The conflict in Ukraine continues to be felt even in cyberspace with new attacks on various fronts, effectively simulating a war between hacker groups. The intensification of criminal activities is having increasingly evident repercussions, with frequent downsides of institutional portals . Time will allow us to understand what the objectives are: if there is a broader plan or if it is a simple deterrence.
What is happening in cyberspace
While Italy was preparing to experience the Eurovision Song Contest in Turin, numerous attacks followed one another in cyberspace, as in a sort of virtual war but without knowing between whom . Experts from the National Anti-Crime Center for Critical Infrastructure Protection (Cnaipic) have worked extensively with the Postal Police to be able to foil the attacks before they could do serious damage. In reality, most of the time it was DDoS (Distributed Denial of Service) attacks, originating from different parts of the network and targeting the singing event. In fact, with the interruption of services, especially voting ones, the intention was to create havoc and alter the normal execution of the television event.
In the same week there were also attacks on the Ministry of Defense, the Higher Institute of Health, the Automobile Club of Italy (ACI) and the Senate of the Republic . On Wednesday 11 May, their websites were unreachable for some time following the saturation of network resources. Once again a DDoS, not difficult to achieve thanks to the bot net, zombie computer networks trained to contact the destinations to be hit relentlessly.
In reality, this type of attack is not particularly destructive and does not involve the breach of personal data. However, it acts in a decidedly more subtle way, undermining the trust of possible users of the site : citizens in the case of an institutional site or customers, for example in the case of a bank. The attack appears to have been claimed by Legion, which in some messages refers to another group of pro-Russian cybercriminals, Killnet. However, in these cases the conditional is a must because the analyzes on the origins of the attacks take a long time and only at the end can a truthful conclusion be reached.
The latest attack on the police
The agenda of tackling national infrastructures does not seem to have an end given that on the night of May 15, the site of the Italian police was put out of use . Once again a DDoS attack, with no major repercussions apart from its temporary inaccessibility. A sort of challenge with the institutional power of the Italian state by dint of scarring its representatives . Immediate intervention of the technicians in order to restore the full potential of the portal but with great attention to possible unexpected lateral movements, as pointed out to the newspapers in the field.
In fact, the risk is that these attacks are only the iceberg of a larger plan that we are not yet given to know. In addition, the announcements in the network claiming the authorship of the attacks would again suggest a Russian-style matrix but investigations are still continuing on the attacked servers. The danger is high and each type of attack must be carefully evaluated to understand any vulnerabilities and raise our security posture. We hope to be able to emerge from this complex historical period more strengthened than in the past.
The article War in cyberspace: new attacks on national infrastructures was written on: Tech CuE | Close-up Engineering .