Over one hundred Italian banks involved and the credentials of one thousand and 700 of their customers stolen. This is the digital loot that was tracked down by Avast Threat Labs for a mistake made by the group of cybercriminals that conducted the operation. And so the lenders have been warned to take action.
Cybersecurity, the challenge is to make it accessible to everyone
by Jaime D’Alessandro
“We found credit card numbers with expiration dates and verification code, bank accounts, personal data and more”, he says from the Czech Republic in a video link Michal Salat, researcher of the Avast laboratories. “The group that carried out the theft is the same one that recently also struck in Spain and Scotland through the Ursnif malware, a name with which for now we also define the gang of cyber pirates.
Ursnif is a malware that made its appearance back in 2007 and then evolved over the years and managed to remain a threat. In this case it would have spread mainly through emails sent to victims containing fake official documents. The most inattentive who opened them, especially if their computer was not shielded by any security software, without realizing it allowed the malware to infect the system. From that moment on, every transaction made was observed and all the credentials were copied upon the first connection with the bank portal.
Coronavirus, the secrets about the vaccines stolen from the EMA in the hacker attack have ended up on the darkweb
“The fact that this group of people are looking for access to bank accounts means that they make money that way,” continues Salat. “But the interesting thing is that he does not try to use the card data for online purchases, a risky system because you risk being traced, but he resells that information or perhaps tries to make transfers using anonymous accounts as destinations in countries where the banking rules they are quite flexible ”.
There is no information on the extent of the damage and it is difficult for the banks involved to confirm them, assuming they did. A matter of reputation, but not only. Many deposit and wire institutions require multiple confirmation steps, often with codes sent via text message that cannot be obtained through malware. But this does not mean that the stolen data does not represent a danger for those who suffer the theft and a source of income for those who carry it out. It is no coincidence that these types of attacks have multiplied since the end of this year.
.