Cybercrime evolves but there is one fact that has been confirmed in more recent years: Italy is one of the countries in the world most affected by cybercriminals. Malware, ransomware e phishing they are the most fearsome threats, with email remaining an important attack vehicle. Companies are the favorite target of extortion and data exfiltration, especially small and medium-sized businesses and those belonging to the service, healthcare and online banking sectors. Generative AI it has provided even more sophisticated tools into the hands of cybercriminals, but it is also a valuable defense technology in the hands of cybersecurity teams.
Confirmation of these scenarios comes from “Stepping ahead of risk”, il report di Trend Micro Research on cyber threats (DOWNLOAD WHO THE COMPLETE STUDY) that struck during the first half of 2023. Italy is the third country in the world and the first in Europe most affected by malware. Globally, Trend Micro blocked a total of more than 85.6 billion threats in the first half of 2023, of which approximately 37 billion arrived via email.
A specific focus on ransomware comes, however, from the latest “Threatland” report (DOWNLOAD WHO THE COMPLETE STUDY) by Swascan, a cybersecurity company of the Tinexta group’s cyber hub: in the second quarter of 2023, the phenomenon of theft of sensitive data with ransom demands grew by +34.6% in Italy and by +62% at overall compared to the previous quarter. In Italy, 80% of the victims affected are SMEs and 91% are companies with a turnover of less than 250 million euros. Between last April and June there were numerous cyber attacks in Italy which mainly involved service companies (54%), manufacturing (11%) and healthcare (9%), more than doubled compared to the previous quarter. Around 190 thousand devices have been compromised in our country.
The findings for the first semester of the Crif Cyber Observatory they are going in the same direction: in the first six months of 2023 they continue to increase fraudulent activities of hackers around the world, resulting in an increase in stolen credentials and number of alerts sent on the dark webwhich was 911.960that is to say +17,9% compared to the second half of 2022. In particular, regarding the theft of email accounts, Italy is the fifth most affected country globally after the United States, Russia, Germany and Bulgaria.
According to Trend Micro, Italy is first place in Europe and third on a global scale for malware attacks, with a total of 174,608,112 malware intercepted. These top five positions: United States (417.545.421), Japan (355.248.073), Italia (174.608.112), India (120.426.491), Brazil (96.908.591).
For micro-malware, Italy is the fourth most affected country in the world, with 5,180 attacks. On the podium were Japan (28,816), the United States (10,485) and Turkey (5,529).
Also according to Trend Micro, the threats via email that hit Italy in the first half of 2023 were 048,776. The visits to malicious sites there were 470,479. Malicious sites hosted in Italy and blocked were 68,334. The number of malicious app downloaded in the first half of 2023 is 724,698. In the end, the unique online banking malware intercepted was 804.
Generative AI in cybercrime
Globally, in the first half of 2023, the rapid expansion of generative AI tools has enabled cybercriminals to use new tools like WormGpt and FraudGpt and to organize new scams, such as virtual kidnappings, the Trend Micro study further reveals. The attacks ransomware they also remain an important phenomenon and prove to be increasingly sophisticated. Several cybercriminal groups have also joined forces, to maximize the results of their malicious activities.
The use of artificial intelligence allows cybercriminals to carry out more elaborate attacks and poses a new set of challenges. The good news is that the same technology can also be used by security teams to work more effectively.
Ransomware, a growing threat
According to data collected by Swascan for the second quarter of 2023, they were 1451 victims (affected and subject to publication of stolen data) globally from ransomware attacks, characterized by the spread of malicious software that encrypts data for which a ransom is requested for restoration. There is also an increase in gang in cybercriminali behind these attacks, went from 36 to 43 (+19.4%). Lockbit stands out as the most active, having orchestrated 245 attacks during the quarter.
These attacks appear to have a specific objective, companies. In particular, those in the United States were the most targeted, with 636 attacks, followed by those in the United Kingdom (69) and Canada (60). In Italy 80% of these affected SMEs, demonstrating how cybercriminals consider them more vulnerable than large companies. 91% of the victimized Italian companies have a turnover of less than 250 million euros.
The geography of the phenomenon is also expanding: while in the first quarter of 2023 there were 79 countries affected, in the second they became 89. Since the beginning of the year, a total of 2,349 attacks have been recorded, with a peak of activity in May where 25% (575) of total attacks occurred.
Service companies were hit hardest, accounting for 47 percent of attacks, followed by manufacturing (16 percent) and technology (6 percent). Also in Italyil service sector is at the top of the list with the 54% of attacksfollowed by manufacturing (11%) and from healthcare (9%), more than doubled compared to the previous quarter. However, the threat has not spared other sectors, including financial, manufacturing, real estate, and many others.
The most widespread emerging threat is the phishingwith almost 160,000 campaigns detected. In Italy, phishing campaigns have affected mainly the banking sectordefinitely the one most targeted by attackers with the aim of exfiltrating login credentials and payment information.
Credentials subject to purchase and sale
Swanscan’s analysis of the two major stolen credential marketplaces revealed how, in the second quarter alone 2023quasi 8 million devices (exactly 7,756,466) were compromises on a global scale. Valuable credentials were “exfiltrated” from these devices, making sensitive data and personal information accessible. L’Italia was not spared: they are 189,042 devices compromises, equal to 2.4% of the global total. TO European levelthe figure comes out to 1,370,950 devicesor 17.7%.
Swanscan confirms that imalware remain a major concern for security experts and users. From April to June this year the “infostealer” – malware specialized in stealing confidential information from infected hosts – have stood out as the most widespread malware family, consolidating their predominant role in the world of cybercrime.
Data on the dark web is increasing
L’latest edition of the Cyber Observatory created by Crifwhich focuses on the main trends affecting the data exchanged in open web and dark web environmentsamong the categories of accounts circulating on the dark web and therefore most vulnerable to hacker attacks, in first place are the email addresses; they follow password not username, then The postal addresses eh phone numbers. And precisely regarding the theft of email accounts, among the Most affected countries at a global level there is also theItaliaThat is in fifth placeimmediately afterwards United States of America, Russia, Germania e Bulgariabut ahead of Brazil, the United Kingdom, Poland, Japan and Canada.
The email accounts detected on the dark web refer in 90.7% of cases to personal accounts, while in the remaining 9,3% of the cases it concerns account businesswith a growing value of +3,7% in the latter case compared to the second half of 2022.
In particular with regard to Italy, in the first half of 2023 over 40% of users received an alert relating to their data. There has been an overall increase in alerts sent regarding theft of data monitored on the dark web: practically 4 out of 5 users have in fact received alerts of this type. Instead, as regards the public web, where data is practically accessible to anyone, 20.5% of users were alerted. Here the most frequently collected data were the tax code (55.1%) and the e-mail address (32.3%), followed by telephone number (7.6%), username (2%) and address. postal (3%).
A very dangerous type of attack highlighted by Crif on a global scale is the Sim swapping, which consists of taking possession of the victim’s phone number to allow fraudsters to access certain services on the victim’s behalf (bypassing two-factor authentication). The telephone number therefore plays a fundamental role and, when associated also with password, increases the victim’s vulnerability. In fact, this combination of data theft is more than tripled compared to the second half of 2022, with a increase of +372%. Furthermore, among the main combinations of data detected on the dark web, emails are very often associated with a password (92.3% of cases), just as passwords very often appear together with usernames (62,5%).