THEItaly is increasingly in the sights of hackers. In 2023, cases of violations of cyber attacks both globally in our country, with the Belpaese continuing to be among the most targeted. It is the photograph of the Italian Association for Information Security (Clusit) who presented his new 2024 Report.
In 2023, globally have been recorded 2.779 serious accidents, with an increase of 12% compared to 2022. The monthly average of attacks was 232, with a peak of 270 attacks in April, the highest number ever recorded. Of 81% of attacks, the severity was rated as high or critical. In Italy, 11% of global attacks occurred, for a total of 310 attacks, an increase of 65% compared to the previous year. Over half of them had serious consequences. And looking at data from the last five years, 47% of the total attacks recorded in Italy since 2019 occurred in 2023.
Cyber attacks: more than 10 thousand global attacks since 2019
In the period 2019-2023, they were registered 10.858 cyber attacks globally, with 2.779 accidents in 2023 alone, the highest number ever recorded. This exceeding of forecasts indicates a stable trend of attack growth over the past two years. Events from the last five years represent over half (56.3%) of all incidents classified by the Association since 2011. The monthly distribution shows more intense activity in the first half of the year, with a maximum peak of 270 attacks recorded at April 2023, marking a new negative record. As a result, the monthly average of cyber attacks increased considerably, reaching 232 in 2023, compared to just over half in 2019.
Clusit Report 2024: the typology of attackers
In the period 2019-2023, the comparison of the distribution of attackers highlights that the Cybercrime remains the main motivation of accidents (83% of the total), with constant growth over time (+13,4% in 2023 compared to the previous year). This trend suggests a mix or even integration between online and offline crime, with reinvestments in the proceeds of previous activities. In contrast, attacks related to espionage e information warfare show a significant decrease (from 259 attacks in 2022 to 178 in 2023 and from 103 to 46 respectively). Attacks related tohacktivism, however, increase significantly, almost tripling from 84 in 2022 to 239 in 2023.
The sectors most affected
The European value-chain analysis distribution of victims of attacks in the period 2019-2023 highlights several trends. Compared to 2022, there is a decrease in the incidence of Multiple Targets (-3%) and an increase in the Healthcare sectors (+2%) and Financial/Insurance (+3%). Even the sectors Educations, Manufacturing, Transportation/Storage e Wholesale/Retail recorded a higher percentage share compared to the previous year. The manufacturing sector reaches its all-time high, confirming constant growth since 2019. Some sectors such as Government/Military/Law Enforcement e Professional/Scientific/Technical maintain constant percentage shares, while attacks on the ICT sector decrease proportionately compared to previous years.
In 2023 the number of multiple target attacks remains close to that of 2022, confirming itself as the most affected category. The Financial/Insurance and Healthcare sectors are growing consistently, while accidents in the ICT sector remain stable and those in the Manufacturing, Professional/Scientific/Technical, Transportation/Storage and Wholesale/Retail sectors are increasing.
Attacks are growing in America, Oceania is the only region in decline
La geographical distribution of victims of cyber attacks in 2023 highlights a general increase in attacks, with particularly marked growth in American continent, which goes from 941 attacks in 2022 to 1.226 in 2023. Theoceania it is the only area to see a decrease in attacks, while incidents towards multiple locations also decrease.
In percentage terms compared to the total, theAmerica represents 44% of the victims, followed by Europe at 23% and Asia at 9%. Approximately 21% of the attacks occurred against multiple locations, while the component of attacks in Oceania and Africa remains marginal at 2 and 1 percent. There consistency of Europe has remained stable over the last three years, while America records a notable increase compared to 2022 (+6 percentage points), causing a decrease in the European percentage share to 23%.
Cyber attacks: the types of attack
In the 2023, the malware remains the preferred technique by cyber criminals, used in 36% of cases, with the ransomware which accounts for the majority of them, thanks to its profitability and collaboration between attackers. The exploitation follows vulnerability (18%), also including zero-days. Unknown techniques represent a fifth of the sample.
