(by Giuseppe Gorga, Aidr partner) Attacks on the IT networks of companies and public bodies are increasing. Recent sensational case, is that of the attack on the Lazio Region at the beginning of August 2021. CIA and Europoll are also investigating
Managing the risk of cyber attacks is not always simple, as cybercrime evolves skills and abilities at the same pace as the innovation of integrated systems for the protection of virtual databases and IT systems. In fact, a recent emblematic case is represented by the hacker attack on the Lazio Region in early August of the current year.
According to initial rumors, the attack that paralyzed the computer systems of the Lazio Region allegedly originated from the computer of an employee of the Engineering company. Engineering's denial came immediately through a note through which the Company made it known that it had not received any notification from the investigators regarding possible links with the event, and that if something different was highlighted during the checks , they will notify the competent authorities themselves. In any case, Engineering is not involved in the episode, and was not even in charge of the cyber security of the Lazio Region.
The FBI and Europol also collaborate on the case. The attack started on the regional CED. The computer systems have all been deactivated, including all those of the Lazio Health portal and the vaccination network. The CED manages the health and personal data of about six million citizens and the information systems that allow the regional coronavirus vaccination campaign to be carried out. After a few days of suspension, the Lazio Region system for booking vaccines has been restored, but the alert remains for any new attacks. It seems that the "cryptolocker" used has also rendered the data in the backup unusable, and that the Lazio Region is only the fourth party involved in this attack. According to other sources, it seems that the access took place during an administrative session left in log-in by an employee of Lazio Crea, therefore it seems to have been a ransomware attack, also called "supply-chain". Analysis of the Tor link left by the criminals revealed that the malware is RansomExx. It is employed by a cybercriminal group already known for violations of several Governments and large companies. It seems that the computer of the Frosinone employee from which the attack started was infected with malware. Due to privilege management errors or passwords in the Region, it is very likely that it was possible for cybercriminals to switch from the employee's computer to accounts with administrator privileges, with which to encrypt the system. In fact, by exploiting these vulnerabilities, or in the presence of system security design errors, it is possible to obtain access privileges and control the data held (Nevacci, 2021).
In the present case, it was not an ideological attack (given the involvement of vaccination data, it was assumed that it was promoted by the "no-vax" current) but, rather, a purely extortion attack , with the sole objective of obtaining an economic advantage. The prosecutor of Rome formulated for these episodes the crimes of abusive access to a computer system, attempted extortion and damage to computer systems, with the aggravating circumstance of the purpose of terrorism. The investigations are coordinated by the chief prosecutor and top of the cybercrime pool, Michele Prestipino and the deputy prosecutor, Angelantonio Racanelli, engaged in the fight against terrorism-related crimes.
The Minister of the Interior Luciana Lamorgese also intervened immediately on the case, speaking on the occasion of a speech at Copasir about the "resurgence of the phenomenon, which in recent months has affected both public and private activities" and noted "the need to act urgently to raise the level of security, the resilience of IT systems and the education of operators ".
The maintenance of suitable IT security standards is generating a growing need for e-lawyers and IT experts, as fundamental profiles for the protection of IT portals, the protection of sensitive data and the resolution of any disputes. (Lupària & Ziccardi, 2007).
In the wake of the need for these new skills, professional training offers have recently increased in Italy that aim to create expert figures in IT security management. The birth of new training offers represents a response model necessary to give to the requests arising from the recent events and the regulatory devices mentioned here, since they participate fully in the formation of essential profiles for the solution of the problems that arise recurrently. in the field of information security. Therefore, it will be necessary for political decision-makers, both national and extra-national, to activate measures that encourage professional training bodies in the IT security sector.