by Alessio Jacona *
The attack on the SIAE by Everest, a group of cybercriminals who stole 60 gigabytes of data from the association asking for 3 million euros in ransom, is just the latest in a long series of cyber crimes that are affecting companies and institutions Italian.
Before the SIAE, the Lazio Region had earned the headlines, victim in August of a ransomware attack with which criminals had blocked various services to citizens asking, once again, for a ransom.
"Ransomware attacks are not new, they've been around for nearly two decades, only they didn't happen on such a large scale before," explains Eugene Kaspersky, world-renowned cyber security expert and co-founder and CEO of the company of the same name. cybersecurity solution. "Now, however, the pandemic has also hit hard the interests of criminal organizations - he continues - which, hindered by lockdowns, are more dedicated to this type of online crime to collect crypto currencies".
Then there is also the fact that, again due to the pandemic, in many cases it was necessary to resort to remote work, which in fact weakened the digital defenses of companies and public administrations: "Several reports tell us that, when have been forced to have their employees work from home, small, medium and large companies often have not been able to guarantee the same level of cybersecurity that they offered in the workplace, and then suffer attacks on their networks through open breaches in their employees' home computers, ”Kaspersky always explains.
Who is behind the cyber attacks? What kind of criminals are we dealing with?
“There are different types of criminals: beginners, mid-level and professionals.
The first two types speak all languages, although in cybercrime the most widely spoken language is Simplified Chinese, followed by Russian, Spanish and Portuguese, Turkish, English and many others.
When we talk about high-level professionals, many of them speak Russian.
It is also very interesting to see how different types of cybercrime relate to different languages: for example, most attacks on banking systems speak Spanish and Portuguese.
We don't know which regions of the world they come from, but it's likely South America.
Many of the botnets instead speak Chinese, while most of the ransomware attacks speak Russian ».
What is the reason for this "specialization"?
“The reasons are different: for example, in China cryptocurrencies are prohibited and without them you cannot ask for ransomware ransomware.
And then also the international relations between law enforcement agencies have to do with it: sometimes bodies like Interpol have asked us to investigate cybercrime and we have been able to locate the criminals, but the problem
is that in Russia only cybercrimes that occur on the territory of the Russian federation are punishable, the others are not.
The criminals know this and take advantage of it ».
How can we defend ourselves from these attacks?
"First of all, it depends on whether the attack is aimed at a single individual or a company, and in the second case, by what type of company it is affected: for individuals and small businesses, the advice is to install good cyber software security and to always keep your brain "on": do not trust anyone on the net, do not click on any link and if you receive an e-mail that you did not expect, even from a known person, make a phone call to check.
At least in this case, being a little paranoid is not a bad idea. '
And for the others?
“For large companies, things are different, because they have to defend themselves against attacks very well constructed by high-level professionals.
In this case, you need to do a thorough examination of your infrastructures in search of vulnerabilities, as well as define the worst possible scenarios, those that can be lethal for your business, so you need to prepare a reaction strategy.
The latter can be based on the updating of software and infrastructures, but also and above all on the training and updating of personnel.
And it's not enough to do it once, it has to be a constant process, constantly reiterated, because threats evolve.
It is expensive, but necessary ».
What is the role of AI in cybercrime, on both sides of the "fence"?
“We make extensive use of machine learning for example to analyze new suspicious files or to automate monitoring processes.
After all, we are dealing with millions of new files every day and it would be impossible to manually screen them.
Furthermore, we also use machine learning to protect sensitive targets by identifying ongoing attacks in real time ».
And the criminals?
"We have no direct evidence that criminals also use machine learning algorithms because we don't hack their systems, but there are many cases of attacks conducted twenty-four hours a day, seven days a week, with behavioral characteristics that seem to be those of an algorithm.
So the answer is probably yes ».
What critical issues await us in the near future?
“The main problem we will have to face is that we don't have enough cyber security specialists in the industrial sector.
Small and medium enterprises are on average very protected, but industries whose critical infrastructures are and will be increasingly connected and digitized are at risk ».
---
* Journalist, innovation expert and curator of the Artificial Intelligence Observatory ANSA.it
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/JLX4IXAS25BVBICTHHWJ3AT5IY.jpg)
