Spies, Criminals And Hacktivists: The Cybernetic Threat In The Annual Report Of Italian Secret Services

In 7 months, the Italian Csirt handled 3,500 serious cyber incidents. The attackers took advantage of the pandemic and the economic juncture to target banks, telecommunications, industries and health centers. But Italy is better prepared than you think

by Arturo Di Corinto

Arturo Di Corinto
Mar 2 · 6 min read
Grande Rosso — ALberto Burri, Città di Castello 1915, NIzza, 1995

Hackers hit hardest during the pandemic. And they did so above all to the detriment of the PA, banks and telecommunications. This is the first fact that catches the eye when reading the report of our secret services on the cyber threats that loom over Italy.

The report, produced by DIS (Intelligence System for the Security of the Republic ), Aise (ExternalIntelligence and Security Agency) and Aisi (Internal Intelligence and Security Agency) for the Italian Parliament, obviously does not speak only of this, but provides a fairly detailed examination of the dangers represented by organized crime, jihadist terrorism, illegal immigration, extremists and subversive right and left. with the whole picture of threats to the national economy, including regional crises.

THE NUMBERS OF THE THREAT
But let’s focus on the cyber threat that has an entire attachment to this dedicated: the National Security Document 2020.
Here we read that in 7 months the Italian Csirt (Computer Security Incident Response Team) received 25,845 reports, managed 3,558 computer incidents, 117 critical, and 273 serious vulnerabilities. An average of 17 accidents per day. To understand the extent of the problem we must think that every day seventeen companies, organizations, “relevant” public entities that voluntarily notified the news of the attack, were prepared and helped to contain and minimize the incident.

It is not clarified in the report, but from qualified sources we learn that a few dozen of these would have come to the attention of the Cyber ​​Security Nucleus going up the hierarchical chain up to the Prime Minister. These are realities that provide essential and strategic services to the country, which affect a large number of users, and which are the basis of the normal daily activities of many Italians: transport, communication, health, work, business. Numerically they may seem few — when compared to the numbers of the cyber pandemic to which the reports of cybersecurity companies have accustomed us — but they are numbers that no one had officially provided before in a report by the Services. And who knows what will happen when reporting becomes mandatory under the Cyber ​​Security Perimeter law.

SPIES, CRIMINALS AND HACKTIVISTS
The report highlights how a series of actors “exploited, in the pandemic period, the massive use of agile work and the consequent accessibility from the Internet of digital resources of Ministries, companies with strategic roles and critical infrastructures”, making them the target of state-based campaigns , criminal or hacktivist.

Among the privileged targets there were several “Dicasteries and other State Administrations, against which there was an intense campaign for the spread of malware”.

The analysis of these cyber attacks relevant to national security collected by Intelligence revealed a general increase in attacks (+ 20%), which mostly concerned the IT systems of public entities (83%, an increase of 10 percentage points compared to 2019) in particular the local administrations (48%, a value up by more than 30 percentage points compared to the previous year), together with the Ministries holding critical functions (+ 2% in the comparison year on year).

On the other hand, the hostile digital actions perpetrated against private subjects mainly affected the banking sector (11%, up by 4 percentage points compared to 2019), the pharmaceutical / health sector (7%, more than last year) and services. IT (11%, almost stable figure).
Conversely, a reduction (-7%) was recorded in the number of “state-based digital projections” read “state hackers”, against a similar increase in episodes with an unidentifiable matrix (+ 6% compared to 2019), which it could be the result of a greater commitment by the attackers themselves to cover up these clandestine actions.

The data on the types of attacks detected in 2020 confirmed the predominant use of SQL Injection techniques to violate the IT infrastructures of the victims (60% of the total), following an initial phase of observation of the target’s technical vulnerabilities thanks to activities scanning of networks and systems. Spear-phishing campaigns (0.3%), to carry malicious software, such as Remote Access Trojan-RATs, used to acquire remote control of compromised resources, are numerically reduced, but of great results when they succeed.