However, in percentage terms over time, several trends are observed. Although the use of malware is constantly increasing in absolute terms, its percentage impact on total attacks is decreasing over the years. On the contrary, the DDoS attacks and vulnerability-based continue to grow, while the use of phishing/social engineering and multiple techniques decreases. The use of remains constant identity theft/account cracking e web attacks, while attacks based on unknown techniques decrease.
It is important to monitor theThe increasingly widespread use of artificial intelligence by criminals to select targets, find vulnerabilities and produce content for phishing attacks or malware code. This trend represents a future challenge that requires attention and preventive actions.
Increases the severity of attacks
Over the last three years, a worrying trend of constant growth has been observed severity of accidents. Compared to the total number of accidents recorded, in fact, the Critical impact attacks are on the rise constant from 2021, gaining an additional 2% in 2023. These attacks also took share away from high-impact attacks, despite representing over 40% of total attacks. Medium impacts have remained essentially constant, while low impacts have virtually disappeared from 2022.
Critical attacks for Espionage and Information Warfare have increased significantly, likely influenced by geopolitical conflicts. However, high-impact attacks in the field of Hacktivism have decreased as a percentage of the total, but have increased in absolute numbers.
Severity analysis for type of victim highlights an increase in the criticality of impacts in the Healthcare, Financial/Insurance, ICT and Professional/Scientific/Technical sectors. Despite a decrease or stability in the number of attacks in some categories, the severity of the consequences remains high, suggesting a potential lack of preparedness in dealing with such incidents.
Cyber attacks: the Italian scenario
The analysis of cyber attacks in Italy in the period before 2023 shows a significant increase in the number of accidents, with an increase of 65% compared to the previous year. This growth rate is much higher than +12% globally. The attacks in Italy are therefore increasing at a worrying rate, possibly indicating a greater vulnerability of Italian organizations or a greater interest on the part of cybercriminals towards Italian victims.
The distribution of attackers by type highlights that the majority of attacks in Italy are attributed to Cybercrime, representing 64% of the total. Hacktivism attacks follow with 36%, a notable increase compared to 7% in 2022, while no significant Espionage / Sabotage or Information Warfare attacks were detected. However, it should be noted that the situation may be influenced by the conflict in Ukraine, with activists acting through demonstration campaigns also involving Italy.
Il malware remains the most used technique, although its percentage dropped to 33% in 2023 compared to 53% in 2022. Phishing saw a slight increase, while vulnerabilities decreased. DDoS attacks showed a huge increase of 1.486%. It is clear that the human factor continues to be a weak point exploited by attackers through social engineering. Furthermore, now with artificial intelligence it is necessary that the countermeasures adopted by organizations also adapt to the technological level of the attackers.
Furthermore, the analysis of severity of attacks in Italy shows that attacks do less critical damage than the rest of the world. While medium impact attacks are more numerous, the damage is generally more limited.
“Assuming that the strategy implemented to date is useful (certainly to avoid a greater acceleration of the phenomenon), There is still no sign of a decline in the phenomenon on the horizon or at least an ability of the country system to defend itself better than others" he explains in the preface of the Report Gabriel Faggioli, Chairman of the Clusit.
“Personally I think we are facing one extremely complex scenario which sees the country behind from the point of view of digital skills as amply demonstrated by the DESI index of the European Commission which in the 2023 Report sees us fourth last out of twenty-seven for basic digital skills and last for graduates in ICT subjects. Furthermore, the share of women among ICT specialists is 16%, well below the EU average of 18,9%. If we then go to the investments in cybersecurity we can see how in 2023 Italy spent 2,149 billion euros equal to approximately 0,12% of GDP but we also know that comparable European countries such as France and Germany spend double not to mention nations such as the USA which spend 0,3% of GDP. These are immense differences that impact the overall effectiveness of the measures adopted to protect the systems."
THU to download the Clusit 2024 report.
