Saturday, May 11, 2024

Vogon Today

Selected News from the Galaxy

StartMag

All the IT troubles of the Lazio Region. The opinion of the experts

3 years ago babelfish

All the IT troubles of the Lazio Region. The opinion of the experts

This is why cybersecurity analysts are not of the same opinion as the president of the Lazio Region, Zingaretti, who spoke of "terrorist attacks".

Since 1 August they are in progress on the computer network of the Lazio Region , the last occurred during the night. The hacker knocked out the Region's website, that of the Regional Council and the booking portal for vaccines against Covid-19.

What is ransomware

Responsible for the attack is a cryptolocker ransomware , a type of information virus that restricts access to files and functionalities on the device it infects and takes control of it. Malware usually – experts explain – requires a "ransom" to be paid to remove the limitation and resume all functionality. Ransomware is a code that installs itself on the computer when an infected file is downloaded and that encrypts all the contents it encounters with an encryption. The ransomware responsible for the attack on the Lazio Region went so deep that, in addition to the data, it also encrypted the backup , the reserve copy . By restarting the system there is the risk of losing everything and the Postal Police could not even open the communication of the hackers with the request for the ransom that always accompanies this kind of blackmail.

The attack that comes from abroad

According to the experts of the Postal Police, the attack that targeted the Ced (Data Processing Center) of the Lazio Region comes from abroad . At the moment, the geographical area from which the malware that infected the regional servers originated has not yet been circumscribed . It is the first step in the investigations that the postal police are carrying out in coordination with the Rome Public Prosecutor's Office. Agents are also investigating the request for a large bitcoin ransom . According to the first surveys, there would not have been a transfer of health data , even if the pirates would still have come into possession of various personal data. The IT infrastructure concerning the budget and civil protection would not have been touched.

Fabio Ghioni: "No terrorist action, perhaps the carelessness of an employee"

The president of the Lazio Region, Nicola Zingaretti, spoke of a terrorist attack ("At the moment we are defending our community from terrorist attacks. Lazio is the victim of a criminal offensive, the most serious ever on our national territory" .) but the IT experts disagree. “It is an act of hacking, but there is no terrorist action behind it , no geopolitical interest, no desire to sabotage the institutions. No Vax or Covid have to do with it ”. This was told to AdnKronos by Fabio Ghioni , an expert in IT security and unconventional technologies, "king of hackers", former head of the Telecom Tiger Team involved in the Simsi-Telecom scandal but unscathed. “ It can happen to anyone and the postal police are perfectly aware of this phenomenon . Probably the inattention of an employee caused all this, ”continued Ghioni. The virus used would be “ a malware that hackers from Morocco, Tunisia and Algeria have been using since 2007 with a request for money . Since 2015, ransoms have been requested in bitcoin. This virus encrypts the contents of the PC and has no unlock key: even those who pay can then no longer unlock anything ". The infection could have occurred during unauthorized navigation from a PC in the Region. “ Browsing for example on a porn or gambling site , you involuntarily click on a popup with malware inside and that's it – continued the expert -. Furthermore, it is also possible to install it unintentionally by downloading a free program from some sites or by clicking on a link received in the mail from an email that appears to be that of a friend or your bank but is actually spam. Public employees should take a course not to go to certain sites and to know how to behave on the web ”.

Barberio: “Terrorist attack? Only Zingaretti says it "

Even for Raffaele Barberio , founder of Key4biz.it , an information portal on the digital economy and technology, it is not a question of terrorism. "None of the institutions in charge of surveillance and defense against acts of terrorism have said anything," said the president of Privacy Italia and director of the International Cybersecurity Observatory . “If Zingaretti were right it would be a very serious fact that would jeopardize the entire national community – continues Barberio -. But Zingaretti tells us nothing about the source of his information and insists on spreading terror on matrices that could inevitably be of various kinds. Arab fundamentalism? Foreign armed forces? Armed nationalist groups from other countries? Tell us…. ". There are also doubts about the geographical origin of this attack. “Zingaretti tells us that the attack comes“… from a foreign country… ”, indeed from Germany – continues the director Barberio in his editorial -. But who has ascertained it and how can you ascertain with certainty the geo-referenced origin of an attack in such a short time and in a reliable way? ".

