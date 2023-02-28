For non-experts, it is necessary to specify that the annual report published by our intelligence apparatuses offers, within the limits imposed by the constraint of confidentiality, a summary of the information analysis activity carried out by them with the aim of protecting the security of the our country. Our intelligence works to protect the country’s political, military, economic, scientific and industrial interests from threats of various kinds.

The Information security policy report for 2022 obviously it cannot fail to cover the cyber threats that are so much discussed and which prove to be increasingly sophisticated and persistent. The first element highlighted by the report is the impact of the geopolitical context in the current panorama of cyber threats which has brought the alert to the highest levels for fear of attacks that could affect the country’s critical infrastructure.

In recent months, cyber-espionage activities carried out by state actors, mainly Russians, have constantly threatened our country’s strategic infrastructure. The current cyber conflict is also characterized by numerous operations carried out by groups of pro-Russian activists who have repeatedly targeted private companies and state bodies in recent months. According to the report, the majority of attacks affected private individuals (56%) with a growth of 32 percentage points compared to 2021. Italian companies are increasingly exposed to threats, especially in the sectors of digital infrastructure/IT services, transport and banking.

The Central Administrations of the State and the IT infrastructures attributable to local authorities and health facilities, affected in 43% of cases, are certainly not doing better. Referring to the attack techniques used, the report highlights how the attackers have often preferred sophisticated products easily available in the criminal underground to sophisticated malware. In this way the attackers abandon distinctive tools of their own operations to make the attribution complex, and in many cases to significantly reduce the preparation phase of the offensives. A positive note is the reduction to 18% of attacks in which they were unable to attribute them to a specific actor, this thanks to the increased detection capabilities developed by our intelligence agencies. However, the percentage is still high, as many as one attack out of five does not have a certain responsible and this is also thanks to the increased level of complexity of the same.

Who attacked Italy and why? 47% of attacks can be traced back to cybercrime, while about one in four attacks (26%) can be traced back to espionage campaigns coordinated by state actors.

“The improved attribution capacity acquired by Intelligence and the wider recourse by state or “state sponsored” actors to tools also used by criminal groups has made it possible to detect a significant growth in attacks of a criminal nature, amounting to 47% of the total (+33 percentage points compared to 2021).” says the report. “The significant increase in actions aimed at identity and/or credential theft (at 53.5%, up by almost 48 percentage points), put up for sale on dedicated portals and forums, is directly connected to the increase in criminal actions of the dark and deep web.”

“As regards the results of hostile actions, there has been a significant prevalence of offensives aimed at inhibiting the provision of services, through the use of digital weapons capable of eliminating data and programs present in the systems of target devices, making them unusable ( about 31% of the total, up by 30 percentage points compared to the previous year), followed by actions functional to subsequent attacks (down to 11%, with a difference of about 30 percentage points compared to 2021). Directly connected to the increase in actions of a criminal nature is the significant increase in actions aimed at theft of identity and/or credentials (at 53.5%, up by almost 48 percentage points), put up for sale on portals and forums dedicated to the dark and deep web.”

The report also draws attention to the potential impact of hybrid threats which are sometimes used by foreign governments to destabilize the country’s political and social environment.

The alert is highest for activities attributable to Moscow as well as Beijing, we are aware that the phenomenon is intensifying and intelligence experts are certain of the increase in disinformation campaigns against NATO countries and Italy in the coming months. The report also reports the activities to enhance the capabilities to combat the threats described which complement the information collection with additional proactive/counter-offensive defense capabilities

It explicitly refers to “measures aimed at reacting to cyber attacks perpetrated against critical national infrastructures through symmetric actions of neutralization of the hostile source (so-called counter-attack). The possibility of carrying out proactive/counteroffensive defense activities has therefore required an integration of the current provisions through the adoption of an ad hoc legal instrument which, adapting itself to the peculiarities of the cybernetic domain, allows such actions to be carried out in an adequate framework of guarantees and in compliance with the principles that inform the action of the Intelligence.”

For further details, I suggest reading the report full of food for thought on the work of Italian intelligence.