Offensive of cyber gangs or cyber attack of geopolitical nature with the hand of Russia in the background? L'hacker attack started on Saturday night from France and rapidly expanded to Italy, Finland, Turkey, United Kingdom up to the United States is still to be clarified. At least 2.100 servers were allegedly affected. The government will deal with it today, Monday 6 February - with a summit in the morning at Palazzo Chigi - to clarify its scope and above all to trigger defensive countermeasures. At the moment the hypothesis of a prevails ransomware attack able to block computer networks in such a way as to make them inaccessible and then ask for a large sum redemption in Bitcoins. But the sneaky nature of the attack suggests from several sources that the hidden hand to have moved the attacks, forcefully denounced by theNational Cybersecurity Agencyactually hide russian gangs, non-governmental but tolerated by the Kremlin, which in recent times had already been signaled to embarrass some strategic infrastructures: from the blocking of booking systems for Covid vaccines in the Lazio region in the midst of the pandemic to the Trenitalia ticket offices, to the attack on the servers of GSE, the company that manages Italian energy services. This time hackers have entered computers all over the world, exploiting the vulnerability of a widely used software (Vmware: it is used to create virtual machines).
Attacking hackers: how they hit and where
The attack identified by the Cybersecurity Agency targeted i VMware ESXi servers: The authors exploited a vulnerability that was already discovered and fixed in February 2021 by vmware, but – the experts explain – not everyone has applied the correction indicated by the company and therefore they have been left with the hole without a patch that has been exploited in this wave of attacks to enter the systems. And the targeted servers, if lacking the appropriate fixes, "can open the doors to hackers busy exploiting it in these hours after the strong growth of attacks recorded over the weekend". The first to notice the attack were the French, probably due to the large number of infections recorded on the systems of some providers in that country. Subsequently thewave of attacks it moved to other countries including Italy. At the moment there are a few thousand compromised servers all over the world, from France to Finland, from Canada to the United States.
In the US the cissa (Cybersecurity and Infrastructure Security Agency, the federal agency for digital security) is working with public institutions and private companies to assess the situation. The US Agency has asked all organizations that have had anomalies or accidents to report them to CISA or the FBI. The decision - reports Reuters - was taken after the alarm raised by the Italian Cybersecurity Agency.
Hacker attack: summit at Palazzo Chigi
Who is most at risk after the weekend's wave of attacks? Ministries, agencies, transport companies, banks. ATMs, transport reservations, electronic payments were slowed down on Sunday. The biggest concern though healthcare: the software object of the attack is used by all the main healthcare companies in our country and, from the first information, very few would have performed the update.
A meeting to assess the extent of the cyber attack is scheduled for Palazzo Chigi at 9 today 6 February to take stock of the damage caused and put in place the appropriate countermeasures. The meeting will be attended by the undersecretary Alfredo Mantovano, the director of the Cybersecurity Agency Roberto Baldoni and the director of Dis, the Information and Security Department, Elisabetta Belloni. Already in recent weeks, among other things, Prime Minister Giorgia Meloni had made a statement on the need to counter the vulnerability of computer systems in the CDM.
Updates
“Regarding the hacker attack that occurred on a global scale, the meeting held this morning at Palazzo Chigi served to verify that, despite the seriousness of the incident, in Italy no primary institution or company operating in critical sectors for national security is been hit". This is the press release issued by Palazzo Chigi with which it is hoped that "during the first reconnaissance activities carried out by Acn-Agency for National Cybersecurity, together with the Postal Police, no evidence has emerged that leads to aggression by a state entity or comparable to a hostile state; instead the action of cybercriminals is likely, demanding the payment of a ransom”.
