Cybersecurity threats are on the rise across Italy, culminating in significant increases in cybercrime activities observed throughout 2024. Data from Fastweb, now operating as Fastweb + Vodafone, indicates troubling trends as they document the accelerating pace of cyberattacks through their Security Operations Center (SOC), which operates 24/7. This alarming uptick is reflected in the latest Clusit report on ICT security, which reveals a dramatic 23% rise in overall security events since 2023.
One of the most shocking statistics from the 2024 report is the rise of malware infections, which surged by 131%, alongside botnets increasing by 41%. Both categories point to the increasingly sophisticated methodologies employed by cybercriminals. DDoS (Distributed Denial of Service) attacks also saw unprecedented escalations, with attacks doubling from the previous year and the severity of incidents peaking with more than 100 Gbps of bandwidth used.
The public administration sector and the finance & insurance industries have historically been the most affected, making up nearly 50% of all attacks recorded. For the public administration, reported attacks soared to 1,430 from 560 the previous year. Meanwhile, the finance and insurance sectors showed resilience with only a 36% increase, thanks to effective mitigation strategies.
“L’aumento più significativo – sottolinea ancora Fastweb – è invece quello del settore Servizi che registra un aumento del +250% rispetto al report precedente,” remarked Fastweb representatives, highlighting the troubling vulnerability of service-oriented sectors.
The year 2024 has seen innovation at two opposing ends of the cybersecurity spectrum: first, the exploitation of vulnerabilities by cybercriminals, and second, the bolstering of defenses largely driven by the advent of artificial intelligence (AI). The use of AI technologies has been pivotal, allowing organizations to bolster their threat detection and response capabilities. Since 2019, the number of servers exposed over the Internet has decreased by 11%, attesting to improvements made by organizations against cyber threats.
Kaspersky has also raised alarms about the continuous threat posed by the cybercriminal campaign known as GitVenom. Active for at least two years, GitVenom capitalizes on the popularity of GitHub among developers. It cunningly embeds malicious code within seemingly legitimate GitHub projects, such as Telegram bots and gaming tools. These false projects typically include detailed README files, sometimes generated by AI, to masquerade as credible.
One notable case highlighted by Kaspersky indicates significant losses: "One of these attacks ended up draining the Bitcoin wallet of one developer, leading to losses exceeding $400,000 in tokens last November." Such incidents remind users to be ever-vigilant about the authenticity of the code they utilize.
The methodology employed by these hackers involves layering malicious scripts hidden beneath innocuous code. For Python projects, they might place dangerous commands below extensive tabulations, whereas JavaScript implementations might embed remote access functions within the main files. Once operational, malware not only captures passwords and Bitcoin wallet details but also adopts various additional malicious tools hosted on separate hacker-controlled repositories.
Additional actions may include the use of remote access Trojans to take control of victims' devices, allowing hackers to record keystrokes and capture screen images. Notably, one of these compromised wallets yielded 5 Bitcoins, which were valued at around $485,000 at the time of theft.
Despite the global reach of GitVenom, Kaspersky emphasizes the concentrated attacks seen across Russia, Brazil, and Turkey, asserting the necessity for users to exercise caution when evaluating projects on platforms like GitHub. “Prevediamo che questi tentativi continueranno in futuro, forse con piccole modifiche nelle TTP,” predicted Kaspersky, signifying the persistence of cyber threats as tactics evolve.
The convergence of cyber threats and innovative defense mechanisms emphasizes the importance of vigilance. A collaborative effort among organizations, cybersecurity experts, and users is now more necessary than ever to combat the rapidly transforming threat environment.
With Fastweb and Kaspersky at the forefront of awareness initiatives, they continue to spotlight the rapidly changing face of cybersecurity threats and propose actions to mitigate risks. The upcoming Clusit report will be presented on March 11 as part of the Security Summit, highlighting the need for continuous attention to filling the security gaps left by advancing technology.