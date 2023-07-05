Proofpoint examined how cybercrime affects Italy and illustrated how criminals manage to evolve their businesses to make them even more profitable. Proofpoint has observed several significant changes affecting the panorama threat global. These include the abandonment of documents with malicious macros, the increasing use and availability of phishing kits that can bypass multi-factor authentication (MFA). And again the tendency to hold conversations with selected victims before sending messages with dangerous payloads.

Cybercrime and Italy

Between mid-2022 and 2023, the threat landscape saw one of the biggest changes in cybercriminal behavior, following Microsoft blocking attachments containing macros by default in its Office products. This update has forced threat actors to adopt new mechanisms to distribute malware by regularly changing tactics, techniques and procedures in their campaigns. This is to try to evade anomaly detections, also using file types rarely observed in the past.

Un “attacker-in-the-middle”

With the MFA becoming one practice of standard security, phishing kits have evolved to steal tokens and circumvent it. Threat actors use procedures that leverage a transparent reverse proxy, allowing them to perform an “attacker-in-the-middle” during a browser session. Thus managing to steal credentials and cookies in real time. Based on its visibility Proofpoint has observed an increasing uptake of these kits.

Threats using social engineering are growing

Proofpoint has also observed an increase in telephone-oriented attack delivery (TOAD) threats. These use social engineering to trick the recipient into calling a fake customer service representative, which will then lead the victim to install malware. Currently, there are hundreds of thousands of threats of this type that Proofpoint observes every day.

What is happening in Italy

Proofpoint researchers have discovered numerous threat actors targeting Italian for-profit organizations, leveraging social engineering techniques, including spoofing Italian government entities. Or they pretend to be responses to existing conversations, to trick users into trusting and sharing content.

The financial impact of cybercrime and Italy

Cybercriminals demonstrate many goals. These include data theft, account takeover, banking information retrieval to steal funds, or install subsequent malware, potentially including ransomware. Threats that can have a major financial impact, resulting in losses of millions of dollars.

The main results of the analysis

Actors across the threat landscape, including those targeting Italian users, are adopting new methods of delivery and they’re moving away from macro-enabled documents. Among the cybercriminals specifically targeting Italy are TA550, TA551, TA544, TA554 and TA542. Ursnif banking malware is the most frequently observed of those targeting Italian companies. Cybercrime and Italy: how the problem is evolving Proofpoint observed actors who simulated Italian government organizations linked to financial, postal and health services. Identified threats can enable data theft, reconnaissance, financial loss, and subsequent delivery of malware, including ransomware.

Share this: Twitter

Facebook

