Italy Recorded Cyberattack Growth in 2024

The first Cyber Security Report, published by Telekom Italia and the Cyber Security Foundation, reveals an increase in sophisticated cyberattacks and ransomware targeting manufacturing and services. In 2024, cyber threats in Italy increased in number, sophistication, and, above all, targeting. The report examines the evolution of digital attacks in Italy, focusing on two rapidly growing phenomena: DDoS and ransomware attacks.

The number of DDoS attacks increased by 36% compared to the previous year. On average, there were 18 events per day. However, it's not just the number that's striking. Nearly four out of ten attacks exceeded 20 Gbps in intensity, which makes them more difficult to detect and defend against. Execution methods have also evolved, with attacks now hitting multiple points within the same organization, such as sites, networks, and devices, rendering many traditional countermeasures inadequate. These attacks have increasingly affected public administration. Its exposure increased from 1% to 42% of the total in a single year. This is a sign of a change in strategy by malicious actors and an indication of an increasingly unstable geopolitical context.

Ransomware continues to pose a real threat. With 146 officially detected cases in 2024, Italy is the second most affected country in the European Union. The sectors most vital to the economy were primarily targeted: 58% of the attacks affected services and 26% involved manufacturing. One cause of the phenomenon's expansion is the spread of Ransomware-as-a-Service. Criminal groups develop malicious software and make it available to others, thereby expanding the pool of potential attackers to include those with fewer technical skills.

The report also devotes ample space to new technologies that are changing the face of cybersecurity. AI is already a double-edged sword today.  On the one hand, it enables faster and more proactive defense by detecting anomalies and automating incident responses. On the other hand, attackers use it to make phishing campaigns more credible, create manipulated content, and design more targeted, difficult-to-intercept attacks.

In parallel, the European regulatory environment is also shifting. In 2024, new directives and regulations came into force, including the Network and Information Security Directive (NIS2), the Cyber Resilience Act, and the Digital Operational Resilience Act (DORA). These new regulations impose higher security standards for digital infrastructures and empower small and medium-sized enterprises that are often less equipped.

"Our country is among the most affected in Europe. Attacks are becoming increasingly aggressive, and ransomware poses the greatest threat to the productive sector.  In this scenario, cooperation with structured operators is essential. Initiatives such as the HyperSoc platform, developed according to defined requirements with the support of various private entities, aim precisely at sharing technical data and high-value risk indicators quickly and effectively,” said Gianluca Galasso, director of the Operations Service of the National Cybersecurity Agency.