Periodically Clusit, the Italian Association for IT security, publishes its reports on cybersecurity in Italy and around the world.
The Clusit 2024 Report on cybersecurity was presented to the press on Wednesday 6 March. A report which will then be illustrated on Tuesday 19 March, within the Security Summit conference, a three-day event dedicated to cybersecurity organized by Clusit together with Astrea, a communications and events agency specialized in the IT security sector.
Let’s discover some data from the preview of the Clusit 2024 Report, which refers to 2023.
Cyber attacks in 2023: general data
In general, Serious cyberattacks analyzed by Clusit are growing in Italy more than in the rest of the world: +65% in 2023 compared to 2022 (against +12% worldwide).
In our country, again in 2023, as many as 11% of global cyber attacks were successful. Percentage that jumps to 47% regarding offensives based on hacktivism (i.e. hacking for political reasons or civil disobedience). The most affected is the government-military sector. A quarter of the total attacks analyzed by Clusit aimed at the manufacturing sector at a global level concern Italian companies.
fonte: Clusit
Global cybercrimes
In 2023, globally Clusit highlighted 2,779 serious accidents, marking a worsening compared to 2022: +12%.
The monthly average was 232 attacks, with a maximum peak of 270 in April, which also represents the maximum value measured over the years. In 81% of cases the severity of the attacks is high or criticalaccording to the severity scale used by Clusit researchers which is based on the type of attack and impacts.
At the continental level, 44% of attacks were carried out in the Americas, 23% in Europe, 9% in Asia, 2% in Oceania and 1% in Africa. The remaining 21% occurred at multiple locations.
Cyberattacks in Italy
In this context, our country appears increasingly in the crosshairs of cybercriminals. Last year, 11% of the global serious attacks mapped by Clusit were successful in Italy, for a total of 310 offensives. The figure marks a growth of 65% compared to 2022 (when it was 7.6%).
56% of cyber attacks in Italy had critical or high severity consequences. With a retrospective look at the last five years, it also emerges that more than 47% of the total attacks recorded in our country since 2019 occurred in 2023.
Cyber attacks: targets in the world and in Italy
Globally, in 2023 as many as 83% of cyber attacks had cybercrime purposesor extortion of money (+13% compared to 2022).
Hacktivism attacks have almost tripled in the world, amounting to 8.6% of the total in 2023 (compared to 3% in 2022). However, the phenomena of espionage (6.4%, 11% in 2022) and information warfare (1.7%, against 4% in 2022) are decreasing.
As regards Italy, in 2023 cyber attacks with cybercrime purposes were 64%followed by those with hacktivism purposes, which jumped from 6.9 to 36% in one year.
Approximately 47% of the total hacktivism attacks worldwide occurred against Italian organizations.
Who gets attacked
Globally, the main victims belong to the multiple target category (19%). The healthcare sector follows (14%, +30% compared to 2022). After that, government and public administration sector (12%) and finance and insurance (11%).
In Italy, the sector most attacked in 2023 was the government-military sector (19%, +50% compared to 2022), followed by manufacturing (13%), transport-logistics (12%) and multiple objectives (11%).
Cyber attack techniques
Globally, malware is not only the main technique in 2023 with which cyber attacks are launched. But, with 36% of total offensives, it scores a +10% compared to 2022.
In the category, which includes different types of malicious code, ransomware is by far the main and most used one “thanks also to the high economic return for the attackers, who often collaborate with each other with an affiliation scheme”.
This is followed by the exploitation of vulnerabilities (18% of cases), phishing and social engineering (8%).
In Italy, for the first time in years, in first place there are not malware but DDoS attackswhich represent 36% of the total accidents recorded in 2023. The value exceeds the global figure by 28 percentage points and marks an annual percentage change on the total of 1486%.
Artificial intelligence and cybersecurity
A discursive part of the report focuses on the fact that today cybercriminals use AI in an increasingly conscious and refined way to achieve their objectives.
Gabriele Faggioli, president of Clusit, says: “We remember that 2024 is a year in which the polls will open for 2 billion people in 70 countries around the world, and this happens at a time when the introduction of AI into daily life puts the issues of ethics and digital sovereignty back at the centre, with mixed success and effectiveness.
Which cannot exist, however, without guarantees on information security, without an adequate digital culture (very poor in Italy as mercilessly photographed by the DESI Index) and without an adequate industrial policy that places investments in technological companies at the centre.”
