{"id":3878,"date":"2025-11-25T15:41:50","date_gmt":"2025-11-25T15:41:50","guid":{"rendered":"https:\/\/phishia.fr\/?p=3878"},"modified":"2025-11-25T16:03:52","modified_gmt":"2025-11-25T16:03:52","slug":"come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico","status":"publish","type":"post","link":"https:\/\/phishia.fr\/it\/blog\/sorveglianza\/come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico\/","title":{"rendered":"Come la CTI avrebbe potuto prevenire un attacco informatico"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3878\" class=\"elementor elementor-3878\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ef1ccb0 e-flex e-con-boxed e-con e-parent\" data-id=\"ef1ccb0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5dac292 elementor-widget elementor-widget-text-editor\" data-id=\"5dac292\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Quando una grande organizzazione pubblica (citt\u00e0, ospedale, metropoli, ecc.) subisce un attacco informatico massiccio, l'impressione dominante \u00e8 spesso :<\/p><p>\u201cCi sono caduti addosso tutti insieme, non ce ne siamo accorti\u201d.\u201d<\/p><p>Tranne che nella realt\u00e0,\u00a0<strong>un attacco importante non inizia quasi mai alle 9 del mattino di luned\u00ec<\/strong>.<br \/>Settimane - a volte mesi - prima dell'attacco finale,\u00a0<strong>l'attivit\u00e0 intorno all'organizzazione \u00e8 in forte aumento sul dark web<\/strong>\u00a0:<\/p><ul><li>identificativi rubati,<\/li><li>Accesso VPN in vendita,<\/li><li>discussioni private tra criminali informatici,<\/li><li>test di accesso su diversi portali.<\/li><\/ul><div>\u00a0<\/div><p>Con una vera e propria\u00a0<strong>Informazioni sulle minacce informatiche (CTI)<\/strong>, questi segnali possono essere visti, analizzati... e\u00a0<strong>trasformati in azioni di difesa<\/strong>\u00a0prima che le cose sfuggano di mano.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d90f733 e-flex e-con-boxed e-con e-parent\" data-id=\"d90f733\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8be2ce9 elementor-widget elementor-widget-heading\" data-id=\"8be2ce9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Prima dell'attacco: quando il dark web diventa inquieto<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dc3e04d e-flex e-con-boxed e-con e-parent\" data-id=\"dc3e04d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-65cc3b0 elementor-widget elementor-widget-text-editor\" data-id=\"65cc3b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Prendiamo il caso tipico di una grande autorit\u00e0 o organizzazione locale colpita da un ransomware:<\/p>\n<p><strong style=\"background-color: transparent;\">Mesi prima: prime perdite discrete<\/strong><\/p>\n<p>Nelle liste trapelate e su alcuni forum :<\/p>\n<ul>\n<li>da&nbsp;<strong>indirizzi e-mail interni<\/strong>&nbsp;associati alle password,<\/li>\n<li>conti collegati ai portali aziendali,<\/li>\n<li>accesso tecnico (VPN, RDP, ecc.) venduto a prezzi bassi.<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<p>In questa fase, l'organizzazione non \u00e8 ancora un \u201cobiettivo prioritario\u201d, ma \u00e8 sul radar degli aggressori:<br>ha alcuni dati interessanti e&nbsp;<strong>le porte cominciano ad aprirsi<\/strong>.<\/p>\n<p><strong style=\"background-color: transparent;\">Poche settimane prima: aumento netto dell'attivit\u00e0<\/strong><\/p>\n<p>Gradualmente, l'attivit\u00e0 legata al nome del dominio o agli indirizzi dell'organizzazione&nbsp;<strong>aumenta bruscamente<\/strong>&nbsp;:<\/p>\n<ul>\n<li>pi\u00f9 menzioni nei database delle perdite,<\/li>\n<li>altri identificatori testati o messi in vendita,<\/li>\n<li>discussioni mirate sui suoi servizi (come il portale agenti e gli account amministrativi).<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8f0c4e elementor-widget elementor-widget-image\" data-id=\"c8f0c4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1024x576.png\" class=\"attachment-large size-large wp-image-3880\" alt=\"\" srcset=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1024x576.png 1024w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-300x169.png 300w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-768x432.png 768w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-1536x864.png 1536w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1-18x10.png 18w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Menu-deroulant-site-3-1.png 1920w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dc1625d e-flex e-con-boxed e-con e-parent\" data-id=\"dc1625d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4fe2a9b elementor-widget elementor-widget-text-editor\" data-id=\"4fe2a9b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Possiamo vedere chiaramente un\u00a0<strong>salto dalla solita \u201clinea base<\/strong>.