The cyber, information and communications security office is one of the offices of the C4S department of Maristat; inside there is the Cyberdefence section, where the CERT was established (Computer Emergency Response Team). The CERT is divided into two areas, the Coordination Center, which establishes the policy and the Technical Center, responsible for the technical aspects.
«We have the task of finding solutions to problems, accidents and errors in the computer system - explains the head of the Cyber Defense section, frigate captain Luca Scudieri - we also carry out prevention activities against cyber-attacks, launched by individuals or criminal groups. We are the solution of part of the problems that are reported to us by the joint call center. Ours is a young section, created between 2012 and 2013. We are in close contact with other defense CERTs, both nationally and internationally, and we cooperate with governmental and private bodies that deal with IT and industrial security. Cyberoom, a space of the Navy dedicated to IT security, will also be activated shortly; threats and attacks targeting the computers of Navy personnel are, therefore, our area of technical expertise ».
In the last year the CERT has detected 806 threats, distributed among the various bases of the MM; 678 are deleted, 128 are in the process of being resolved. In 474 cases it was necessary to resort to formatting the personal computer.
«Dto 2013 to date - continues the section head - we have noticed that most of the potential threats to our systems come via e-mail messages. Email messages disguised by the sender, to make recipients believe that they are communications from commercially or institutionally known sources. These messages can be recognized even by less experienced users, because they are often characterized by imprecise writing and a syntax that differs from the correct Italian. There are also groups of cyber-criminals who generate viruses that can encrypt the victim's data and then demand a ransom to decrypt the system.
Twenty years ago the cyber threat was represented by the boy who created and spread viruses to overcome the defenses of a website; now we have moved on to cyber-warfare, simultaneous attacks by criminal organizations that act in a coordinated, persistent and effective way: APT (Advanced Persistent Threat) threats. In this case we are dealing with viruses that infect the computer, extremely difficult to detect and capable of stealing small data packets. A theft of modest amounts of data on a daily basis that results, over time, in a huge amount of data stolen in small quantities to avoid generating alarms on outgoing traffic, which is monitored».
There are also attacks launched using the employee's contacts, his e-mail and mass storage devices (USB keys and portable hard drives). Social networks play a central role in choosing the criminal strategy followed by hackers, even if unknowingly. The goal is to steal information online from one or more employees.
The "cyberladro" analyzes the profiles of social networks, so as to understand passions and interests, to be exploited for engage the victim with posts or messages related to his privacy. When these threats are discovered it is practically impossible to go back to the place where the attack was launched and when this is possible it is almost always distant countries, with a very permissive jurisdiction with regard to computer-related crimes. In the cyber attacks, in fact, the difficulty of identifying those responsible for the threats makes it very complex to fight back.
«The systems are increasingly sophisticated - continues Scudieri - and the hackers have well-trained groups of chand they can count on equipment with very high costs and that have a lot of time to organize and follow the course of criminal activity. Since 2013, the year in which we became operational, to date, we have evolved from an organizational and technical point of view, investing in the hardware and software part. We share work plans with military and paramilitary organizations operating within NATO and, as regards defense systems, we also work with civil and industrial groups».
«One of the most used attacks is the "Botnet" (network of computers violated and activated by a botmaster who then exploits the "ghosts" to launch simultaneous attacks on other systems) the DDos (Distributed Denial of service). Thousands of stations launch the attack on a server to get the site to stall and it will go haywire. The system that is attacked sees threats coming from a multitude of private computers, so that it does not understand who is really doing the offense. We also take care of surveying the storage devices used by Navy personnel to prevent the phenomenon of "Air gap"(Violate systems through the portable devices of the staff who unknowingly transfer the viruses from the home computer to the office computer)».
We asked CERT for some advice for PC users.
First of all, it is important to know that threats almost always arrive by mail or during normal web browsing. When receiving emails it is always important to check the sender carefully. Do not stop at the company logo or the name of the message holder, try to understand and intuit even if the email is part of the normal activities of our interlocutors. If you receive an unusual message from your contacts or from your credit institution, check by phone. In any case, be careful to click on the attached links.
Often, when a private e-mail is breached, the attack will produce a message sent to all contacts, which the user conveys completely unconsciously. In this case the recipients will do well to notify the sender. When surfing the internet, you need to pay attention to where you go to place the mouse. Today, in fact, threats are hidden in banners, photographs, video and hypertext links.
