Cybersecurity, personal data theft up 56.3%: it's dark web alert

The data from the Crif report: more than one million alerts from Italian users in the first half of the year. The theft of personal information to the detriment of users takes place above all through forums, blogs and messaging platforms, among which Telegram stands out. 28 Oct 2021 A. S.

In the galaxy of cyber attacks, one of the activities preferred by hackers is that of the theft of personal data of Internet users, information that more and more often after being stolen is offered for sale by cybercriminals on the dark web. This is highlighted by the results of Crif's Cyber Observatory, the latest edition of which has just been released on the occasion of cybersecurity month. According to the research, in the first half of 2021 there were over 1 million alerts received by Italian users for cyber attacks on their personal data, with a + 56.3% compared to the same period of 2020. In the same period of time, the number of data found on the dark web compared to the previous semester: this means that users alerted in Italy for data collected on the dark web are 72.9%, compared to 27.1% of subjects alerted for data collected on the public web. Among the evidence emerging from the report is the fact that the environments in which the greatest amount of stolen data is exchanged are forums, blogs and messaging platforms, as well as specific search engines such as Tor and DuckDuckGo. Among the messaging platforms most used by hackers to exchange information stolen from users is Telegram. The stolen information is organized into packages containing thousands of credentials and sold illegally even for less than 50 Euros. "On the dark web there is an enormous amount of data of unsuspecting citizens, who thus run the risk of suffering identity theft and online scams - explains Beatrice Rubini, Executive Director Personal Solutions of Crif - The level of sensitivity and awareness of large groups of However, the population is still very modest and even minimal forms of protection are not adopted, such as adopting sufficiently complex passwords, not using the same password for multiple accounts and changing it frequently, keeping your credentials accurately and not sending them via email or text message . Hackers are increasingly aggressive but, to try to defend themselves, at least it is essential to adopt virtuous practices to make their life more difficult ". According to the photograph taken by the Crif Observatory, the most common personal data on the dark web are passwords, individual or company email addresses, usernames, telephone numbers, as well as the names and surnames of users: all information that could be used to carry out scams. But that's not all: among the data exchanged by hackers there are also financial ones, such as credit card numbers and Iban. According to Crif surveys, the cases in which cybercriminals have complete credit card data, correctly matched to the names of the holders, are increasing: a percentage that has risen from 20.8% in the second half of 2020 to 56.4 % of the first six months of 2021, and which entails a high risk that unauthorized transactions may be entered into. Similarly, in nine out of ten cases, hackers have access to the combination of user username and password, a circumstance that allows them to enter the restricted areas of the services. Passwords deserve a separate chapter: Italians are still extremely "lazy", so much so that the information on the dark web testifies to how the choice often falls on personal names or those of the most famous football teams, such as Juventus and Naples. In any case, stainless steel 123456, 123456789 remain at the top of the top ten. "These are very simple combinations of numbers and letters, easily intercepted by hackers and, consequently, highly vulnerable - underlines Rubini - On the other hand, the use of such basic passwords reveals the lack of experience or laziness of a part. of web users, who often do not follow the most elementary rules to protect themselves from possible intrusions, for example by choosing long and different passwords for each important account, with combinations without links with personal information. To limit the dissemination of this sensitive data, it would be important for users to activate, where possible, two-factor authentication to prevent hackers from entering accounts even after having discovered their login and password, as it would be advisable to pay close attention to the 'use of public WiFi networks, where even the most secure password could be intercepted, and the risks associated with storing credentials on public or shared computers ”. But what use do the hackers of the credentials they manage to steal from legitimate users? They range from entering victims' accounts to abusive use of services, up to sending emails with requests for money or phishing links, or malware and ransomware to extort money from victims. The age groups most affected by data theft are those of 41-50 and 51-60, respectively 27.1% and 25.3% of the total, followed by the over 60s with a share of 24%. Most of the victims are men (64.2% of the total), while women represent just over a third of the users alerted (35.8%). The regions in which the number of people alerted more people is higher are Lazio (with 21.4% of the total) and Lombardy (with 12.7%), even if in proportion they are the inhabitants of Valle D ' Aosta, Molise and Sicily to be the most exposed.

DARK ARTICLE