The law establishing the National Cybersecurity Agency

Barberio stresses that the attack took place “ in the days when the act establishing the National Cybersecurity Agency is being converted into law, an important act to make the country and its data more secure”. And the fear is that the climate of fear generated by the cyber attack on the Lazio servers "serves to legitimize procedures in derogation from the ordinary tender plans for the Public Administration Cloud " because "there is no emergency and procedures of the national Cloud must proceed as planned, to ensure the State control of citizens' data ". At the moment, the Security Information Department, the top of Italian intelligence, is (and will be until the Cyber ​​Agency comes into operation) the competent body to coordinate activities aimed at protecting against cyber attacks. “ If there was the Agency, would it have happened anyway?Asks Umberto Rapetto general on leave from the Guardia di Finanza and professor at the University of Genoa

Giustozzi: "I confirm criminal attack"

Corrado Giustozzi , one of the leading Italian cybersecurity experts, also states that the risk of terrorism does not exist. "I confirm the ransomware and I confirm that the attack is purely criminal: nothing ideological, no novax or anonymous as someone wrote – says Giustozzi -. Pure and simple ransom note. Furthermore, the ransomware was inoculated directly on the systems through a surgical intrusion on a PC from which it was escalated. No phishing or social engineering emails: it was an attack on machines and not on people , made with the help of someone who knows the systems of the Region well ”.

An attack with an economic purpose

No terrorism but a request for money, indeed bitcoin. The lawyer Stefano Mele , expert professionals in ICT matters, is also convinced of this. “This is a criminal attack with a purely economic intent – says the lawyer Mele , partner of the law firm Gianni & Origoni, to Formiche.net -. It is a very serious criminal attack , which confirms a trend that sees the healthcare sector as the privileged target of cyber attacks since last year ”. The jurist also recalls that in April 2020 the news of a meeting of the Cyber ​​Security Unit, chaired by the Deputy Director General of Dis Roberto Baldoni , was made public, following some cyber attacks against Italian hospitals (San Raffaele di Milano and Spallanzani di Milano). Rome).

Ransomware lockbit 2.0: the ransom hypothesis

The ransomware used should be of the type Lockbit 2.0. Matteo GP Flora , Adjunct Professor in Corporate Reputation at the University of Pavia , Founder of the Leading Company of Digital Reputation , on Twitter ensures that with that type of virus the request for bitcoin is automatic. Furthermore, the attack was perpetrated on the Ced of the Region, managed by an external company. Therefore the economic request would not have been directed towards the Region.

96% of PA computers at risk

The minister for digital transition and digital innovation Vittorio Colao on unsuspecting times had said that 96% of public administration computers are at risk . “A data that makes you think – says Stefano Zanero , professor of IT security at the Politecnico di Milano, at Fatto Quotidiano -. However, let's not forget that, in 2017, the entire British health system (NHS) was brought to its knees by the “WannaCry” malware. I would add that health care is in itself a particularly exposed and difficult system to defend. There are many connected users and therefore the access doors are numerous ”. Yet the data present in the Italian health system should not be particularly attractive for economic purposes. “In Europe and Italy limited , in the United States higher given the role that insurance has in the health system – continues prof. Zanero -. When an economic component is entered into the system, the price rises. For an insurer, having confidential information on the state of health of those who have to subscribe to a policy is, of course, a "wealth". This does not remove the fact that, everywhere, there may be a personal discomfort in knowing that someone has knowledge of my health conditions, regardless of whether they are healthy or not ".

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/tutti-i-guai-informatici-della-regione-lazio-ecco-il-parere-degli-esperti/ on Tue, 03 Aug 2021 12:27:36 +0000.