A roadmap to stop Russian hackers. Italy’s National Cybersecurity Agency (NCA) issued a stark warning on Friday: Wednesday’s Russian cyberattack on Italian institutions could anticipate a new wave of aggression.
- The agency published a list of 71 vulnerabilities that must immediately be patched to secure the country’s system against further Russian attacks.
- The list was made available on Friday by the NCA’s Computer Security Incident Response Team (CSIRT), led by Director Roberto Baldoni and Deputy Nunzia Ciardi.
- It was made available earlier, on Thursday, for the Italian companies within the Cyber Perimeter (i.e. public and private actors who perform essential services for the State and are subject to an NCA-coordinated security and control network).
Getting serious about resilience. Wednesday’s incident was a brute-force DDoS attack designed to intimidate rather than compromise the targeted systems. However, Kremlin-linked cybercriminals can achieve exactly that by exploiting those vulnerabilities, gaining access and then moving laterally within the infrastructure.
- NCA operatives fear that far more dangerous malware campaigns could follow Wednesday’s DDoS attack. They have reasons to believe there is a coordinated direction behind the attack on Italian infrastructure.
- At-risk products are from Microsoft, VMware, Cisco, Oracle, and SonicWall. The list includes well-known exploits, such as LOG4J.
Calling out Russia. The NCA’s report stems from the analysis of 18 attribution campaigns that led to identifying “malicious actors linked to the Russian Federation.” Insiders told Decode39 that the driving forces behind the attribution hunt were the US and British governments and some Western vendors.
- The NCA document sets a remarkable precedent. Indeed, those familiar with cybersecurity know that attribution is the most complex part of responding to attacks. Identifying with certainty the private entity or State responsible for a campaign is a feat, making the cyber domain a dangerous, anonymous battleground.
- But the Russian war in Ukraine was accompanied by digital aggressions that put the Italian security infrastructure on alert well before the invasion. The NCA noticed a spike in hostile activity as early as January 14th, partly attributable to Russian actors.
- As Marco Minniti (president of the Med-Or Foundation and former Interior Minister) told Sky Arabia, “it’s clear that cyberattacks are a means to keep the pressure on a country,” especially in a delicate situation – such as the war in Ukraine.