2021. As cyberattacks progress an ever greater effectiveness of defense measures contrasts with thisalso thanks to a progressive awareness of IT risks on the part of companies and public administrations which direct greater investments towards technologies and services in the Security area.

The geopolitical situation

The current geopolitical situation also affects the perception of the importance of cyber security, which has led to an increase in the attention span of organizations and users. In fact, despite the intensification of security events and the high diversification of attack techniques, in 2022 the detections with respect to the negative effects of these events remained almost unchanged from the point of view of the impact on the affected organizations. As proof of this, significant decreases were noted in the number of Ddos attacks (-25% of events compared to 2021), critical services exposed on the internet (-9%) and the number of malware (-4%). The latter phenomenon is linked in particular to the strengthening of the level of cyber-resilience of companies, since, despite a marked increase in malware families (+22%), there are fewer attacks.

The impact of smart working on organizations

Furthermore, the increasingly widespread diffusion of flexible forms of work and the greater use of digital tools has made businesses and public administrations face the need to manage the security of their information systems with increasing attention, which employees access via PC and smartphone in an increasingly remote and distributed manner.

In detail, with regard to DDoS (Distributed Denial of Service) attacks, around 1,800 significant events and around 20,000 low-impact anomalies attributable to possible attacks were detected. The data shows a marked decrease in the phenomenon compared to 2021 (-25%) and therefore reconfirms the trend seen in the previous year of decrease in DDoS attacks after the peaks recorded in 2020. The most affected sectors are still Finance/Insurance and Public Administration, which together make up over 55% of the cases. However, the most significant increase is that of the Service Provider sector, which grew from 3% in 2021 to almost 16% in 2022.

Furthermore, in 2022 more than 41,000 servers and devices were detected without minimum levels of protection and therefore exposed to online risks. However, their number has been steadily decreasing since 2019, with a decreasing trend between 2022 and 2021 equal to 9%.

The type of attacks

The volume of malware and botnets decreased slightly (-3% compared to 2021) with, at the same time, a marked increase in malicious software families (+22% compared to the previous year). Among these threats, “downadup” is in first place with 33% of the total detections: these viruses exploit holes in Windows to take control of the machine and steal user information and credentials. However, the decrease in the amount of unknown malware and botnet families was significant (-49% compared to 2021), demonstrating the greater resistance and effectiveness of the defense tools on the market.

The geographical distribution of the malware control centers is also in absolute continuity with respect to the previous year, with infections originating from servers hosted in Europe that are increasingly numerous compared to those located in the United States.

Emails targeted by hackers

Among the threats monitored by Fastweb on its network there are also all the phenomena relating to Mail services which, even in 2022, have grown in terms of volume. The main factor used to convey attacks remains the use of malicious URL addresses (for 92% of cases, +5% compared to 2021). Among the new techniques most used by cybercriminals is whaling phishing, used to target the top management of large companies. The threat landscape has also changed compared to 2021: the surveys show how malware that was a minority in 2021 has increased to such an extent that it is among the most significant threats in 2022. This demonstrates a strong dynamism on the part of the cybercrime world which is trying to surprise the victims with an ever-changing fleet of attacks (such as the threat actors Mummy Spider and Hastur). A phenomenon to which is added the increasingly widespread use of artificial intelligence and machine learning to increase the damage of attacks, making them increasingly effective.

The analysis of 7Layers

“Hackers are adapting and learning to circumvent the most advanced security technologies faster and faster, which has led an increasing number of companies and public administrations to adopt increasingly effective solutions to improve the security of endpoints, devices such as PCs and smartphones used by its employees as well as network devices, which often represent the gateway to hackers – he explains Riccardo Baldanzi, founder and CEO of 7Layers, a company specialized in cyber security part of the Fastweb group – New services such as eXtended Detection and Response (XDR) combine endpoint detection and response capabilities with those of other security solutions, while also being able to integrate information from firewalls, servers, clouds and other security devices and services providing a more comprehensive visibility into threats occurring on the network.”

“Then there are solutions such as the Zero Trust Network Access (Ztna) which address in particular the security of access to the network, limiting access only to authorized users and approved devices – concludes Baldanzi – This helps to reduce the surface of network attack, making it more difficult for attackers to infiltrate and spread through the corporate network.

@ALL RIGHTS RESERVED