NATO’s largest cyber defense exercise took place on April 24 in Estonia at the Cooperative Center of Cyber Defense Excellence (CCDOE) in Tallinn.
Around 4,000 representatives from over 40 countries are participating in the event called Locked Shields. “A series of challenges will be addressed that replicate the complexities of real-world cyber defense, including critical thinking, strategic decision making, legal aspects, crisis communications and strategic planning,” the CCDOE said on its site web. Ukraine is also taking part in the event, the Kiev media underline.
Ukrainian intelligence services accuse Russia of regularly employing cyberattacks against the country’s digital infrastructure. Major Ukrainian telecommunications provider Kyivstar was subjected to a massive cyberattack in December 2023.
In Rome, the Annual Report to Parliament of the National Cybersecurity Agency (ACN) reported that in 2023, 1,411 cyber events were recorded in Italy, with an average of approximately 117 per month and 303 confirmed incidents.
The document (see the video of the presentation at this link) was presented during a press conference which took place at Palazzo Chigi. In particular, in 2023 the CSIRT Italia (Computer Security Incident Response Team) dealt with 1,411 cyber events, for an average of approximately 117 per month, with a peak of 169 in October.
Of these, 303 were classified as incidents, for an average of around 25 per month. “These are growing numbers – explained the general director of ACN, Bruno Frattasi -, not only in Italy but also in the rest of Europe and the world. Alongside the growth in attacks, however, there is also a growth in the capacity of the National Agency”.
Through its technical-operational structure, the CSIRT Italia, the National Cybersecurity Agency has monitored the evolution of the threat, characterized “increasingly by ransomware and DDoS type events” but also by the “spread of malware via e-mail and phishing” and “aimed at various public entities as well as companies active in the most disparate sectors (first and foremost telecommunications, transport and financial services)”, is explained in the report.
Furthermore, last year there were 3,302 Italian subjects targeted by cyber events identified by CSIRT Italia, compared to 1,150 in 2022. The increase in the number of assets at risk is “attributable – we read in the report – to the increase in monitoring capabilitiesACN, which now allow us to identify, in addition to potentially compromised assets, also potentially vulnerable ones.” Due to cyber activism related to ongoing conflicts, there has been a significant increase in DDoS events.
In fact, 319 DDoS (Distributed Denial of Service) events were detected in 2023, with an increase of 625% compared to 2022. These are events that aim to compromise the availability of a system by depleting its network, processing, or memory resources.
“The most immediate effect of this type of attack – it is explained in the document – is the unavailability of the affected site or service”. According to the report, the majority of such events (248) were claimed by pro-Russian collectives, while one pro-Palestinian group conducted a single campaign with 15 DDoS attacks. “The remaining DDoS events, not having been claimed – reads the report – cannot be associated with specific groups or traced back to ongoing conflicts”.
Even in 2023, ransomware was the most significant threat, especially given the impact it has had nationwide. 165 events directed towards private operators and PAs were observed, with an increase of 27% compared to 2022.
As regards the Public Administration, in 2023 the ACN managed 422 cyber events against national public institutions, an increase compared to 2022, when there were 160. Of these events, 85 were classified as incidents (in 2022 there were 57) and have in most cases caused the malfunctioning of systems and blockages or slowdowns in the provision of services.
Considering the frequency and impact (an average of more than one incident per week) of the different types of events, according to the report, it emerges “how in 2023 DDoS was the most frequent phenomenon against public institutions, followed by the exploitation of vulnerabilities and phishing”.
A change compared to 2022, when the main threat in the Public Administration was ransomware, followed by DDoS. A chapter of the report, then, is dedicated to international cooperation.
Frattasi explained that the National Cybersecurity Agency has further strengthened its international relations both bilaterally and multilaterally. Then the director of the ACN focused on the G7 meeting with the other heads of the agencies which he will hold on May 16th.
“We will begin to talk about common problems and strategies on a global level to combat the cyber threat, hoping that it will be a permanent group,” underlined Frattasi. For the undersecretary of the Presidency of the Council, Alfredo Mantovano, who spoke at the press conference, we need to “improve our protection capacity with respect to attacks, legislation and instruments in force. On this front – he added – the government is intensifying, through the Agency, resources and discussions with the various public administrations. It’s not an easy job.”
(Sources CCDOE and Italpress)
