11 February 2021
The examination of cyber threats recorded in the last quarter of 2020 revealed that threat actors are continuously searching for new methods of attack and evolving their current methods to successfully penetrate their target.
The ‘Cyber Threats Snapshot’ report drawn up by Leonardo's Security Operation Center, evidences the continuous evolution of operating methods used by cyber threat actors, which includes new approaches such as:
- New tactics, techniques and procedures
- New combinations of attack tools, a consequence of the increasing availability of commodity malware
- New command and control platforms
The most technological advanced attack?
In particular, we have witnessed a very sophisticated hostile action that began with an initial attack to the supply chain of an IT monitoring and management software manufacturer. That compromised the IT systems of several Italian and international organizations, leaders in technology, transports, and energy sectors, as well as a number of international government institutions. The attack exploited the installation of a backdoor that allows access to the affected systems by the threat actors.
Are there any attacks that take advantage of the health emergency?
The ‘Cyber Threats Snapshot’ report also confirms the rising trend of cyber criminals exploiting issues linked to the COVID-19 pandemic to carryout cyber attacks. Two key factors were recorded in the period October-December 2020. The first is an increase in targeted ransomware against the healthcare sector, as well as several private research centers and universities.
The second is the increase of fake contact tracing applications (which, like the Immuni app in Italy, monitor the contacts of people who test positive for the Sars-Cov-2 virus) to spread malware.
Italian hactivism
In Italy, there have been numerous propaganda attacks related to the #FifthOfNovember operation - an annual event inspired by the Powder Conspiracy, which is based on a failed attempt to blow up the UK’s Houses of Parliament on 5 November 1605. The #FifthOfNovember operation aims to highlight the inappropriate way in which institutions and companies, especially those that work for the Government, treat citizens' data. The main executors of these actions were the Italian collectives ‘Anonymous Italia’ and ‘Lulzsec ITA’.
To read the report (Italian only)
For more information: cyberandsecurity@leonardo.com
Follow us on Twitter, LinkedIn and Instagram to be in touch with our initiatives.