Solutions
Go Back

Make Security Possible

Reduce Alert Noise and False Positives

Boost your team's productivity by cutting down alert noise and false positives.

Automate Security Operations

Boost efficiency, reduce burnout, and better manage risk through automation.

Dark Web Monitoring

Online protection tuned to the need of your business.

Maximize Existing Security Investments

Improve efficiencies from existing investments in security tools.

Beyond MDR

Move your security operations beyond the limitations of MDR.

Secure with Microsoft 365 E5

Boost the power of Microsoft 365 E5 security.

Force-Multiply Your Security Operations

Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Security Operations Platform
Go Back

The GreyMatter Platform

Detection Investigation Response

Modernize Detection, Investigation, Response with a Security Operations Platform.

Threat Hunting

Locate and eliminate lurking threats with ReliaQuest GreyMatter

Threat Intelligence

Find cyber threats that have evaded your defenses.

Model Index

Security metrics to manage and improve security operations.

Breach and Attack Simulation

GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.

Digital Risk Protection

Continuous monitoring of open, deep, and dark web sources to identify threats.

Phishing Analyzer

GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.

Unify and Optimize Your Security Operations

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Explore the GreyMatter Platform
Resources
Go Back

Resources

Blog

Company Blog

Case Studies

Brands of the world trust ReliaQuest to achieve their security goals.

Data Sheets

Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.

eBooks

The latest security trends and perspectives to help inform your security operations.

Industry Guides and Reports

The latest security research and industry reports.

Podcasts

Catch to the latest cybersecurity perspectives, tutorials and industry discussions with various guest speakers.

Solution Briefs

A deep dive on how ReliaQuest GreyMatter addresses security challenges.

Threat Advisories

The latest threat research report from ReliaQuest Photons research team.

Upcoming & On-Demand Webinars

Upcoming and on-demand webinars addressing the latest challenges and solutions security analysts must know.

White Papers

The latest white papers focused on security operations strategy, technology & insight.

Videos

Current and future SOC trends presented by our security experts.

ReliaQuest Resource
Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

We bring our best attitude, energy and effort to everything we do, every day, to make security possible.

Executive Leadership

Security is a team sport.

Careers

Join our world-class team.

Press and Media Coverage

ReliaQuest newsroom covering the latest press release and media coverage.

Become a Channel Partner

When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.

Contact Us

How can we help you?

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Generic selectors

Exact matches only

Exact matches only

Search in title

Search in title

Search in content

Search in content

Search in excerpt

Post Type Selectors
Hidden

Hidden

Hidden

Hidden

Back to blog

Threats to the Upcoming Italian Elections

admin 22 February 2018

Cybercrime and Dark Web Research

On 5 March Italian citizens will vanno alle urne to vote in a general election, following the dissolution of the Italian Parliament by President Sergio Mattarella on 28 December 2017. Italy has been led by a caretaker government under the leadership of Democratic Party (PD) foreign minister Paolo Gentiloni since the resignation of former Prime Minister Matteo Renzi. Renzi stepped down following the loss of a referendum on constitutional reforms in December 2016.

This March will see the use of a new electoral system, one designed to favor coalitions by requiring the governing party to gain over 40% of the vote, thus making it harder for a single party to win a majority in Italy’s notoriously divided parliament. No party has yet polled above 40%, with a centre-right alliance formed by Silvio Berlusconi currently polling at approximately 35%.

Under the growing cloud cast by reports of network intrusions against political parties during the 2016 United States presidential election, as well as claims of a Kremlin-backed influence campaign in favour of the Front National in the French elections, political events are coming under more and more scrutiny for nefarious activity. In this blog we will assess the confirmed examples of cyber attacks that we have observed, and look back at activity seen during previous elections to forecast the type of activity we can expect. This includes hacktivism, network intrusions, data leaks and disinformation.

1. Hacktivism

Hacktivist actors are most often motivated by public attention, either for themselves, or the issues they claim to represent. Hacktivist attacks generally take the form of denial of service (DoS) attempts, website defacements, and the curation of open source data to appear like a data leak. The Anonymous collective has had an ongoing #OpItaly campaign since January 2017, when Italian law enforcement arrested two individuals charged with cyber espionage against politicians, public institutions, and commercial entities. The activities of the group have not yet targeted political parties, but may use the publicity surrounding the elections as a platform to gain public attention.

Further factions of the collective, such as the Italian hacktivist group AnonPlus, have specifically targeted the elections, releasing personally identifiable information of regional PD members and defacing PD websites. However, their impact so far has been limited, and is unlikely to have any lasting impact on the elections themselves: the ‘leaked’ was already available on open sources, and their websites defacements did not cause any persistent disruption.

