The facts and comments of the experts on the cyber attack on the Ced of the Lazio Region
“I confirm the ransomware and confirm that the attack is purely criminal: nothing ideological, no novax or anonymous as some have written. Pure and simple ransom note. Furthermore, the ransomware was inoculated directly on the systems through a surgical intrusion on a PC from which it was escalated. No phishing or social engineering emails: it was an attack on machines and not on people, done with the help of someone who knows the systems of the Region well ", commented one of the leading cybersecurity experts in Italy, Corrado Giustozzi .
"RANSOMWARE OF THE LOCKBIT 2.0 TYPE"
"Based on the evidence we have collected, circumstantial evidence and to be verified over the minutes, since the investigators do not unbutton themselves, the suspected ransomware would be of the Lockbit 2.0 type" specifies Arturo Di Corinto on Repubblica . In other words, it is "an updated version a few weeks ago of the Lockbit malware, currently the fastest and most dangerous among those that are sold on the Darkweb according to the" as a service "mode, that is, as legitimate software, paid by the module or by consumption, a kind of rent for the criminal instrument ".
AN ITALIAN COMPANY ALSO INVOLVED
"However, the attack would not only concern the Region and the vaccination reservation systems but various Italian companies" adds Di Corinto. “And it would have started from one of these last June. It would be a large Italian IT company that manages many activities related to digital health in full outsourcing, ie an external company whose operators have administration privileges on information systems, such as regional ones. Operators who, according to rumors, are themselves under attack together with their entire company, so much so that they have to reset their email accounts and activate two-factor authentication, the one with two passwords to understand each other. It would not therefore have been a targeted attack on the regional health system ”, points out Repubblica .
THE TWEETS OF STEFANO ZANERO
1) Companies and organizations around the world have fallen victim to ransomware, just a google swipe. It is not so surprising that a large region (or hospital, or ministry) is a victim of this. Indeed, I am surprised that it is the first such significant case.
– Stefano Zanero (@raistolo) August 2, 2021
3) I also read that "the data was not compromised". Now, I hope that's true, but if the systems have been hacked to the point of encrypting them with ransomware, it takes time and a very thorough investigation to rule out data breaches. I'm surprised that this can be said already now.
– Stefano Zanero (@raistolo) August 2, 2021
THE COMMENT OF INFOSEC
“For those who do not have a short memory, some considerations are spontaneous. The first: we are considering the services of a software system that has remained without CE marking, a defense that could well have protected citizens from this accident. The second: maybe that server falls within the category of that 95% of those declared by the same Minister Colao as "unsafe"? The third: is it possible that every time there is a tilt of the PA's computer systems, the announcement is limited to talking about a – this time powerful – "hacker attack"? " Stefano Gazzella commented on Infosec, the newspaper whose editorial director is Umberto Rapetto.
“And finally: where are the elements necessary to compose a valid communication to the interested parties required by art. 34 GDPR since there is no doubt that there has been a data breach with (at least) a temporary loss of data availability? Of course, hopefully that of the Ministry of Justice relating to the data breach of the bar exam will not be taken as an example ".
NAVACCI: "THERE IS NOTHING EXCEPTIONAL"
“Anyone can be the victim of ransomware attacks: from family-run micro businesses to enterprise-level companies or public bodies. Today it was the turn of the Lazio Region ”highlighted Matteo Navacci, Data protection counsel, DPO, Co-Founder Privacy Network on cybersecurity360 .
“But exceptional in this attack, it is worth repeating, there is nothing. Indeed, it was quite possible to expect it. According to the latest Clusit Report, the public sector is among the targets most affected by cybercrime in 2020. The vast majority of attacks are precisely malware (such as the ransomware that is presumed to have hit the Lazio Region), with an evidently growing trend ”.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/attacco-regione-lazio/ on Mon, 02 Aug 2021 14:14:32 +0000.