“In one year the National Cybersecurity Agency (ACN) dealt with over 1300 cyber events, many of which were particularly serious. We intervened to remedy the damage to many public healthcare facilities, over 40 in less than two years”. Gianluca Galasso is the Operations Service Director of the ACN. In an interview with our newspaper he takes stock of the Agency’s activities. Starting from the main methods used by cyber attackers to attack their online victims. “Online scams are almost always the same and scammers always exploit the principle of the victim’s naive trust. Many of these scams are in fact based on social engineering, that is, on knowledge of people’s psychology and their interests.” Among the latest operations in which it has been involved is the recent cyber attack on a public administration service provider.
Cybercriminal tactics: social engineering and pyramid schemes
The best-known case is phishing: a false email that tricks the victim into communicating their credentials. It can start with falsely reporting that your account has been blocked due to an attack to get you to re-submit your personal details and change your password, which then ends up in criminal hands. “More often, by taking advantage of people’s tiredness and distraction, criminals can induce them to start an action, such as downloading an infected attachment or clicking on the link to a clone site where they type in their ID and password to obtain a service which however does not it will be given. Even there they will steal the data to use it as they wish”, reasons Galasso. But the types of online scams are various. And many prey on the victim’s desire to earn money.
“Other types of scams are based on pyramid schemes where the lever is the victim’s desire to obtain easy money and therefore they are induced to invest in cryptocurrencies or, after having established a romantic relationship, ask for a loan that will not be repaid. Among the tools used to carry out scams in recent times there has also been widespread use of text messages (in this case we speak of smishing), i.e. messages sent to one’s smartphone by apparently legitimate users (for example financial operators) containing links to which access to type the data which is simultaneously stolen. These forms of attack can have a good chance of success since, in our intense daily routines, we all make continuous and often distracted use of mobile devices, so much so as to increase the risk of committing fatal carelessness” , explains the director.
How to defend yourself: awareness and reason
There are few effective defense strategies. And they often revolve around the concept of awareness. And reasonableness. “For citizens, the first thing to do is to become aware that the Internet lends itself to this type of fraud both because it allows anonymity and because it has no territorial boundaries. Unfortunately, the same laws do not always allow criminals to be easily prosecuted when they operate from countries with which there are no adequate judicial collaboration protocols. And then common sense is needed”, explains Galasso: “It is true that the Internet has accustomed us to having many things without paying for them directly, think of journalistic information, but it is It’s quite difficult for someone to want to give you an iPhone because you’re the 10,000 user who has visited that certain site. In short, when something is too good to be true, it’s not true.”
Among other things, scams are carried out by normal people, not necessarily by malicious hackers: “Unfortunately, a “coin crime” model has spread, the so-called Crime as a Service (Crime on request), which offers on the black market of the web software packages that automate phishing attacks or rent botnets (networks of zombie computers that act together) for DDoS. Therefore, criminal hackers, or black hat hackers, are those who create malicious software, but not the criminals who use them are necessarily so. Indeed, they pay them in rent or according to a logic of sharing criminal proceeds, precisely because they do not have the skills to create them. There are many types of hackers and, compared to the most dangerous ones, such as for example, those we call State sponsored hackers, hackers financed and covered by the States, can only intervene specialized structures that protect the surface of the target or intervene to restore the systems impacted after an attack. Which is what the CSIRT, the Computer Security Incident Response Team Italy, which operates at the National Cybersecurity Agency, does.”
The defense strategy a company should adopt
Cybersecurity is an issue that affects everyone. Private. But also companies. Which must follow more specific rules in relation to the type of business carried out and the criticality of the data processed, to guarantee the safety of their customers and the normal operation of the services aimed both inside and outside their organisation.
“In the meantime, we start with the use of secure software and hardware, then we implement access policies to the systems according to the logic of least privilege (i.e. not everyone can operate the systems in the same way), we equip ourselves with anti-intrusion systems and other defense systems for individual workstations, for servers and for corporate networks and, for more complex situations, actual operational centers are created for monitoring the vital functions of the entire digital infrastructure (they are called Security Operation Centers) “, explains Galasso, who adds: “It is also important to carry out internal audits and promote the cyber hygiene of your employees and customers. With cyber hygiene we refer to a set of security rules that range from updating operating systems of the digital devices you work with, for example, to the use of antivirus and anti-malware, to offline backup copies of data and information. Employee training is crucial. Some companies train it with gamification initiatives, i.e. making safety exercises similar to a game to encourage user involvement and learning”.
Italy is certainly among the European countries most affected by cyber criminals, reasons the ACN manager, who however specifies: “We must also remember that we are a G7 country, highly digitalised, with a modern industry and a strong banking sector; therefore, it is inevitable to be a victim of cyber attacks. Criminals go where there are profits to be made.” The Agency’s task is to improve the country’s cyber defenses.