Cyber ​​attacks on Italy from Russia, reaction to Prime Minister’s visit to Kiev

Listen to the audio version of the article

Russian cyber activists are angry with Italy for Prime Minister Meloni’s visit to Kiev and the promise of military aid for the war against Russia and are keen to let it be known: knocking down some institutional sites with Ddos attacks.
An attack of this type, Distributed denial of service, has been underway since this morning against a list of institutional sites associated with critical Italian infrastructures: Ministry of Foreign Affairs and Defence, Carabinieri, Bper bank, A2A (energy), interior site for the identity card, site of agricultural policies and of the Tim group, which hosts all the attacked sites.

Details about the attack

At the moment the impacts seem limited; the site of the Foreign Affairs and the Carabinieri is down. The defenders largely managed to parry the anomalous traffic spike launched by the attackers (this is how a Ddos works). However, the news has a more geopolitical-demonstrative than technical-practical value. He confirms that Italy is being targeted by pro-Russian activists who are always ready to take revenge for the support given to Ukraine, with cyber attacks. Now Ddos that have limited effect; in the future, who knows: the danger of critical consequences for Italian digital security is always lurking, as the National Cybersecurity Agency recently recalled. The claim is on the Telegram channel of the attackers, who are called NoName057. “Italy will provide Ukraine with the sixth military assistance package, which will include three types of air defense systems. As Italian Prime Minister Giorgia Meloni said during a press conference in Kiev, these are the SAMP-T, Skyguard and Spike anti-tank systems. Today we will continue our fascinating journey through the Russophobic site Italy🇮🇹” they wrote in numerous messages, each for a different attacked site. “Some attacked sites, such as that of the Bper bank, are accessible from Italy but not from abroad, for via a filter established by the National Cyber ​​Agency”, explains Igor Kranjec, senior advisor of international organizations such as the European Cyber ​​Security Organization (ECSO)-The filter ensures that in the event of Ddos attacks, traffic arriving from abroad on these sites; bad traffic (Ddos) as well as good traffic (of normal users), in the same way. Of Noname it is only known that it is one of the pro-Russia cyber activist groups that emerged in March 2022; they are known for Ddos attacks in many European countries and the USA. The most serious damage to sites of Lithuanian airports and institutions last year. The best known group of this type is Killnet. Only on February 12 did they carry out a Ddos attack against NATO infrastructure. According to the Telegraph, these attacks have also caused the interruption of contact between the organization and the military aircraft that are providing relief to the victims of the earthquake in Turkey and Syria.

The state of cyber

As far as Italy is concerned, the Cyber ​​Agency has already launched a continuous alert for Russian-phile attacks since 11 May. Not only Ddos but also ransomware that exploit system vulnerabilities for the purpose not of criminal ransom but of paralysis of the infrastructures of an enemy country. To date, there remains a risk that has not yet done substantial damage; companies and PAs in Europe and the United States have learned to improve their defenses, also thanks to the cyber threat that comes from war, as an IBM study reports today. Other data confirms this. Cybersecurity group Mandiant (of Alphabet) found a 15% drop in effective ransomware attacks in 2022 compared to 2021. CrowdStrike Holdings, another US cybersecurity firm, said it saw a decline in average size of ransom demands, from $5.7 million in 2021 to $4.1 million in 2022. Blockchain analytics firm Chainalysis Inc. says payments it has been monitoring for ransomware groups have dropped by 40% last year, for a total of 457 million dollars. This is 309 million dollars less than in 2021. A result that is also due to the experience gained up to now, as mentioned; but it must not make us relax; as IBM also reports, attackers are ready to change approaches to adapt to the new defenses. And the ongoing Russian war adds another attention factor to the mix.