Cyber ​​attack Lazio Region: who did it and what are the damages. Comments and analysis

Cyber ​​attack Lazio Region: who did it and what are the damages. Comments and analysis

The facts and comments of the experts on the cyber attack on the Ced of the Lazio Region

It was defined by the Lazio Region as the "most powerful" cyber attack ever on an Italian infrastructure.
The hacker attack has been in progress for at least 24 hours, which has targeted the Ced of the Lazio Region which has also deactivated those of the Lazio Health portal and the vaccination network. According to the investigations that the postal police are carrying out in coordination with the Rome Public Prosecutor's Office, the attack comes from abroad.
Press sources reported yesterday that it was a ransomware, a virus that blocks computer systems by encrypting them and demanding a ransom in Bitcoin.
Agents are also investigating the request for a large bitcoin ransom.
At the moment, bookings for the vaccine in Lazio are still blocked. The hackers – still inside – would have managed to infiltrate the system by entering the profile of a network administrator and activating the so-called 'cryptolocker', which encrypts the data. Therefore, all the files of the Data Processing Center would be blocked.
According to Ansa , the hackers who attacked the Ced of the Lazio Region would not have had access to the health history of the millions of citizens who are included in the database of the regional health system. It is learned from qualified security sources according to which the attack, as regards the health part, hit the Cup booking system and the vaccination booking system. There would not have been a transfer of health data, even if the pirates would still have come into possession of various personal data. The IT infrastructure concerning the budget and civil protection would not have been touched.
Here is the opinion of the experts on the ongoing hacker attack on the systems of the Lazio Region.

“I confirm the ransomware and confirm that the attack is purely criminal: nothing ideological, no novax or anonymous as some have written. Pure and simple ransom note. Furthermore, the ransomware was inoculated directly on the systems through a surgical intrusion on a PC from which it was escalated. No phishing or social engineering emails: it was an attack on machines and not on people, done with the help of someone who knows the systems of the Region well ", commented one of the leading cybersecurity experts in Italy, Corrado Giustozzi .


"Based on the evidence we have collected, circumstantial evidence and to be verified over the minutes, since the investigators do not unbutton themselves, the suspected ransomware would be of the Lockbit 2.0 type" specifies Arturo Di Corinto on Repubblica . In other words, it is "an updated version a few weeks ago of the Lockbit malware, currently the fastest and most dangerous among those that are sold on the Darkweb according to the" as a service "mode, that is, as legitimate software, paid by the module or by consumption, a kind of rent for the criminal instrument ".


"However, the attack would not only concern the Region and the vaccination reservation systems but various Italian companies" adds Di Corinto. “And it would have started from one of these last June. It would be a large Italian IT company that manages many activities related to digital health in full outsourcing, ie an external company whose operators have administration privileges on information systems, such as regional ones. Operators who, according to rumors, are themselves under attack together with their entire company, so much so that they have to reset their email accounts and activate two-factor authentication, the one with two passwords to understand each other. It would not therefore have been a targeted attack on the regional health system ”, points out Repubblica .


“I read more or less delusional comments on the“ powerful cyber attack ”on the systems of the Lazio region. Overlooking the fact that no one competent in the matter would ever say "powerful attack", and that computers do not go "haywire" because they are not pinball machines, some scattered considerations ", wrote on Twitter Stefano Zanero, professor in the Department of Electronics, Information and Bioengineering at the Milan Polytechnic.


“For those who do not have a short memory, some considerations are spontaneous. The first: we are considering the services of a software system that has remained without CE marking, a defense that could well have protected citizens from this accident. The second: maybe that server falls within the category of that 95% of those declared by the same Minister Colao as "unsafe"? The third: is it possible that every time there is a tilt of the PA's computer systems, the announcement is limited to talking about a – this time powerful – "hacker attack"? " Stefano Gazzella commented on Infosec, the newspaper whose editorial director is Umberto Rapetto.

“And finally: where are the elements necessary to compose a valid communication to the interested parties required by art. 34 GDPR since there is no doubt that there has been a data breach with (at least) a temporary loss of data availability? Of course, hopefully that of the Ministry of Justice relating to the data breach of the bar exam will not be taken as an example ".


“Anyone can be the victim of ransomware attacks: from family-run micro businesses to enterprise-level companies or public bodies. Today it was the turn of the Lazio Region ”highlighted Matteo Navacci, Data protection counsel, DPO, Co-Founder Privacy Network on cybersecurity360 .

“But exceptional in this attack, it is worth repeating, there is nothing. Indeed, it was quite possible to expect it. According to the latest Clusit Report, the public sector is among the targets most affected by cybercrime in 2020. The vast majority of attacks are precisely malware (such as the ransomware that is presumed to have hit the Lazio Region), with an evidently growing trend ”.

This is a machine translation from Italian language of a post published on Start Magazine at the URL on Mon, 02 Aug 2021 14:14:32 +0000.