Sixty reports a day for intrusion alarms into IT systems in 2023. Over 3,600 assets at risk, 303 incidents detected in a panorama of 1,411 cases treated to counter the action of hacker groups. This is the scenario described by the National Cybersecurity Agency (ACN) in the 121-page report on activity in 2023. A decisive year «for strengthening the country’s cyber resilience through the protection of critical national assets with measures, tools and controls that can contribute to promoting a safe digital transition”, explain the Agency. The document is divided into seven chapters and begins with the results obtained by the Computer Security Response Team Italy (Csirt) in an increasingly complicated international context, with two ongoing conflicts and continuous cyber threats.
Mantovano: «The whole nation must fight cyber threats»
«Securing national interests in the cyber field – writes the undersecretary of the Prime Minister with responsibility for the Security of the Republic Alfredo Mantovano in the preface of the document – requires
high technical and strategic capabilities, which face the increasingly devastating use of technology by both state or semi-state entities that have interests opposed to ours, and by criminal gangs or individual hackers”. For Mantovano it is «a shared effort is essential, which brings together the best skills and resources of the Nation, and ensures the most adequate preparation for the cyber threats of today and tomorrow. The ability to react in the event of an attack must be strengthened and refined; at the same time, we work to increase the level of community resilience
as a whole”.
Frattasi: «Security synergy with private operators»
«We cannot stay behind in a constantly evolving technological landscape – comments the director of the ACN, Bruno Frattasi -, where the advent of disruptive technologies, such as artificial intelligence and quantum computing, is accompanied by the transition of a considerable amount of data, even sensitive, on cloud infrastructures. Protecting infrastructures and IT systems – continues Frattasi – requires constant monitoring of malicious activities, intervention in the event of an accident and the sharing of information regarding attacks and vulnerabilities”. And the prefect also recalls how «the Agency is helping to manage the cyber threat to protect national interests in cyber space, implementing institutional coordination capable of anticipating and responding to systemic threats. It also stands cultivating every possible synergy with operators
privatewith public administrations and with the world of universities, research and innovation, so as to promote, at all levels, an increase in the cybersecurity posture that contributes to reducing vulnerabilities and preventing any risks”.
DDoS attacks
«The majority of the events (248) were claimed by pro-Russian collectives – we read in the document -, while a pro-Palestinian group ran a single campaign with 15 DDoS attacks. The remaining DDoS events, not having been claimed, cannot be associated with specific groups or traced back to ongoing conflicts.”
The data: noticeably increasing reports and attacks
In the ranking of national infrastructures targeted, telecommunications are at the top, followed by central and local public administrations, transport, financial services, technology and energy. Few are against the defense and aerospace sectors. 56 ransomware actors and 265 hackers were then monitored. Furthermore, 584 phishing attempts were reported. Compared to 2022 there was an increase of 330.9% in reports and 29% in cyber events, with a +140.5% increase in incidents and +187.1% targets. Assets at risk increased by 374.3%.
«Private individuals do not report ransomware blackmail»
Precisely on the ransomware blackmail front, the Agency underlines how «the data represents only a part of the overall number of attacks that actually occurred, taking into account that the victims, often without know-how and dedicated internal structures – in particular the small and medium businesses (SMEs) – sometimes they do not report the event; this actually prevents
not only that it is publicly known, but also that due attention is paid to it by the institutions responsible for monitoring and combating the phenomenon. Even in the case of ransomware, in the vast majority of cases (84%) the victims belong to the private sector. As regards the corporate size of the affected private entities, approximately 23% of the ransomware events involved large companies, while in over 75% of the cases small (46.3%) and medium-sized companies (30.6%) were involved. . The manufacturing sector and the areas of Milan and Rome were most affected. Italy is the third most affected European country, but also the sixth in the world.
623 million euros from the Pnrr allocated for cybersecurity
On the prevention and investment front, 168.5 million euros were allocated specifically for cybersecurity, which were divided between the Ministry of the Interior (67.25 million), Defense (49.25), Carabinieri (39), financial police (7), Ministry of Justice (5) and Council of State (1). It is then described in the report Investment 1.5 «Cybersecurity», of the Pnrr of which the Agency «is the implementing body, with a budget of 623 million euros in order to improve the country’s defenses by placing cybersecurity and resilience at the foundation of the digital transformation of both the public administration and the private sector».