<br \/>Per un occhio CTI, \u00e8 una bandiera rossa:<\/p><p>\u201cQualcuno \u00e8 molto pi\u00f9 interessato a questa organizzazione del solito\u201d.\u201d<\/p><p><strong style=\"background-color: transparent;\">Poco prima dell'attacco: accesso pronto all'uso<\/strong><\/p><p>Nei giorni precedenti l'attacco :<\/p><ul><li>alcuni accessi sono testati (connessione ai portali, verifica degli identificatori),<\/li><li>I \u201cbroker di accesso\u201d rivendono porte d'ingresso affidabili,<\/li><li>I gruppi di ransomware stanno iniziando a farsi sentire.<\/li><\/ul><div>\u00a0<\/div><p>Quando finalmente inizia l'attacco,\u00a0<strong>il lavoro preparatorio \u00e8 terminato da tempo<\/strong>.<br \/>La crittografia dei sistemi \u00e8 solo l'ultimo passo.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-50f30a9 e-flex e-con-boxed e-con e-parent\" data-id=\"50f30a9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e011edd elementor-widget elementor-widget-heading\" data-id=\"e011edd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cosa avrebbe visto una sorveglianza CTI ben strutturata<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8a9a2d5 e-flex e-con-boxed e-con e-parent\" data-id=\"8a9a2d5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f555797 elementor-widget elementor-widget-text-editor\" data-id=\"f555797\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Con una reale capacit\u00e0 CTI, questo scenario non sembra pi\u00f9 una sorpresa.<br \/>In concreto, il CTI :<\/p><p><strong>Monitoraggio continuo delle fonti utili<\/strong> Questi includono il web \u00abclassico\u00bb, il deep web (spazi privati, canali criptati), il dark web (forum chiusi, marketplace, gruppi privati) e i database pubblici o semi-privati per la fuga di dati.<\/p><p>L'obiettivo:\u00a0<strong>Segnalate tutto ci\u00f2 che riguarda la vostra organizzazione<\/strong><br \/>(nomi di dominio, indirizzi e-mail, marchi, IP noti, portali principali, ecc.).<\/p><p data-start=\"0\" data-end=\"300\"><strong>Qualificare ci\u00f2 che viene fuori: <\/strong>non si tratta di dire \u201cabbiamo trovato qualcosa\u201d, ma di distinguere ci\u00f2 che \u00e8 veramente grave: un identificatore generico scaduto ha un impatto limitato, mentre un account VPN valido con diritti estesi o un account di amministratore su un portale interno critico \u00e8 quanto di pi\u00f9 critico possa esistere.<\/p><p data-start=\"302\" data-end=\"474\" data-is-last-node=\"\" data-is-only-node=\"\">Per ogni evento viene assegnata una criticit\u00e0 in base alla sensibilit\u00e0 dell'accesso, alla sua portata funzionale e al suo potenziale di sfruttamento da parte di un attaccante.<\/p><p data-start=\"0\" data-end=\"314\"><strong>Evidenziare le tendenze:<\/strong>\u00a0\u00e8 proprio quello che <strong>CTI<\/strong> Invece di trattare ogni fuga di notizie come un caso isolato, traccia il volume delle fughe di notizie legate alla vostra organizzazione, identifica picchi di attivit\u00e0 insoliti e rileva discussioni ripetute sull'accesso o sui sistemi.<\/p><p data-start=\"316\" data-end=\"557\" data-is-last-node=\"\" data-is-only-node=\"\">\u00c8 qui che entra in gioco il famoso \u201cprima e dopo\u201d: un livello di rumore normale e relativamente stabile, seguito da un periodo di agitazione anomala prima dell'attacco, che segnala un'escalation del rischio e ci permette di anticipare piuttosto che subire.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8ea364f e-flex e-con-boxed e-con e-parent\" data-id=\"8ea364f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2f9f761 elementor-align-center elementor-tablet-align-center elementor-widget elementor-widget-button\" data-id=\"2f9f761\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/phishia.fr\/it\/cti\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Consulta la nostra offerta CTI Phishia<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7810ddc elementor-widget elementor-widget-heading\" data-id=\"7810ddc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cosa fa concretamente Phishia nell'ambito di un approccio CTI<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a3914fa e-flex e-con-boxed e-con e-parent\" data-id=\"a3914fa\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8afda65 elementor-widget elementor-widget-text-editor\" data-id=\"8afda65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"149\" data-end=\"386\">Nel <strong data-start=\"169\" data-end=\"180\">Phishia<\/strong>, Non ci limitiamo a \u201cguardare il dark web\u201d. Applichiamo un approccio strutturato per <strong data-start=\"272\" data-end=\"299\">vedere attacchi in arrivo<\/strong> e aiutare <strong data-start=\"311\" data-end=\"329\">reagire in tempo<\/strong>, prima che l'incidente si trasformasse in una grave crisi.