Cyber attacks on the Italian Public Administration, after the episodes against the Lazio Region and, yesterday, the Lombardy Region, are destined to increase. An increase that will be significant because “on the one hand it is attributable to the simplicity of finding the necessary technologies and on the other to the competitive and geopolitical use”. And to defend oneself it is necessary to structure the defense in a more proactive and predictive way. This was stated by Pierguido Iezzi, founder and CEO of Swascan, the cybersecurity company of the Tinexta Group, contacted by time.news after the attack on the Lombardy Region thwarted by the cyber team of Aria Spa, the regional in-house company for innovation and purchases .
The attempt of yesterday’s criminal hackers against the Lombardy Region took place through the Ddos, Distributed Denial of Service, a type of attack that aims to make access to services on the internet unavailable by users, by ‘bombing’ sites with connection requests. Ddos attacks, as revealed by a Microsoft Azure report, are on the rise. In the first half of 2021, compared to the fourth quarter of 2020, the average daily number of attacks increased by 25%. 76% of these attacks have the ability to interrupt services for 30 minutes, while only 2% can last between 4 and 10 hours, as in the case of the Lombardy Region.
Furthermore, according to a Cloudflare report, DDOS attacks targeting government administrations and their web services increased by 491% between Q1 and Q2 2021. With government becoming the second most targeted sector. from Ddos attacks after that of consumer services. “This should not be surprising – emphasizes Iezzi – but it should be of concern, if we consider the digital transition that the Public Administration is promoting, depending more and more on the network for its services to citizens and which will undergo further acceleration through the PNRR”.
Lazio and Lombardy, then, “are among the main Italian regions from a political and economic point of view, consequently potentially privileged targets and always ‘attention’ especially from the cybercrime world”. Attacks by criminal hackers “do not always have economic objectives, such as ransom, but they can have the purpose of espionage, terrorism, antagonism or protest”, explains the CEO of Swascan. “We are therefore talking about attacks that enter the sphere of geopolitics and the more complex scenarios of asymmetric warfare. This requires institutions and security operators to share not only prevention policies, but also knowledge and information to raise the level of competence with respect to these phenomena “, he continues.
“The proactive and reactive Cyber Incident Response Team of Aria Spa demonstrated during this event that it has paid particular attention to the components of Preventive and certainly Proactive Security”, underlines Iezzi. “Two essential layers of the corporate Cyber Security Framework but increasingly it will also be necessary to equip oneself with predictive security skills, technologies and processes starting from Threat Intelligence services”. Activities that have “an important role in order to be able to determine exposure to cyber risk ‘by playing in advance’, identifying the presence of information such as vulnerabilities, compromised emails, botnets, episodes, social, economic, political context directly and indirectly related to the target of interest that publicly and semi-publicly available (web, dark web and deep web) can identify potential attack vectors and threats in advance “, he continues.
In any case, concludes Iezzi, “it is important and essential not only not to let our guard down, but to start a process of sharing this information at the level of public institutions, one of the many tasks of the new National Cybersecurity Agency”.