According to the Cyber Observatory of CRIF, data is increasingly in danger. It is estimated that worldwide data circulating on the dark web grew by 44.8% in 2023. The Observatory analyzes the vulnerability of users and companies to cyber attacks, interpreting the main trends regarding data exchanged in both Open Web and Dark Web environments.
Cybercrime increasingly sophisticated
Beatrice Rubini, Executive Director of CRIF
There are some trends to take into consideration regarding cyber risks. For the theft of personal data, cybercriminals they use malware and applications. Over time, these have become increasingly sophisticated and difficult to distinguish from the official ones, becoming one trap for the people. Furthermore, hackers who also use Artificial Intelligence to target consumers are becoming a real threat. In particular due to increasingly sophisticated email scams, characterized by correct and therefore plausible language, and the generation of constantly evolving code for the development of malicious apps.Added to all this is the fact that many users continue to behave in an uncautious manner online. As demonstrated by the fact that they tend to reuse the same password for different accounts and services, and how they save the login credentials directly in the browser. Examples of bad habits that make them particularly vulnerable.”
Types and dangers of cyber fraud
In 2023, the email address has become particularly valuable data because it allows access to various services. In fact, in the analysis of the CRIF Observatory it was found in combination with the password in 94.4% of cases. Thus exposing the victim to receive messages fraudulent more accurate and credible, such as those of fake payments to be authorized or blocked accounts. These phishing messages contain malicious links that trick the victim into clicking and providing further data to the fraudsters.
CRIF alarm
Increasingly rich data sets of contact information complete the victim’s profile, making it more vulnerable against fraudsters. The severity of alerts sent in 2023 increased overall by 29% compared to the previous year. Confirming that the vulnerability to fraud per single data exposure is growing. In fact, in one case out of 10, in addition to the telephone number, the e-mail address and the name and surname of the victim appear.
The lists of personal data composed in this way are a gold mine for fraudsters. These can do a lot of fraud personalized, also taking advantage of artificial intelligence, often mentioned in phishing and malware kit exchange forums. In 2023, this multiple combination of personal and contact data will see an increase of 45% compared to the previous year.
CRIF – Campagne di phishing aggressive
Additionally, the entire year of 2023 witnessed a proliferate of ad hoc tools made available to the fraudster community. For example, “phishing kits” are very widespread (such as Modlishka, Evilginx and many others). These are tools ready to be used even by less experienced hackers to target consumers with phishing campaigns. Thanks also to the use malevolent of the possibilities of artificial intelligence, fraudulent emails are increasingly sophisticated, making it even more difficult for the recipient to distinguish real communications from fake ones. Furthermore, the possibility of to translate quickly in multiple languages helps criminals spread phishing attacks more globally.
The threat of infostealer
In this context, open source messaging applications – such as Telegram – are increasingly becoming the ideal place for exchange the stolen data. But also to provide instructions for creating ready-to-use malware or for buying and selling tools at the service of hackers. In fact, a simple search within the applications is enough to find channels and groups for exchanging personal data, including credit cards.
CRIF alarm: data increasingly in danger
Infostealers (malware designed to steal personal data) are an additional threat to consumers. Spread via malicious links, malicious emails or compromised websites, they lead to risk user security, operating stealthily and capturing information and credentials while browsing online. Some information is particularly valuable for emulating user activities in fraudulent schemes such as account takeover.
The most “desirable” and vulnerable data in cyberspace
The main categories of data that are subject to attack remain, even in 2023, passwords, email addresses, usernames, first and last names and telephone numbers. This information they circulate predominantly on the dark web and are therefore more vulnerable. Compared to 2022, the password overtakes the email reaching the first position. While the username rises to third position, overtaking the name, surname and telephone number, among the most vulnerable data.
Password e username
Very often emails are associated with a password, with a share of 94.4% of cases (up 4.4% compared to 2022). Just as usernames often appear together with passwords (65.6%). The number of telephone plays a fundamental role in these cases and, when also associated with the password (16.6%), increases the victim’s vulnerability. This combination is up +25.6% compared to the previous year.
The most violated account types
The ranking of the most detected email accounts on the dark web sees Gmail, Yahoo and Hotmail in the top 3 positions. Most of the hacked accounts are attributable to websites entertainment (56.6%), followed by e-commerce (16.4%) and social media (11.9%). The risk of such data being stolen can lead to direct economic consequences for victims. In fourth and fifth place are the theft of accounts from forums and websites of paid services (6.2%) and financial services (4.8%), such as banking ones.
See under credit card
Regarding the cards of credit, in addition to the card number, CVV and expiry date are very frequently present on the dark web: 96.9% of cases. Among the continents most subject to this illicit data exchange, North America tops the list, with 54.5% of the total volume, followed by Europe with 23.8%. Among the countries most subject to credit card data exchange, the United States, France, Mexico, Brazil and Russia occupy the top positions in the global ranking. Italy is in 16th place.
Companies increasingly targeted by cybercrime
Through a qualitative analysis of domini, the CRIF Cyber Observatory investigated whether the email accounts detected on the dark web refer to personal or business accounts. In 91.1% of cases these are email accounts personal, while in the remaining 8.9% of cases these are business accounts, +2.1% compared to 2022. Various national and international brands were targeted by the attacks, not only in the financial world but also in the insurance, automotive, of personnel selection, fashion and luxury. Also associations and bodies governments are subject to attacks. These include embassies, ministerial and post offices. The targets are increasingly diversified, in terms of sectors affected and size of companies: unfortunately no one escapes cybercrime attacks.
The situation in Italy
Hacker monitoring and combating activities continue to have great relevance in our country too. In Italy there is a number of consumers alerted on the dark web, thanks to CRIF services, up by 13.9% compared to the previous year. In Italy, where 51.7% of users have received at least one alert in 2023, there is an increase in reports sent regarding the theft of data monitored on the dark web. In this case, 77.5% of users were alerted, while 22.5% was the share of users alerted due to data collected on the public web. THE
L’open web
types of data most frequently detected on the open web, therefore publicly accessible by anyone on the network, are the tax code (57.5% of the data collected) and the e-mail (30.1%). The telephone number follows at a distance (8.2%). Among the characteristics of the Italian private users who were notified, the age groups most involved are those over 60 (26.5%), 51-60 years (25.8%), 41-50 years (25, 3%). The regions in which the most people are alerted are Lazio (19.6%), Lombardy (13.6%) and Sicily (8.4%).
Data increasingly in danger, the CRIF alarm arrives
You have to pay particular attention Attention to the emails and messages we receive every day, training ourselves to recognize scam and phishing attempts. It is important not to click on links contained in suspicious emails or SMS. And, above all, not answer providing personal information to messages purporting to be sent from our bank or another company, always checking the sender’s phone number or email address.
Don’t be impulsive
Beatrice Rubini
Fraudsters often use messages that target theemotionality and leverage the sense of urgency. We must not be impulsive but keep our level of attention high. It is therefore becoming increasingly important for public and private companies to have vulnerability assessment systems and carry out internal employee awareness campaigns. On the other hand, it is advisable for consumers to manage their data scrupulously. Also relying on tools that today allow us to protect devices and monitor our data.