More sophisticated threat actors have targeted the Rousseau platform used by far-right party Movimento5Stelle (M5S). #Hack5Stelle is a campaign focused on leaking names, passwords, and datasets associated to the platform, and motivated by both financial and political motives.

Figure 1: Twitter account offering allegedly hacked Movimento5Stelle database for sale

Figure 2: Landing page for the Rousseau platform

2. Network Intrusions

Actors may seek to target political parties or government organizations in order to exfiltrate sensitive data for use in political campaigns. Given alleged Russian involvement in the network intrusions against the Democratic party in the US, and the signing of a collaboration agreement between far-right party Lega Nord and Vladimir Putin’s United Russia party, it is plausible that a similar threat may be present during the Italian elections. Fraught current relations between Russia, NATO, and the EU, combined with the Lega Nord’s anti-EU platform means that the Italian elections are likely to present a target for Russian espionage campaigns. Furthermore, large financial institutions may be targeted given the focus on the economy and currency in this year’s election.

Social engineering and spear phishing remain the most successful attack vectors for network intrusions, and this is unlikely to change for the Italian elections.

3. Data leaks

While a number of activist groups have leaked open source databases of local political parties, a more sophisticated threat actor could release sensitive or confidential information in order to bias political opinion. Such information can be obtained in a number of ways and be used by a variety of threat actors, including both ideologically motivated individuals and nation state groups. Phishing and social engineering attempts, network intrusions, and document theft from insiders are all ways in which threat actors may seek to obtain such data. We detected no data leak campaigns relating to the Italian elections at the time of writing.

4. Disinformation

False media reporting, also known as the fake news phenomenon, is being increasingly used by threat actors to sway or alter public political opinion. Such activity uses a wide variety of platforms, including legitimate or spoof social media accounts such as Facebook and Twitter, and interweaves both legitimate and exaggerated or false reporting. During the French elections, we observed a claim of plagiarism, as a spoofed websites of legitimate Belgian newspaper LeSoir published articles alleging that Saudi Arabia was financing Emmanuel Macron’s campaign. We outlined the easy availability of such tools in our previous report, The Business of Disinformation.

Although no legitimate newspapers have claimed plagiarism during the Italian elections, a number of Twitter accounts related to Wikileaks Italy (@Wikileaks_Ita – to which the main Wikileaks account has denied any official association), have been tweeting news relating to the current Eni bribery investigations. The account uses a combination of real news reports and rumours to allege former Prime Minister Renzi’s involvement with criminal activities. Although Renzi is not standing in this election, such an allegation has a reputational impact for the PD, Renzi’s party.

Figure 3: Twitter account impersonating WikiLeaks used to spread articles on corruption investigations

Furthermore, fake accounts on Twitter and Facebook used in the referendum campaign in 2016 have been reanimated in support of Matteo Salvini, leader of the Lega Nord. A number of automated accounts have been linked to the party’s official Twitter feed, @LegaSalvini. Although these bots have not been used to publicize fake news, they have been used to bias or promote political opinions by artificially inflating the support and publicity accorded to Salvini.

Figure 4: Examples of Twitter bots all used to publish the same posts in support of Matteo Salvini

E allora?

Despite ongoing concern surrounding elections, it is unlikely that outside threat actors will seek to interfere in an already chaotic process. Unlike elections in France and Germany in 2017, the Italian electoral process is much more obscure, and the proliferation of smaller parties makes it difficult to definitively outline where an influence campaign could add value. Similarly, it is difficult to understand which party any external threat actor would seek to influence, as none are likely to gain a clear lead, and all have made varying conflicting and public statements about the parties with whom they would be willing to cooperate.

The most likely threat comes from internal hacktivist campaigns: in addition to defacement attacks, groups may seek to conduct DDoS attacks against election infrastructure or to deface official websites, hindering the voting process.

While the scenarios above remain unclear, organizations can help protect themselves against many of the techniques and threats described above. Mitigation measures include:

Providing adequate training for staff regarding the threat from spear phishing and social engineering attacks. This will mitigate against the most likely, but not the only, attack vectors for network intrusion and public data leaks.
Properly securing public facing applications and tracking activist campaigns.
Enforcing strong password security practices to reduce the likelihood of account takeovers.
Remaining skeptical about reported statistics and stories.

Subscribe to our weekly newsletter to get the threat intelligence and research by Digital Shadows (now ReliaQuest).