An alarm announced, expected and now official. Announced by Undersecretary Franco Gabrielli. But the solutions, in the face of the threat, are complicated. Difficult. Certainly not immediate. In the vast majority of digital systems in Italy, public and private, a tested, effective and consolidated antivirus is installed. Kaspersky brand: Russian, therefore, famous for years among professionals. Considered to be of excellent quality. But, with the conflict in Ukraine, at this frightening point, very dangerous. To all intents and purposes a potential trojan horse in our IT systems. Effects and consequences, all to be calculated. If possible, by the way. The National Cybersecurity Agency has warned everyone.
The “recommendation” of the Acn
The communication starts from the Csirt (computer security incident response team) Italy of the Acn, the operative nucleus of the agency. On the home page of its website, full-page, the CSIRT headlines: «Ukraine crisis: analysis of technological risk and diversification». Below, a long message to warn all interlocutors – public and private bodies, critical infrastructures and essential services – to “consider the security implications deriving from the use of information technologies provided by companies linked to the Russian Federation”. There are currently no signals, says the CSIRT. But it is necessary “to proceed urgently with an analysis of the risk deriving from the IT security solutions used and to consider the implementation of appropriate diversification strategies”.
Instructions for use
Of course, in complex systems it is unthinkable to immediately replace the entire protection system against cyber attacks and any other computer threat. The Acn thus advises to follow “appropriate diversification strategies”. There are five profiles intended for the intervention: 1) “Device safety (endpoint security), including anti-virus, anti-malware and “endpoint detection and response” (Edr): 2) «Web application firewall “(waf); 3) «Email protection»; 4) «Protection of services cloud“; 5) “Managed security services (managed security service) “. All, in short, to be subjected to the utmost vigilance. Up to replace, when possible, the Russian software with another product.
Ukraine, permanent alert
On the same home page of the CSIRT a second title stands out: «Cyber risks deriving from the Ukrainian situation» with the link «Measures to protect digital infrastructures» already published on February 14th. In short, the alerts are continuous. Every day or almost. The latest dates back to March 15: «CaddyWiper: new malware against Ukrainian institutions (AL03 / 220315 / CSIRT-ITA)». Hostile software with wiper technique: in practice, when it reaches its target, it destroys all available data. It neither steals nor encrypts them, but disintegrates them without any possibility of rescue or recovery. A much, much feared type of malware. Already used by the Russians – or their delegates – to hit some Ukrainian institutions.
The Germans: “Replace Kaspersky”
The BSI, the German Federal Agency for Technical Information Security, recommends «to replace the Kaspersky antivirus with alternative products. The action of the armed and intelligence forces in Russia and the threats launched against the EU, NATO and Germany in the current armed conflict – explains the German body – are associated with a considerable risk of a successful cyber attack. A Russian IT producer can conduct offensive operations, be forced to attack systems against his will or be spied on without his knowledge as a victim of a cyber operation or be used as a tool for attacking his customers. “