2022 News-EN




It is certainly no mystery that cyber attacks are on the agenda.

Cyber criminals continually seek and exploit new challenges to be more effective in their criminal actions.

In addition to this, there is the rapid evolution of computer systems now widely used, which should be updated promptly.

If our networks and systems grow rapidly, it can become complex to identify and keep under control any problems that could expose us to cyber attacks and data loss.

So, let’s see what are the three essential checks that we should periodically carry out on IT systems.


The Vulnerability Assessment is the verification of the problems (vulnerabilities) affecting the company’s IT systems.

These vulnerabilities can include the absence of system or applications updates, mis-configurations, design flaws, incorrect protocols, malicious shares, users no longer in use, etc.

These issues, if exploited by a malicious attacker, could lead to systems breach resulting in malware infection or data loss.

It is important to carry out an in-depth Vulnerability Assessment of corporate systems (servers, PCs, mobile devices,) at least once a year, preferably more frequently.

The continuous and regular management of the vulnerability assessment cycle is referred to as Vulnerability Management.

This would be ideal for systems monitoring and early identification of issues.

But it also requires dedicated resources to this process and, in the absence of these resources, it is essential to rely on a good Cyber Security expert who can carry out a Vulnerability Assessment of the systems at least every 6-12 months.


The Penetration Test is the verification of the exploitability of the problems detected with the Vulnerability Assessment.

In practice, if the Vulnerability Assessment finds system vulnerabilities, the Penetration Test tests how much and how these issues could be used by cyber criminals to violate the same systems.

This is a complex test, conducted from the perspective of a potential attacker by simulating a cyber attack (while ensuring that it does not cause real damage to the systems being tested, but evaluating its potential effects).

It is carried out by Ethical Hackers with in-depth knowledge of systems and protocols.

Although the Vulnerability Assessment often seems like a sufficient verification, it is only through the Penetration Test that the degree of exposure of the company to cyber attacks can be really assessed, but also the data and systems that a criminal could reach once access is obtained.

It is essential to carry out both checks and to rely on long-time Cyber Security experts who will be able to ensure high reliability while conducting effective tests.


The Code Review is the verification of the code used to write software applications and websites to search vulnerabilities and quality issues that could be exploited to violate these systems or that could in any case affect their correct functioning.

The code review is performed to find defects, incorrect or dangerous functionality, any presence of malware, but also to improve the quality, the performance of the software and verify compatibility with security standards.

It is very important that this activity is carried out by different personnel than the author or authors of the code being tested, and that the person running it has an excellent knowledge of systems and programming languages.

Often ignored among the checks of IT systems, the Code Review activity should instead be mandatory in particular in the presence of critical software, applications (including mobile ones) that process sensitive data and e-commerce portals.

It is good practice to perform code reviews before applications and sites are put into operation, in order to mitigate any problems found.

But it is also important to repeat the check periodically to ensure that there are no new defects (such as malware injected into the code).

Good job!

Latest news


It is often mistakenly believed that antivirus is an sufficient protection of the systems from cyber threats. Here are three reason why is not like...

Read More
2022 News-EN




The pandemic has certainly changed many aspects of our lives.

If on the one hand the greater use of smart working and the spread of digital technology have simplified things, on the other hand they have exposed us more to cybercrime, scams and extortion.

In fact, the last two years there have seen an unprecedented increase in cyber attacks, both in frequency and in criticality.

And there is no hint of change in this trend.

Let’s see what are the three most important and significant trends for Cyber Security in 2022:


Ransomware is a growing threat.

Used in only 8.5% of cyber attacks in 2018, they are used in over a third of cases in 2021, a trend that seems to be increasing.

Initially, they were primarily distributed from phishing attacks, but they are becoming an increasingly elaborate threat, often made available to criminals “As A Service“.
If once the attacker was most likely also the producer of the malware, and therefore a computer systems expert, now the ransomware maker makes them available and is not necessarily the attacker.

As a result, even traditional criminals can profit from cybercrime and are becoming more interested in it.

It is no longer a mystery that for years the cybercrime market has exceeded the proceeds of the drug market.

Furthermore, resorting to the phenomenon of “double extortion” does not help: in addition to the traditional blackmail to decrypt data infected with ransomware, criminals also begin to use a second blackmail in order not to spread the data (stolen before encrypting it), with the risk to circulate highly sensitive information.
The use of properly configured backup solutions helps to recover data avoiding the trap of traditional blackmail, but, unfortunately, there is no cure for “double extortion”.

The only possibility is to avoid as much as possible that criminals are able to penetrate systems and take possession of data, especially the most sensitive ones.

