Palermo Municipality Cyberattack Still Affecting CitizensAttack Ongoing for at Least 5 Days; Affected Systems Shut Down, Isolated
A cyberattack on the municipality of Palermo, which began on Thursday, reportedly continues to cripple the southern Italian city on Tuesday.
The attack forced the municipality to "cautiously shut down [the affected systems] and isolate [them] from the network," Paolo Petralia Camassa, Palermo's councilor for innovation, says. "Activities are underway to assess the nature and consequences of the accident. The services are currently unavailable and inconvenience may occur in the coming days for which we apologize in advance," according to the translation of Camassa’s Facebook post.
The attack reportedly has affected municipal police systems, the city's administration website, its camera systems and other services at the city's restricted traffic area intended to preserve historic monuments. The systems, which were still offline on Tuesday, affected services for both citizens and tourists alike, the report says.
The region appears to have returned to a "pre-digital era," using faxes and private networks for communication, says a news report by Giornale di Sicilia, an Italian news website.
A media report from Cybersecurity360 says that the attack has likely affected the storage and retrieval of sensitive data and documents, such as certificates of family status, birth, marriage and residence, and documents for change of domicile.
Restoration in Progress?
SISPI, the information technology firm responsible for the city's computer systems, was working toward restoration of the IT services, the Facebook post from Camassa said.
"SISPI has already set up a technical team to manage the event and the necessary measures have been put in place to remedy possible violations of personal data, and communications are being made to the competent authorities. Any updates will be announced with subsequent communications," Camassa's translated post said.
There have been no updates on the matter since then. Neither SISPI nor Camassa responded to Information Security Media Group's request for additional details.
'Tell the World'
The municipality of Palermo has not yet ascertained the nature of the attack, no ransom claims have been made so far, and the investigation has not revealed evidence of data theft or encryption, Cybersecurity360 says in its report.
It appears that the Palmero administration has not yet determined whether the attack was ransomware or DDoS, or who the attackers are, says Prabeer Sarkar, a leading cybersecurity pioneer in Bangladesh and the founder and CEO of Dhaka Distributions, a cybersecurity company based in Dhaka. Palermo, Sarkar tells ISMG, has carried out the "obvious" mitigation measure of "switching off the entire IT system, which runs nearly all the services catering to the residents and tourists."
Sarkar says Palermo must "tell the world" how the attack happened, what the impact was, how it intends to carry out incident response and restore services, and what prevention measures it will take. "That can save many a city around the globe," Sarkar says.
Is Killnet Responsible?
In May a pro-Russian group called Killnet declared war on 10 countries, including Italy. In the aftermath of an attack on Eurovision the same month, the group said the incident had falsely been attributed to the group, but added that Italy would soon be the victim of more attacks. Killnet said that the intent of the attacks would be to improve the country's cyber skills (see: Italian Police Repel Online Attempt to Disrupt Eurovision).
The website for Italy's Computer Security Incident Response Team is also currently inaccessible, and is unclear if this is a result of the ongoing cyberattack.
On May 31, Killnet posted on Telegram, telling the "fake Italian government" that CSIRT has "excellent specialists," who deserve a salary hike of "several thousand dollars." The relationship between this message, the CSIRT's inaccessibility and the Palermo cyberattack is currently unclear.