The new Clusit 2024 Mid-Year Report, published in October, paints a worrying picture of the Cyber situation globally and in Italy. In the first six months of 2024, there was a increase of 23% of global cyber attacks, with an average of 9 serious incidents per day. In Italy, cybercrime remains the main threat, particularly affecting healthcare and the manufacturing sector. The escalation is accentuated by geopolitical conflicts which increasingly aim to destabilize digital infrastructures, exposing essential data and services to serious risks. The Report also warns of the potential impact of quantum computers: “Quantum computing could revolutionize several sectors, but it introduces new challenges for cybersecurity”. Their ability to overcome current cryptographic methods requires, in fact, a change in protection strategies.
Cyber Attacks: Unprecedented Escalation
In the first half of 2024, XNUMX new jobs were counted 1.637 major cyber attacks globally, a 23% increase compared to the second half of 2023. Attacks continued to grow, with a monthly average of 273 attacks, compared to 230 in 2023 and 139 in 2019. The majority of attacks were concentrated in the Americas (41%) and Europe (29%), with the latter seeing a significant increase compared to previous years. The81% of these attacks has caused serious or critical damage, with devastating repercussions for organizations and the public. A case in point is that of the San Raffaele hospital in Milan, which in March was the victim of a ransomware attack, blocking essential machinery and forcing patients to be diverted to other facilities.
Cybersecurity: Italy under pressure
THEItaly is particularly vulnerable and has long been an easy target for cybercrime, due to the rapid digitalization of its structures and the lack of preparation of its defenses. Even if compared to last year there has been a slight decrease in the number of attacks. The attacks of cybercrime matrix account for 71% of all Italian incidents. In 2023, the country suffered 11% of global attacks, an impressive figure that led institutions to take action. 2024 also proves problematic: in the first half of the year theItaly recorded 7,6% of global accidents, a disproportionate percentage compared to its population and GDP.
Il manufacturing sector was the most affected, while in the Health Attacks increased by 83% compared to 2023 (296 accidents in six months), threatening the security of the health data of thousands of citizens.
Cyber Attacks: Evolving Attack Techniques
La computer crime is the main matrix of attacks, with 88% of incidents in the first half of 2024 attributable to criminal operations. The malware, in particular, is the most used technique (34%), responsible for over a third of the cases analyzed. Among the most widespread malware, the ransomware continues to be the number one threat, thanks to its high economic yield and the spread of “as-a-service” attack models that allow even non-experts to launch extortion operations. In 2024, the municipality of Pescara was hit by a ransomware attack that blocked municipal services for weeks, resulting in disruptions for thousands of citizens. In Italy, malware is associated with 51% of the attacks recorded, often with serious economic and reputational repercussions for the organizations affected.
Right after the malware, the software vulnerability are the second most common technique, used in 14% of accidents, followed by Phishing. A recent example is the targeted phishing attack against a major Italian bank, which allowed attackers to access confidential information of tens of thousands of customers, causing a serious loss of trust and putting the entire security structure of the institution at risk.
In the first half of 2024, also thanks to a greater exploitation of Artificial Intelligence, identity theft attacks are on the rise, with many financial firms suffering from targeted phishing campaigns, causing serious data losses. The increasing complexity and effectiveness of these techniques have led to an exponential increase in economic and reputational damage, exceeding the costs of the 2023 attacks.
Severity of attacks: increasingly serious consequences
The Clusit Report highlights a growing phenomenon also in terms of gravity: well the81% of global accidents had impacts classifiable as “Critical” or “High”, highlighting a greater sophistication and devastating intent on the part of malicious actors. In the first half of 2024, 31% of incidents were classified as “Critical”, while 50% were classified as “High”, demonstrating the destructive potential of today’s cyber threats. The damage is not only economic, but also reputational and, in some cases, has led to the violation of data protection regulations, resulting in fines for the affected organizations.
A devastating attack hit an Italian university in March, locking out critical student and staff data, leading to a shutdown and ransom payments.
In Italy, however, the attacks are generally less severe compared to the rest of the world, with only 8% of accidents having a high severity. Although there are more accidents with a medium impact (41% versus 19%), the damage caused is more limited.
Geopolitical conflicts increase cyber threats
The report highlights theimpact of international conflicts on the spread and intensification of cyber threats. Ecosystem's staff is Russian-Ukrainian conflict, which led to offensive cyber actions against the Ukrainian government and infrastructure, has also prompted Russian criminal groups to step up attacks against Western objectives. Russia, for example, has long used cyber operations to influence public opinion, while other states exploit DDoS attacks and ransomware against the critical infrastructure of adversaries. According to Clusit, the Russian government supports and “systematizes” various cybercriminal groups, a dynamic that recalls the “racing licenses” awarded to privateers during the European wars of the 17th and 18th centuries.
Added to this is the conflict in the Middle East, which saw the involvement of cyber actors linked to resistance factions supported by Iran, engaged in demonstration and sabotage attacks against the infrastructure of Israel and its allies. In the Italian context, 2024 has already seen a series of DDoS attacks against government agencies and companies with interests in conflict areas, causing temporary disruption of essential services.
Healthcare and manufacturing: the most vulnerable sectors
Globally, the healthcare is the most affected sector, with an incidence of 18% of the total attacks in the first half of 2024 and for the first time exceeded the “multiple targets” among the victims of cyber attacks. The phenomenon is due to the increasing digitalization of healthcare facilities, which, however, is not accompanied by adequate levels of IT security.
In Italy, the manufacturing remains the most affected sector, with 25% of global incidents targeting this sector involving Italian companies. The case of a ransomware attack on a car factory in Northern Italy, which forced a week-long production shutdown, is emblematic. The impact of such attacks it is not limited to direct economic damages only, but it extends to international supply chains, with delays and disruptions for the entire industrial chain.
The Future Outlook: Concerns About Quantum Computers
The Clusit 2024 Report sends a clear signal: the Cybersecurity is an urgent priority that requires coordinated actions and strategic investments. Prevention and protection efforts must be stepped up in key sectors such as healthcare and manufacturing, while governments must strengthen regulations and guidelines for businesses. The evolution of cybercrime and threats related to international conflicts requires all actors, public and private, to adopt advanced defense measures to ensure the security of critical infrastructure and the protection of personal data.
However, we must also pay attention to the technological advances. Ecosystem's staff is quantum calculation promises to revolutionize various sectors, but brings new challenges for cybersecurity. Quantum computers, with their ability to circumvent current encryption techniques, impose a radical review of security strategiesIt is necessary to integrate the post-quantum cryptography, update security protocols, and adopt technologies such as quantum key distribution (QKD) to protect sensitive information and ensure the security of digital systems. As this technological revolution approaches, theTimely adoption of safety measures will be essential to address the challenges of an increasingly quantum-dominated world. Furthermore, collaboration between governments, industry leaders, and academic institutions will be crucial to develop quantum-resistant solutions and ensure a safe transition to the quantum era.
Cyber security services will have to stay flexible, continuously adapting to new threats and integrating innovative technologies to respond to the evolving cyber risk landscape. Only through a conscious and proactive approach it will be possible to mitigate risks and protect collective well-being, reducing the frequency and severity of cyber attacks and protecting the country from potential damages that are now not only virtual but also extremely real.