Furthermore, Ransomware attacks have involved targets of national importance, both in the healthcare sector and the Made in Italy industry, exploiting for infection new connection methods activated for smartworking: a collection of strains and criminal gangs like Agent Tesla, Emotet, Netwalker, Sunburst, which have paralyzed companies such as Geox, Luxottica, Campari Group, Enel and many others.

ESPIONAGE AND APT
The “Sector” (“Il comparto”, in italian), that is the whole of our local intelligence, has also detected important campaigns for espionage purposes. Few (2.5%), but characterized by difficult identification, represent the most insidious for the country system, in terms of exfiltrated information, loss of operations and competitiveness, as well as expenditure of economic resources for their mitigation. The authors are defined Advancend Persistent Threat (APT) for the ability to infiltrate the productive and financial systems and after squeezing the information, they tend to sabotage, block or exchange it with other actors financed by rogue governments.

In this context, the report says, “the campaigns aimed at Ministries and primary national providers of electronic communications services, conducted through highly structured digital actions and with the use of sophisticated techniques and tools, seemed to be of absolute importance”, but also towards operators of essential services in the energy sector for which our cyber-guards have used many contrasting resources as in the case of the digital attack on the supply chain of the Texan company SolarWinds, due to the potential impact on national networks and systems whose scope is not yet clear to anyone.

FAKE NEWS AND DISINFORMATION
Finally, in regards to the hybrid threat — which affects the diplomatic, military, economic / financial sectors — there has been an attempt to poison the public debate through disinformation and / or influence activities, in the context of broader campaigns: “It is a very high production of fake news and alarmist narratives that was recorded, resulting in an information surplus (so-called infodemic) that is difficult for the community to discern”. There is also something for social networks: “The intrinsic risk factor in the phenomenon of online disinformation has continued to reside in the logic and algorithms underlying the very functioning of social media, tending to create a self-referential and self-feeding environment, based on sharing of the contents and relationships of interest which, by polarizing the available information, thus feeds its partial and biased perception ”.

Behind the apparently harmless “hoaxes” therefore, explains the Intelligence, there are state actors who mix disinformation campaigns and cyber attacks, to transform the pandemic into a long-term strategic advantage by influencing public opinion and national decision-making processes, as well as to damage our economic assets.

THE NATIONAL CENTER FOR CYBERNETIC SECURITY
Finally, ample space in the National Security document is given to the whole of the work carried out by the Sector, especially to get to the “Cybernetic National Security Perimeter” which obliges the operators of vital services for the country to comply with stringent security measures, the notification of accidents, the regulated purchase of ICT goods and services, for networks, information systems and IT services used by subjects included in the Perimeter.
But the report talks extensively about the whole process of strengthening the italian national cyber security architecture adjacent to the “Perimeter”, namely the implementation of the European NIS Directive; the security of 5G networks (with the national regulation on Golden Power and the European guidelines for the procurement of 5G technology from non-European suppliers); the activities of the Cyber ​​Security Nucleus and the CSIRT. To which we can add the awareness, communication and training activities carried out by the sector together with companies, media and universities.
With a final card that will have to be examined by the competent authorities as soon as possible and which concerns the creation of the National Center for cyber security. Boycotted by center-leftist parties Italia Viva and the Democratic Party during the previous government, it will have to be ready by the end of the year.

Note: Italy’s Intelligence System for the Security of the Republic is the collective name given to the authorities and organizations responsible for intelligence policies, intelligence coordination and intelligence operations. The Security Intelligence System includes:

Digital Diplomacy

Tech, digital, and innovation, at the intersection with policy, government, and social good.

Sign up for We Are Digital Diplomacy

By Digital Diplomacy

Focus on technology, government, foreign policy and anything in between. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Digital Diplomacy

Tech, digital, and innovation, at the intersection with policy, government, and social good.

Arturo Di Corinto

Written by

Teacher, journalist, hacktivist. Privacy advocate, copyright critic, free software fan, cybersecurity curious.

Digital Diplomacy

Tech, digital, and innovation, at the intersection with policy, government, and social good.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store