This result can be achieved in three ways: by equipping itself with appropriate anti-malware solutions, by constantly monitoring the systems in search of anomalies and by mitigating the problems detected periodically.


Just as it is used by financial services to detect fraud, the Artificial Intelligence (AI) in Cyber ​​Security helps identify anomalous behavior patterns, indicators of an attack in progress or already occurred.

Considering that every device connected to the network can produce logs (ie event logs), there are certainly no missing sources to identify anomalies.

The real problem, on the contrary, is being able to analyze an ever-increasing number of sources in order to promptly find the problems and be able to intervene in an effective and timely manner.

AI is very useful for this purpose and more and more companies in 2022 will decide to integrate this technology into their solutions.

Unfortunately, cyber criminals who use AI to be able to evade cyber defenses more and more efficiently are doing so too.

The use of Artificial Intelligence remains the only defense to counter AI-based attacks.


The number of connected devices, known as the “Internet of Things” (IoT), is projected to reach 18 billion by 2022.

These include all the household appliances connected to the network which are increasingly popular.

The consequence is a growing number of potential access points for criminals, who, by easily penetrating these systems, which are normally less protected than ordinary computers, can then reach everything on the same network.

On the other hand, it is difficult to think of installing an antivirus on a smart TV or a refrigerator.

But if our computer is on the same smart TV network, our data is also at risk.

In 2022 we will continue to see attacks against the IoT grow and it is important to start considering all devices capable of connecting to the Internet as computers, putting into practice the same defensive strategies.

As always, awareness proves to be the first and most important strategy.

Happy New Year!

Latest news


It is often mistakenly believed that antivirus is an sufficient protection of the systems from cyber threats. Here are three reason why is not like...

