Breach, Content, EMEA, Europe

Report: Hackers Hit 500,000 Italian Certified Email Accounts

Hackers have invaded a server holding roughly 500,000 Italian certified email accounts in what one local official called the “worst attack” in nearly a year.

The November 12 cyber burglary included the data records of some 9,000 high ranking government functionaries, including magistrates and members of a government-wide security authority, a Reuters report said. At this point, the cyber crew that pulled the job has not been identified but the attack is believed to have originated outside the country. It's not known what the hackers have done with the cyber loot.

Roberto Baldoni, who heads Italian state cyber security, told Reuters that the damage has been contained. “This was the worst attack we have had since January this year and it has had important repercussions, but ... the situation is under control,” he said.

In the attack’s immediate wake, the IT system used by Italy’s appeals courts was suspended and holders of certified email accounts were urged to change their passwords at once. Other than that, it’s too early to measure the attack’s fallout, although it may not be the work of sophisticated hackers, Baldoni said. “The only thing we know for sure is that this attack was not launched from Italy. It was a serious attack, even if, at first sight, it didn’t seem too refined from a technical perspective.”

As with registered mail, certified email is validated by a neutral third-party who confirms the sender’s identity, and the date and time the item is sent and received. It carries the same legal status as registered mail, and as a result has the potential to be a data rich prize for hackers.

Italy Cyber Crime Epidemic

Cyber crime in Italy is rising rapidly. According to the Italian Association for Information Security, (CLUSIT), total damage caused by cybercrime in Italy in 2015 was close to $10 billion. In 2016, cybercrime in Italy increased by 30 percent, digital attacks by 16 percent, espionage activities by 39 percent and attacks on critical infrastructure by 154 percent.

The seventh annual CLUSIT report for 2018 covering the Italian IT security market can be found here.

As a European Union member state, Italy's data protection laws are said to be ahead of the international curve, according to the law website Lexology. The country commands one of the strongest legal balances between citizens’ data privacy and businesses’ interests, Lexology said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.