<\/p><p data-start=\"388\" data-end=\"519\">Nel caso di un attacco che paralizzi una grande comunit\u00e0 o un ospedale, una <strong data-start=\"470\" data-end=\"503\">CTI davvero in funzione<\/strong> avrebbe permesso :<\/p><ul data-start=\"521\" data-end=\"1284\"><li data-start=\"521\" data-end=\"728\"><p data-start=\"523\" data-end=\"728\"><strong data-start=\"523\" data-end=\"544\">Allarme precoce<\/strong> : non appena si verificano le prime perdite veramente evidenti (<strong data-start=\"592\" data-end=\"654\">account critici, accesso VPN valido, credenziali di amministrazione<\/strong>...), quando l'attivit\u00e0 intorno all'organizzazione non rientra nell'intervallo normale.<\/p><\/li><li data-start=\"729\" data-end=\"1007\"><p data-start=\"731\" data-end=\"1007\"><strong data-start=\"731\" data-end=\"765\">Adottare misure mirate<\/strong> reimpostare le password, invalidare i token, <strong data-start=\"829\" data-end=\"867\">autenticazione avanzata<\/strong> (MFA, restrizioni geografiche, filtraggio IP), verifica dei portali esposti, <strong data-start=\"951\" data-end=\"988\">verifica rapida degli accessi menzionati<\/strong> nelle perdite.<\/p><\/li><li data-start=\"1008\" data-end=\"1284\"><p data-start=\"1010\" data-end=\"1284\"><strong data-start=\"1010\" data-end=\"1051\">Da \u201creattivo\u201d a \u201cpreventivo\u201d.\u201d<\/strong> Tra questi, l'interruzione o lo stretto monitoraggio degli accessi compromessi e il controllo degli account pi\u00f9 sensibili, <strong data-start=\"1157\" data-end=\"1201\">Preparare il reparto IT, il CISO e la direzione.<\/strong> a un rischio maggiore piuttosto che scoprire la falla dopo che i server sono stati crittografati.<\/p><\/li><\/ul><p data-start=\"1286\" data-end=\"1508\" data-is-last-node=\"\" data-is-only-node=\"\">Non possiamo promettere che <strong data-start=\"1315\" data-end=\"1332\">qualsiasi attacco<\/strong> sarebbe stato impedito a 100 %, ma una CTI ben sfruttata <strong data-start=\"1390\" data-end=\"1410\">riduce notevolmente<\/strong>la probabilit\u00e0 di successo, <strong data-start=\"1437\" data-end=\"1468\">limita l'entit\u00e0 del danno<\/strong>... ed evitare l'effetto sorpresa generale.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Lorsqu\u2019une grande organisation publique (ville, h\u00f4pital, m\u00e9tropole\u2026) subit une cyberattaque massive, l\u2019impression dominante est souvent : \u201cIls nous sont tomb\u00e9s dessus d\u2019un coup, on ne pouvait pas le voir venir.\u201d Sauf que dans la r\u00e9alit\u00e9,\u00a0une attaque majeure ne commence presque jamais le lundi \u00e0 9h.Des semaines \u2013 parfois des mois \u2013 avant l&rsquo;attaque finale,\u00a0l\u2019activit\u00e9 autour [&hellip;]<\/p>","protected":false},"author":3,"featured_media":3884,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[24],"tags":[],"class_list":["post-3878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-surveillance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phishia.fr\/it\/blog\/sorveglianza\/come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia\" \/>\n<meta property=\"og:description\" content=\"Lorsqu\u2019une grande organisation publique (ville, h\u00f4pital, m\u00e9tropole\u2026) subit une cyberattaque massive, l\u2019impression dominante est souvent : \u201cIls nous sont tomb\u00e9s dessus d\u2019un coup, on ne pouvait pas le voir venir.\u201d Sauf que dans la r\u00e9alit\u00e9,\u00a0une attaque majeure ne commence presque jamais le lundi \u00e0 9h.Des semaines \u2013 parfois des mois \u2013 avant l&rsquo;attaque finale,\u00a0l\u2019activit\u00e9 autour [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phishia.fr\/it\/blog\/sorveglianza\/come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico\/\" \/>\n<meta property=\"og:site_name\" content=\"Phishia\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T15:41:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-25T16:03:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"912\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"},\"author\":{\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\"},\"headline\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque\",\"datePublished\":\"2025-11-25T15:41:50+00:00\",\"dateModified\":\"2025-11-25T16:03:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"},\"wordCount\":950,\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"articleSection\":[\"Surveillance\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\",\"name\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"datePublished\":\"2025-11-25T15:41:50+00:00\",\"dateModified\":\"2025-11-25T16:03:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#primaryimage\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg\",\"width\":1600,\"height\":912},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/phishia.