The cyber attack against the Lazio Region, which blocked all regional digital services including those related to the vaccination campaign, highlighted a problem that experts have already known and serious for some time: computer crimes against institutions, companies and private individuals have been on the rise for several years, and many countries, including Italy, are not fully prepared to deal with them.
On Tuesday, the Minister of the Interior, Luciana Lamorgese, reported to the Parliamentary Committee for the Security of the Republic (COPASIR, the body of parliament that oversees the activities of the intelligence services) about the attack against the Lazio Region. In a statement released by the COPASIR president, Adolfo Urso, it was reported that Lamorgese spoke of a “resurgence” of the phenomenon of cyber attacks, which have increased in recent months in both the public and private sectors. Lamorgese added that the region's computer system was “vulnerable” to attacks.
Detecting the progress of crimes and cyber attacks is a rather complicated matter, both because the case history is extremely varied, in terms of type and quality of attacks, and because in some cases they are not reported, especially when they affect individuals or small companies. In any case, whatever criteria you want to use, it is quite clear that their number is growing sharply in Italy and in the world.
In the world
The Clusit 2021 report, produced every year by the Italian Association for Information Security, focuses on “serious attacks in the public domain”, that is on those that, all over the world, have had “a systemic impact in every aspect of society, politics, economics and geopolitics”: in practice, broad-based attacks, like many of those mentioned in the press international in recent months. These attacks, according to the report, increased worldwide by 12 percent between 2019 and 2020. 81 percent of the total were for criminal purposes, the goal being to extort money or data from victims. economic value.
One of the categories of cyber attacks in the greatest increase is that carried out through ransomware, that is, malicious software that blocks the data and systems of the victim with the aim of obtaining a ransom (ransom, in English) to unlock them: it is the type of attack that hit the Lazio Region.
Chainanalysis, a cryptocurrency analytics company, has calculated that between 2019 and 2020, the amount of ransomware paid ransomware worldwide increased by 341 percent from $ 93.4 million in 2019. to 412 million in 2020. Chainanalysis only considers payments in cryptocurrencies, so the actual figure could be slightly higher, even if cryptocurrencies are by far the most used payment method in these cases.
The rise of these types of attacks has long worried authorities around the world. In June, Christopher Wray, the director of the FBI, told Congress that “when you look at ransomware alone, the total amount of ransom payments has tripled over the past year, and we are investigating 100 different types of ransomware. “. For Wray, cybersecurity is becoming a major issue facing the FBI: “We think cyber threats are growing almost exponentially,” he said.
In Italy
As Lamorgese told COPASIR, also in Italy the quantity – and, as the director of the postal police Nunzia Ciardi pointed out in a recent hearing in the Senate, the quality – of cyber attacks is on the rise.
According to the National Cybercrime Center for the Protection of Critical Infrastructures (CNAIPIC), an organization of the postal police, the number of attacks against critical infrastructures in Italy, i.e. companies that provide services, have more than doubled in a year, passing from 239 attacks in 2019 to 507 in 2020.
Il Sole 24 Ore on Wednesday published more recent data concerning all types of cyber attacks against individuals and companies and estimated that, considering the trend of the first half from 2021, this year the number of attacks could grow by 50 percent compared to to 2020.
The cybersecurity company VMWare instead published a report at the end of June in which it interviewed 251 cybersecurity experts employed by Italian companies: 85 percent of the respondents said that their company has suffered a breach in the last 12 months, and 71 percent said attacks are on the rise.
What is being done
In Italy and in Europe the legislation for IT security is quite advanced: again in December 2020 the European Commission published a new strategy on cybersecurity which aims to increase the capacities of member countries to prevent and block future attacks, and possibly to respond in case they come from another state.
The problem is that in many countries, such as Italy, the implementation of the rules is slow and cumbersome, and this leaves ample room for action to cybercriminals, both publicly and privately, where the presence of many Small and medium-sized companies that cannot afford to make large investments in cybersecurity further complicate the situation.
The attack on the Lazio Region, and the media attention it has received, could help eliminate some blocks. For example, on Tuesday the Senate definitively approved the creation of a National Cybersecurity Agency, that is, a new specialized body managed by the government that will bring together dozens of cybersecurity experts from the DIS (the Department for Information Security ) and by the AISI (the Internal Security Agency). According to Repubblica, the new agency should start work already at the end of this week: the government is working on the implementing regulations of the new agency and could appoint its director in the coming days.
