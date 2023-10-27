This morning the websites of three Italian airports, respectively in Valle d’Aosta, Calabria and Puglia, were hit by yet another action by a group of hacktivists. A group of hackers known as Mysterious Team Bangladesh had announced retaliation against our country for our government’s position in the Israel-Hamas conflict. The attacks arrived promptly, and although the news has catalyzed media attention, we must underline once again that these are not complex DDoS (Distributed Denial of Service) attacks.

Attacks of this type are extremely simple to organize and for this reason they represent almost all the offensives carried out by groups of alleged hacktivists. On the other hand, these attacks are relatively simple to manage with adequate investments in protection systems. In almost all cases, if an infrastructure site goes down for a few hours it is because there is no adequate barrier. We are therefore faced with criminal actions that have the sole intent of making sites that are not adequately protected inaccessible.

#Italy???? : The hacktivist group Mysterious Team Bangladesh announces a new operation aimed at Italy with the hashtag #OPItaly. The group reports several DDoS attacks aimed at Italian government entities in its telegram channel.

Underestimating these attacks, however, could be a serious mistake as they could be part of a broader strategy that uses them as a diversionary action while the attackers are engaged in espionage or sabotage activities. There are over a hundred groups of pseudo hacktivists who have announced their participation in attacks against Israel and the West. documented by CyberKnown researchers

Among them we also recognize pro-Russia groups such as Killnet and Anonymous Sudan (which we remember have no connection with the Anonymous collective). This plethora of actors can provide an effective smokescreen to nation-state actors, and their operations could be infiltrated by intelligence agents from various governments who have an interest in striking Western targets. In such a complex picture, the escalation of operations by Iranian APT (Advanced Persisten Threat) groups is worrying. We are talking about groups that operate under the control of the Tehran government and which we recognize as having sophisticated espionage and sabotage capabilities.

In what sense should the DDoS attacks mentioned be cause for concern?

Probably the most worrying effect of these attacks is the possibility that if directed at population alert systems, these systems may not operate correctly, exposing citizens to serious risks. It must be said, however, that these systems, being part of critical infrastructures, are hoped to be adequately protected and resilient to such unsophisticated offensives.

A further element of concern in the current complex is the proliferation of fake news. Immediately after the outbreak of each conflict we observe targeted campaigns that tend to destabilize local populations and influence the sentiment of the international community by manipulating contents and images that come directly from the places where these tragedies occurred.

The concomitance of two conflicts also forces analysts to consider a greater number of variables when evaluating events. Geopolitical analysis cannot and must not be confined to conflict areas, but it is necessary to broaden the horizon and carefully evaluate the positions of entities and states apparently not involved in conflicts, but capable of influencing them. Energy crises, raw material needs, grain crises have an effect on a global scale, they can exacerbate conflicts, but above all they can represent a remote trigger from the areas affected by the conflicts.

One of the questions most frequently asked by experts is how secure our critical infrastructures are.

The answer is complex and deserves attention, on the one hand we read of continuous violations of our country’s healthcare systems, evidence of gaps, delays and inadequacy of some managers in managing cyber risk. On the other hand, national companies that are constantly under attack, such as telephone providers and electricity distribution system operators, manage to defend us with immense efforts that most of us are not aware of.

In a historical moment in which the number of actors threatening our systems is increasingly increasing and their operations increasingly complex, it is crucial to invest in the technological component as well as the human one. It is essential to encourage collaboration between the public and private sectors, as well as the timely exchange of information between cyber emergency response centers of the various governments.

The level of attention of Italian cyber security must be maximum, but before shouting catastrophe because some site cannot be reached, let’s try to understand the causes and the attackers’ strategy.

