November 2022 is just 11 days old, and Italy is already prominent in the cybersecurity news this month. The information accessed by The Cyber Express shows a clear pattern of attacks on organizations in the country. It is an extension of what was happening in the past few months, researchers at Cyble Research & Intelligence Labs (CRIL) confirmed.
What spiked since March 2022 following the Russian invasion of Ukraine continues to rise, as cyber criminals have started cashing in on the attacks and data leaks by state-sponsored actors. Take a look at these instances The Cyber Express spotted this month:
November 1: A member of the Russian underground forum XSS offers a database containing 35 million transactions of an Italian e-commerce company for $5,000.
November 3: Hive ransomware discloses attack on Italian automobile company Landi Renzo.
November 4: Royal ransomware gang disclosed attacking food processor Fratelli Veroni of Correggio (RE), its first Italian victim.
November 4: Vodafone Italia, the Italian subsidiary of the UK-based telecommunication major, has alerted its customers of a data breach.
November 4: The Adrastea group, notorious for its recent attack on the Italian Ministry of Defense, offered to sell access to Italian companies on dark web marketplace Breach Forums.
November 7: A post in the dark web marketplace Breach Forums offer to sell the contact details of 70,000 Italians for $100.
November 10: Data of 12 million Italians was put up for sale for $49, in a CSV file on a dark web marketplace. The CSV file contained telephone number, name, city, email and other information.
Italy and cyberattacks
Italy is the third-largest national economy in the European Union and the 10th-largest in the world by nominal GDP. More than 70% of the population has access to the internet, says the World Bank. The digital population in Italy is estimated to have surpassed more than 45 million active internet users.
“As per economic indicators, Italy is among the top 10 exporters of services and manufacturing goods worldwide, making it essential to the entire value chain, further incentivizing threat actors to carry out larger supply chain attacks,” Dhanalakshmi PK, Cyble Senior Director – Malware and research Intelligence, told The Cyber Express.
While cyberattacks were common, the numbers spiked after Italy extended its support to Ukraine in the ongoing war against Russia.
“The ever-increasing threat landscape due to the Russia-Ukraine conflict has fundamentally transformed the attack surface due to frequently disclosed vulnerabilities and exposures. Meanwhile, the increasing complexity of tools and techniques adopted by the threat actors has revealed the gaps in the cybersecurity infrastructure of Italian organizations and entities,” said a Cyble advisory about cyber-attacks on Italy.
Italy’s foreign minister disclosed in September that the cyber-attacks on western European companies, and Italy in particular, have risen following the Russian invasion of Ukraine. The statement came after state-sponsored hackers started targeting energy companies in Italy that month.
Italy-based chemical manufacturer RadiciGroup faced a cyber-attack in June. In July, LockBit ransomware gang claimed that they breached the network of the Italian Internal Revenue Service. The threat was to release the stolen 100 GB of data (including company documents, scans, financial reports, and contracts) online if the Italian tax agency did not pay ransom before August 1.
BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) in September
Data on the dark web
“The notable cyber-attacks this year were data breach related to European defense manufacturer MBDA, the Italian Ministry of Defense, Vodafone Italia S., and Ferrari,” said Dhanalakshmi.
Ferrari faced indirect trouble when the Italian automobile manufacturing business Speroni was attacked by the Everest cyber gang in December 2021. About 900 GB of data comprising private information about the company’s partners, including Ferrari, Lamborghini, Fiat Group, and other Italian automakers were stolen by hackers then.
“CRIL’s ransomware monitoring data indicates that Italy was the third most-targeted country in 2022 in the European region after Germany and France. So far in 2022, the country has suffered 7% more ransomware attacks viz-a-viz same period in 2021. The manufacturing and professional services sector were among the worst-hit sectors in 2022,” said the Cyble advisory.
What happens now appears to be a natural consequence of those ransomware attacks and data breaches. Data thieves operating in the dark web marketplaces have suddenly sprung up with data from Italian companies.