“Cybercrime now earns more than the arms trade.” She explains it Giampaolo Dedolahead of the team Kaspersky which deals with Security Research. “The gangs of cybercriminals – explains Dedola – are now very structured and specialized in various cyber crimes. In the sense that there are those who steal passwords from companies and consumers and then resell them on the Dark Web to be used by others for various scams from digital identity theft to request loans in the name of others, to ransomware, i.e. theft of company data with ransom demand”.
An attack on companies can yield from 20 thousand to over 1 million euros
Over the past two years, the Kaspersky team has detected nearly 40,000 posts on the dark web regarding the sale of confidential company information. The result is that one company in three has already been the victim of a cyber attack which very often goes unreported. In practice, managers prefer to pay and resolve the situation immediately rather than stop production. And this is why 70% of companies, according to Kaspersky, now set aside funds to deal with a possible attack. In fact, the cybercriminal is well organized and asks for an amount proportional to the company’s turnover to ransom the data. Amount ranging from 20 thousand up to a million euros and more for larger organizations.
411 thousand new malware intercepted every day
The year that is about to end has seen a notable growth in attacks with an average of 411 thousand new malware intercepted daily by software installed by Kaspersky (+3% compared to 2022). The Russian cybersecurity company, widely used by the consumer sector, has its European center in Zurich and has recently created a Transparency Center in Rome to overcome the problems resulting from the war with Ukraine. Among the phenomena observed there was a sharp increase in phishing campaigns that use the sending of PDF files and ransomware that targets important infrastructures, such as the healthcare sector. And in fact the Verona Hospital was at the center of a recent attack. Furthermore, the exploitation of unknown vulnerabilities in widely used software continued, a technique that usually generates widespread impacts and allows the theft of a significant amount of data.
Artificial intelligence will increase cyber scams
Unfortunately, a notable development in the scams perpetrated by cybercriminals will come from the adoption of Artificial Intelligence. According to research conducted by Censuswide for Kaspersky, generative AI is already used in 97% of companies, especially for repetitive tasks, such as creating texts and images. Half of the interviewees are worried about the fact that confidential company data may be disclosed through the use of these tools and therefore it will be important to implement control processes to avoid dangerous automatisms induced by the extensive use of AI. In fact, if on the one hand artificial intelligence enhances defense solutions with automation and threat recognition capabilities, on the other hand it also lends itself to becoming an attack tool that is also easy to use.
“With AI – explained Dedola – it becomes very simple to create attack codes as seen by the exponential increase in new malware detected every day”. Furthermore, Gpt Chat-based chatbot applications can be used to impersonate real subjects in various types of attacks and especially in fraud. Deepfake videos are particularly effective. A commercial was uploaded to YouTube in which a fake Elon Musk promoted cryptocurrency investments that were actually a scam. Furthermore, with AI it is easy to generate texts for scam and phishing attempts. On the Dark Web there are indications for exploiting the “evil” potential of ChatGpt. Ai can also be used to obtain information, technical support or pieces of code, topics on which there are dark web forums, blogs and even Telegram shadow channels.
30 million telephone numbers for sale on the dark web
Recently Yarix, Digital Security division of Var Group, unearthed an underground forum on the dark web offering for sale 30 million telephone numbers of Italian users, in packages containing considerable volumes of information such as name, surname, e-mail address, residence and domicile, at very accessible prices starting from 100 euros up to 1 million obviously paid in cryptocurrency. Any data could have been used to conduct malicious campaigns of various nature, such as phishing (scams via email, messages or telephone) and other Social Engineering operations. The Christmas period of Black Friday he was born in Cyber Monday they are golden opportunities for cybercriminals given the increase in online purchases.
Just think that in 2022, Italians spent an average of 5.3 billion euros. Between January and October 2023, Yarix took over over 66 thousand compromised devices containing Italian access credentials, 33% regarding the main Italian e-Commerce platforms. Also increasing for the month of October and the first half of November i fake shop, stores that reproduce the original stores extremely faithfully to steal personal and payment data from the fashion sector. Compared to the same period in 2022, an overall increase of 50% e, pUnfortunately, 78% of attacks result from human error that cybercriminals are keen to exploit.