Clusit Report for the first semester of 2022: Cybersecurity in Italy worsens

While waiting for the complete Clusit report for the whole year 2022, we can read the partial data on the quality of cybersecurity in Italy and around the world for the first half of this year. The situation is not good: the number of attacks continues to grow, although the severity remains almost unchanged. For the full report, click here.

Quality of cybersecurity: the numbers speak for themselves

The number of global attacks in the period January-June was 1141, and the monthly average increased in parallel with the trend of the period considered.

It should be noted that only known attacks are referred to in the report. In fact, the Clusit report clarifies in the introduction that the reference sample is clearly partial since only attacks that have been made public are evaluated.

All those that are not made public, hidden, and have not yet produced effects cannot be included in the report. The situation we observe, therefore, could be just the tip of the iceberg.

Who are the main victims of cyber-attacks in 2022?

There have been many victims of attacks in this first semester, but the 5 most targeted categories are:

1. Multiple targets (the attack hit more than one type of organization)
2. Healthcare
3. Governments, military, and law enforcement
4. ICT
5. Financial/Insurance sector

Compared to previous years, the number of attacks with multiple targets has increased enormously (+108%), one of the signs that the threats we will face in the future will be increasingly complex.

What are the most frequent techniques and types of cyber-attacks in 2022?

During this year, due to the Russo-Ukrainian war, there has been an increase in espionage-sabotage and information warfare attacks. These two categories alone represent 18.5% of the sample. Furthermore, the growth of hacktivist attacks is also very important. These have increased tremendously (414.3%) mainly due to the war.

As for the most used techniques, Malware (38%) and still unknown techniques (22%) reign. This means that we are not able to understand how the attacks were carried out one out of five times or at least it takes a lot of time to figure it out.

How dangerous have cyber-attacks been in 2022?

Regarding the “severity,” there has been a general invariance of danger compared to 2021. Critical and high-impact attacks make up to 77.4% of the total attacks. Combining these data with others on types, techniques, and victims, we get some interesting additional results:

1. Cybercriminal attacks with a “Critical” severity have significantly increased compared to the years 2018-2020, which is of great concern and clearly indicates a change in strategy by the attackers.
2. It can be noticed that the “Government” category has suffered the highest number of attacks with “Critical“ severity, followed by “Multiple Targets,” “Financial/Insurance,” “Healthcare,” “Manufacturing,” and “ICT,” while the categories with the highest number of attacks with “High” level impacts are “Multiple Targets,” “Healthcare,” “ICT,” and “Government.”
3. From the point of view of attack techniques in 2022, the incidents with the most critical impact are those carried out through Malware, Unknown Techniques, Known Vulnerabilities, and Multiple Techniques. The average severity of attacks carried out through DDoS and Phishing has also significantly increased.