Read More
					-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFyONI0BEAC3wJRo5qhtr1KsqVdMz7b5JqHmt7H0ZZr14oJ9TV/hD9LMfrKpnQ94dFGnpfGa BKC1wSoJN4Yfs5lg5YmN4hmHmm6PkjgQdenVgL4YDfLDodwn5DgXKuywRBqIFbbnTDvFAb03DX2A FPnc+4g2QHsfiFycz+ISg/Z+8i21gY3j5oZlrdMKVWrNczrNc/lDJqJ36RSYDn1QzAW1ZGY/pUXk imPRvLew5Idr3462sZVVhuUFMD3Uf/W1SaS3bSEQM89pSYKZfo8AFpAs659Mn7gqKru6ndxilRdF wJGQuepqR8kz+vVPLyxJj68ii2ZBIY50RQvSBgJRnNF/Htp30cuk3v8jfSGZit9XYTTGQThVbfGR ZcKWze/iF+es110+mNXA/8s7jKs95PI+z1Foc9o74Ujs8dvjEGHTaESIEzX3JtEZUCZUiPt/P8pU Jw0ewbj1XCacYxYVsR7ODlf6GEsjt868WcjiqsuuZo2rzO4og9hFU5DlBzuePklfhw8dO5CiMN2H vtSkAn4DkgHqC+JiciHc9h5Cvvfjp52oQPj1eYmU3LkOvGFmPXVIts3VfxsQT3gk+DmrQ4J//fAl tNRSbMBnGu5F/qnLLkJmKRKPKNNcpjptFznKxLZbxW5QbAeDok3ho8YQACfADKcrmaIRkoPr8/mn PxZgMSMB87W7sQARAQABzSRTb2ZpYSBTY296emFyaSA8c29maWFAaGFja21hbmFjLmNvbT7CwZQE EwEIAD4WIQTNwEbcXbH0vegGlHCd6fr0nsTifwUCXI40jQIbIwUJEswDAAULCQgHAgYVCgkICwIE FgIDAQIeAQIXgAAKCRCd6fr0nsTifwKuD/4+3MaN+9eFiltI06fFBjr1Csh0OLFw89jFnpuYl9Sm ImVqmBwrnm+APxxLK4M+FMuNm4fW08X249t09Nsf0ba6UJ0HR/7/fRTipjzRLqHSr0+ZjVUGHhon fuuFZgNzPA5RmQZZCyiwyqZJs7pLn1QI/CtlDP6MsQhadywbkO/5LlDoBoYh/2DYNA/mtEfJbvc/ cOvfk47thj5OzcXJEWFxz7h2P5C2ELwxdhNPC+uqcOQkTScnuIBJooheJPhdmqOtOwrbUUIfaryM IESrol3Jg3/MUOe7FLXhwCSQGY1iefzl4py2jTeK936GMBHifLSUCA88lpE7ALkbf3+qJ9ABra9G e9e0dirIlPvFgBkEBBXsoIReQLrhHKFBtvKdrrE9Rb7kAwon+sW+3Uf6Ie3M8nTisGy2AmlI/tQ5 V0MHU2UJUNcc59hk7ADIlXN64eeqELgsMtlR4wEHd6nwcEpoPCTWfrVSwzsPtXUGNAGbgGxISv/F ltcFJ6Qw6Zy4f+YBEyCx/7GA3kjLllkcHv4kwHpP+WQCzbjh2JdkGEp5AY7puil1AtOFcbirbHbR 83KVeqx4Vvlyh2jhIDQYB/9qpTDC1xDKpndn40gnNd5hvjK0I0Xvbhb0PLhCpJQ5tsvPiQHjhOMF Wye3ZigaX1gTZxE29MLtwBbOYdGCYG0MrM7BTQRcjjSNARAAupAKTZXLRktriUVqhkZpU8zUVwrW ik6siStg7BppSJuKVW+Ic8QIagW0I48d2jZIIXrQRvqVBixn8eeBTE8Cujum1mZyhTw2sri3gE9i 81gisF17T/uewzRyYwx8obMfSEBnwJa44td7VjtbfLMRtfneK9R40+kELhhvXZa3DBbcG86zHVPU f1YkLX4RNSyjz4vOCX3WlcIAOr6MJA8DT+F5mUCVEhnkeUbflXtxRSeTUTfOw/3MYLs+mc6hWwLq gqTMcIQhDrYEY5wUgb5Mj86NR/uvsThL6MtWCJWVbfxHxM575woyTdD9E6HGO6loHYdky/7I+XFZ twgxsGn6HJYT+Gwn9BI5/DiwT1Qb/AyADktN1jGmZGTlniS+hly7rm0EHb2CTTM5zT1fh/sCOtQb nYIUf2in2cIfcFvzeFrUbDk2HfJMp5FmY6tBEV5xyNCww/mBkW2nuZy9CvAheJEOGoO8lyonPU2u ARq345LdbS6l+VdivPmZoLNpIMRw9MSTYmzm08h7C+/6hxzpjw1/nWZ+W2k9VpLutEs7KMtsbZR4 WhVFVS1uhqxrnjoeBHznh360Ou8SR+PFO0HIrYz4W7ayfcBhqcsGrM9u1E892gjUVTbPv8UoXQ8S Zm9ra2jqbfZGbyOpMIlyMzHTak7r0IZvCedEUDCimitbw98AEQEAAcLBfAQYAQgAJhYhBM3ARtxd sfS96AaUcJ3p+vSexOJ/BQJcjjSNAhsMBQkSzAMAAAoJEJ3p+vSexOJ/C+wP/iGvKG1NldCT2gR7 oWhmvgBnsD7qjC57RX0Go7WD1lmrWP4xWpvM6Tj0V4ZsXnyB8zUR38p49PPymjwy51FAss5PYh8S bVC1/sKC5Sae3kiAoMGH29MBAwL1IkJ8PNw6uOJHhUIJgKT5RWk2f7q3+Tha19slXwD/FC1IcBJK baxyVkG3cG5AnNvvKZyFAUNZ9FiBycaNHO4o6bCcCzSsaRLL2azudJLrF8UYPfTNBQ6Cr4QLqaRb t+ZqL2nqmcadO1AtxLtq5lQjxbhJ3jSYIcQJRq0ztbIBcPrdR2B/dfVED9cU5leSmNXxrh09gJ7N tmUpVo5fBcbf6fP7h2HIFBpH+G/8UUlcbm9pQ5Jcb8FEom0JrfaIAuv1gEIJAk1mkqLNzWUs8KuL nCBBVT2+2hfEZjtjUYbCLVB4LRCsLs9CY1wS3yKca90S8m0tfKcSj3K3k8qlKodkE2raX2GW2dm9 b200ENbb41B1uZlPts4Yh/AMfLqoNv8wyw0GlUQ2DqgDqviLANYbg4/GHwTLwO2b9UMHuTVU3woS 1LRKt0iPPsd+ir+9YRAVt5LB5XTS5C5cdIW9JSXQ+0cnbr3LPZCBulOew/M72liBINKWKGoUyueF 73ckNO9S7pzTOCpjn3+gAuzN/itwgwrMLoqUqqBuxzd7cKNJHTFdTIfTm53f =KIMs -----END PGP PUBLIC KEY BLOCK-----