Cyber security is not a challenge, nor is it certainly the challenge of the 4.0st century, but it is a journey. What constitutes, on the other hand, a concrete and problematic threat for the XNUMX society are cyber attacks.
The need to create new business models to increase the productivity of industries has led to a general trend towards automation, computerization, virtualization, the cloud and towards all the functionalities present on mobile. The combination of these characteristics defines industry 4.0 to which the various social components are called to relate and on which the risk of cyber attacks acts.
This premise is a must to introduce the fifteenth edition of the Clusit 2020 report on ICT security presented last March 17th.
Contrary to other years, the presentation event took place in a virtual context considering the dramatic moment that our country, as well as many areas of the world, is experiencing. We are witnessing an unprecedented crisis that nobody would ever have expected and we would never have thought, even just a month ago, that we would have fallen into an unprecedented crisis since the end of the Second World War.
As said, It is an unprecedented situation or, at least, it is something that has never been addressed with the ability to detect and analyze, with technologies, with medicines, with the health system, with the media, with social media today. I hope that it will be a great lesson that can serve the whole world and that it will also help the IT security sector, returning to the things of our home. In fact, a report emerges from the report we have presented unheard of gravity that we could summarize in this sentence: "with 1.670 serious attacks and a 7% growth trend compared to 2018, 2019 marks a new upward peak in the representation of the cyber insecurity".
We can say that 2019 was the worst year ever in terms of the evolution of "cyber" threats and their impacts, both from a quantitative and qualitative point of view, highlighting a persistent growth trend of attacks, their severity and consequent damage.
In the past year a discontinuity has consolidated, a point of no return has been passed, such that we now find ourselves living and operating in a different dimension, in a new era, in an "other world", of which still we do not know geography, inhabitants, rules and threats well.
The attackers are no longer "hackers", nor even ephemeral groups, more or less dangerous, of "artisans" of cybercrime: they are dozens of organized, transnational criminal groups that bill billions, multinationals out of control equipped with unlimited means, national states with their military and intelligence apparatuses, their suppliers and contractors, "state-sponsored" groups, civilians and / or paramilitaries and mercenary units engaged in a fight with no holds barred, which have as their battlefield, weapon and target , infrastructures, networks, servers, clients, mobile devices, IoT objects, social and instant messaging platforms, on a global scale, 365 days a year, 24 hours a day. A situation of unprecedented seriousness that questions and jeopardizes all the conditions on which the proper functioning of the commercial Internet and all the services, online and offline, that rely on it are based.
In this sense, the message we want to convey loud and clear is that the situation has changed drastically, we are in an unknown territory and this "new normal" in terms of "cyber" risks, is different and must be managed differently than even just 2 -3 years ago.
Also this year, Clusit experts have employed to define a cyber attack as "serious"
the same classification criteria already applied to the data for the period 2014-2018, more restrictive than the criteria that were applied in the years 2011-2013, since during these 108 months there has been a significant evolution of the scenarios and that some categories of attacks, which could still be considered "serious" in 2011-2013, have now become ordinary administration. For example, website defacements.
All things being equal, this year more attacks were classified as serious than all the years analyzed since 2014.
These trends reinforce the belief that a real epoch-making change has occurred in the global levels of cyber-insecurity, caused by the rapid evolution of the actors, the methods, the pervasiveness and the effectiveness of the attacks. We must strive to keep in mind that Cybercrime, Cyber Espionage and Information Warfare of 2019 are certainly no longer those of 2014, and not even those of 2017, even if we continue to use the same names.
These dynamics in the last three years have caused very concrete consequences, on the one hand pushing more and more subjects, state and non-state, and entering the arena, accelerating the "arms race" in progress and exacerbating the level of the clash, and on the other impacting unequivocally on civil society, individual citizens, institutions and businesses, which is changing as a consequence of this enormous pressure. In other words, we are faced with phenomena which by their nature and size constantly cross the boundaries of IT and cyber security itself, and have profound, lasting and systemic impacts on every aspect of society, politics, economics and geopolitics.
To give a striking example of the substantial mutation of cyber threats that occurred in the last 3 years, Cybercrime, while certainly representing a huge problem and playing the lion's share from a quantitative point of view, now from a qualitative point of view, that is, of Severity paradoxically, it has become a secondary risk, in the sense that we now face far worse threats daily, against which the available countermeasures are particularly ineffective.
Distribution of attackers by type
Overall, compared to 2018, the number of serious attacks that we have collected from public sources for 2019 grows by + 7,6%. In absolute terms, in 2019 the "Cybercrime" category recorded the highest number of attacks in the last 9 years, with a growth of + 162% compared to 2014 (1383 against 526).
It should be emphasized that, compared to the past, today it is more difficult to clearly distinguish between "Cyber Espionage / Sabotage" and "Cyber Warfare": adding the attacks of both categories, in 2019 there is a decrease of 7,7% compared to previous year (239 vs 259).
Already in 2014 Cybercrime was confirmed as the leading cause of serious attacks globally (60%), rising to 68% of the cases analyzed in 2015. In 2016 this percentage was 72%, rising to 76% in 2017 and finally to 79% in 2018, showing an unequivocal trend. In 2019 this percentage increases further to 83%.
Hacktivism decreases further, going from almost a third (27%) of the cases analyzed in 2014 to 3% in 2019. As regards the activities of Espionage (also due to the scarcity of public information on the subject) their percentage compared to total attacks detected in 2018 went from 13% to 12%, while Information Warfare went from 4% to 2%. In 2019 these two categories added together are worth 14% of the total known attacks but have a higher than average Severity.
Distribution of attack techniques
For the third time since 2011, in 2019 unknown techniques ("Unknown" category) are in second place, decreasing by 22,3% compared to 2018, surpassed by the "Malware" category, stable in first place, which grows further by + 24,8% and now represents 44% of the total.
In third place the category "Phishing / Social Engineering", which grew by + 81,9% compared to 2018 and represents 17% of the total. An increasing share of these Phishing-based attacks refer to "BEC scams" 12, which inflict ever greater economic damage on their victims.
All other types of attack techniques added together represent only 2019% of the total in 12,3. The percentage increase in the categories "0day" (+ 50%) and "Account Cracking" (+ 53,6%) is significant, while attacks made using known vulnerabilities (-28,8%), DDos (-39,5 , 33,7%) and multiple techniques / APT (-XNUMX%). The latter have partly merged into the “Malware” category, which is increasingly used also by state and state-sponsored actors.
In essence, an unequivocal and very dangerous trend is also confirmed in 2019: attackers can rely on the effectiveness of "simple" Malware, industrially produced at decreasing costs in infinite variations, and on relatively simple Phishing / Social Engineering techniques, to achieve the vast majority of their goals. This data is also highlighted by the unprecedented polarization of attack techniques, such that the first 4 categories (out of a total of 10) now represent 87,6% of the sample.
It is clear, therefore, that we live and operate in an unprecedented situation in terms of cyber risks, which endangers all the assets of a country.
A clear strategy is increasingly needed, accompanied by investments in culture, training and economic resources, otherwise it will be difficult to get out of this framework.