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Surveillance\",\"item\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/category\\\/surveillance\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Comment la CTI aurait pu emp\u00eacher une cyber-attaque\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"name\":\"Phishia\",\"description\":\"Cabinet de Conseil IT, Cybers\u00e9curit\u00e9, Durabilit\u00e9\",\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/phishia.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\",\"name\":\"Phishia\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"width\":512,\"height\":128,\"caption\":\"Phishia\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/phishia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\",\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Come la CTI avrebbe potuto prevenire un attacco informatico - Phishia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phishia.fr\/it\/blog\/sorveglianza\/come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico\/","og_locale":"it_IT","og_type":"article","og_title":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque - Phishia","og_description":"Lorsqu\u2019une grande organisation publique (ville, h\u00f4pital, m\u00e9tropole\u2026) subit une cyberattaque massive, l\u2019impression dominante est souvent : \u201cIls nous sont tomb\u00e9s dessus d\u2019un coup, on ne pouvait pas le voir venir.\u201d Sauf que dans la r\u00e9alit\u00e9,\u00a0une attaque majeure ne commence presque jamais le lundi \u00e0 9h.Des semaines \u2013 parfois des mois \u2013 avant l&rsquo;attaque finale,\u00a0l\u2019activit\u00e9 autour [&hellip;]","og_url":"https:\/\/phishia.fr\/it\/blog\/sorveglianza\/come-la-cti-avrebbe-potuto-prevenire-un-attacco-informatico\/","og_site_name":"Phishia","article_published_time":"2025-11-25T15:41:50+00:00","article_modified_time":"2025-11-25T16:03:52+00:00","og_image":[{"width":1600,"height":912,"url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","type":"image\/jpeg"}],"author":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#article","isPartOf":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"},"author":{"name":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528"},"headline":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque","datePublished":"2025-11-25T15:41:50+00:00","dateModified":"2025-11-25T16:03:52+00:00","mainEntityOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"},"wordCount":950,"publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","articleSection":["Surveillance"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/","url":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/","name":"Come la CTI avrebbe potuto prevenire un attacco informatico - Phishia","isPartOf":{"@id":"https:\/\/phishia.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","datePublished":"2025-11-25T15:41:50+00:00","dateModified":"2025-11-25T16:03:52+00:00","breadcrumb":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#primaryimage","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/AZq7NbwJ_an2-dKLHVH-Cw-AZq7NbwJoqsonIKnlyRjIg.jpg","width":1600,"height":912},{"@type":"BreadcrumbList","@id":"https:\/\/phishia.fr\/blog\/surveillance\/comment-la-cti-aurait-pu-empecher-une-cyber-attaque\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/phishia.fr\/"},{"@type":"ListItem","position":2,"name":"Surveillance","item":"https:\/\/phishia.fr\/blog\/category\/surveillance\/"},{"@type":"ListItem","position":3,"name":"Comment la CTI aurait pu emp\u00eacher une cyber-attaque"}]},{"@type":"WebSite","@id":"https:\/\/phishia.fr\/#website","url":"https:\/\/phishia.fr\/","name":"Phishia","description":"Consulenza informatica, sicurezza informatica, sostenibilit\u00e0","publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phishia.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/phishia.fr\/#organization","name":"Phishia","url":"https:\/\/phishia.fr\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","width":512,"height":128,"caption":"Phishia"},"image":{"@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/phishia\/"]},{"@type":"Person","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528","name":"Enzo Debosque, consulente junior di CyberSecurity"}]}},"_links":{"self":[{"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/posts\/3878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/comments?post=3878"}],"version-history":[{"count":27,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/posts\/3878\/revisions"}],"predecessor-version":[{"id":3976,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/posts\/3878\/revisions\/3976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/media\/3884"}],"wp:attachment":[{"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/media?parent=3878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/categories?post=3878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phishia.fr\/it\/wp-json\/wp\/v2\/tags?post=3878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}