May 9, 2022
May 9, 2022
Hacker activities intensified in 2021, a year in which the number of Italian users who received an alert of a cyber-attack against their personal data increased by +48.7%. The figure mainly refers to alerts related to information found on the dark web (a set of web environments that do not appear through normal internet browsing activities and require specific browsers or targeted searches).
Overall, the number of alerts referring to data found on the dark web was 1.8 million in 2021, up +57.9% from 2020.
There were over 150,000 alerts sent relating to data on the open web, +16.4% compared with 2020.
These are some of the findings that emerged from the latest CRIF Cyber Observatory, which aims to analyze people’s and companies’ vulnerability to cyber-attacks and to interpret the main trends concerning the data exposed in open web and dark web environments, the type of information, the areas in which data traffic is concentrated and the most exposed countries, as well as offering some insights into how to deal with cyber risk in an informed way.
WHAT TYPE OF DATA CIRCULATES ON THE DARK WEB?
Stolen information can be used for different purposes, for example, to enter the victims' accounts, to misuse services, or extort or steal money.
According to the CRIF Cyber Observatory, the personal data of Italian users that mainly circulate on the dark web are email credentials and phone numbers. This valuable information could be used to try to commit fraud, for example, through phishing or smishing. In addition, it should be noted that the tax codes detected on the dark web have grown by 51% in the last year of observation.
In absolute terms, passwords remain among the most widely circulating confidential information: often they are combinations of numbers and letters, even very simple ones (at the top is the sequence 123456 followed by 123456789 and the word 'password'), so it is very easy for hackers to discover them.
Observing the most common passwords found on the dark web in Italy, we find that the most popular are proper names like "andrea", "francesco" and "alessandro", and names of soccer teams like "juventus" and "napoli", demonstrating the lack of attention that many users pay to these aspects, unaware of the risks they could run.
It is even more interesting to observe the main combinations of data intercepted on the web: those that are growing the most include phone numbers and credit cards. Phone numbers have become particularly valuable pieces of personal information because they allow access to many platforms and apps, which have introduced two-factor authentication in their login procedures.
According to the CRIF Cyber Observatory, it appears that emails are almost always associated with a password (in 94.7% of cases).
Although those found on the dark web are mostly personal email accounts, there has been a certain acceleration of attacks on business accounts, which represent 22.0% of the total.
Concerning credit card data, almost always in addition to the card number is the cvv (the 3-digit security code present on the cards) and expiration date (in 88.7% of cases) and in 72.5% of cases there is also the first name and surname of the cardholder, an occurrence that increased significantly compared to 2020.
The pairing of first names and surnames with telephone numbers also recorded strong growth, reaching 47.1% in 2021.
Main data combinations |
2021 |
∆% |
Email + Password |
94.7% |
-2.0% |
Phone number + password |
52.5% |
-7.9% |
Full credit card (with cvv number and expiry date) |
88.7% |
-5.6% |
Username + Password |
88.4% |
+4.1% |
Full credit card + First and Last Name |
72.5% |
+384.1% |
Phone number + First and Last Name |
47.1% |
+207.2% |
Source: CRIF Cyber Observatory
COMPROMISED ACCOUNTS
In 2021, the proliferation of dark web exchanges of compromised account credentials - extremely valuable data for hackers - is worth noting.
Overall, accounts linked to entertainment sites (especially online gaming and dating) remain the most vulnerable to personal data theft, with 48.6% of total cases. A phenomenon also driven by the fact that esports (competitive and organized online games) are constantly growing, and platforms require paid subscriptions, hence the risk of financial losses for victims. In second place is the theft of forum and website accounts (22.9%).
This is followed by streaming services, with 15.5% of the accounts, and again the risk of theft could lead to direct financial consequences for victims.
While the theft of social media accounts (11.4% of cases) can lead to attempts at fraud and identity theft.
Most detected account categories |
2021 |
Entertainment |
48.62% |
Forum and websites |
22.95% |
Streaming services |
15.53% |
Social media |
11.40% |
Financial services |
1.33% |
Source: CRIF Cyber Observatory
ITALY AMONG THE MOST AFFECTED COUNTRIES
The ranking of the countries most affected by the phenomenon of online theft of email and passwords shows the USA, Russia, France and Germany at the top, followed by the United Kingdom and Italy, which occupies 6th place overall, as in the previous year. Poland, Brazil, India and Japan complete the top 10.
Another area of investigation in the Cyber Observatory is that dedicated to the ranking of countries most subject to the exchange of fraudulent credit card data. This ranking is led by the USA, followed by India and Mexico, with Italy occupying 10th position overall.
THE PROFILE OF ALERTED SUBJECTS
In Italy, the most affected age group is between 41 and 50 (with 26.4% of the total) followed by those aged 51-60 (25.6%) and those over 60 (24.8%).
Men represent the majority of alerted users (in 63.8% of cases).
The area with the highest number of people alerted is the Center of Italy, with 37.3% of the total, followed by the South, with 26.7%, the Northwest, with 21.0%, and the Northeast, with 15.0%.
Specifically, the regions in which the most people are alerted are Lazio (with 21.6% of the total), Lombardy (12.8%) and Campania (8.2%), followed by Sicily and Emilia Romagna (both with 7.3%).
The Province of Rome alone accounts for 18.6% of total cases, followed by Milan (5.5%), Naples (4.9%), Turin (3.9%) and, surprisingly, Perugia (2.6%).
Region |
Alerted client distribution |
Abruzzo |
2.1% |
Basilicata |
0.5% |
Calabria |
2.6% |
Campania |
8.2% |
Emilia Romagna |
7.3% |
Friuli Venezia Giulia |
1.4% |
Lazio |
21.6% |
Liguria |
1.9% |
Lombardy |
12.8% |
Marche |
2.4% |
Molise |
0.6% |
Piedmont |
5.9% |
Puglia |
5.0% |
Sardinia |
3.1% |
Sicily |
7.3% |
Tuscany |
6.7% |
Trentino Alto Adige |
0.7% |
Umbria |
3.1% |
Aosta Valley |
0.1% |
Veneto |
5.5% |
Source: CRIF Cyber Observatory
"The latest edition of the CRIF Cyber Observatory confirms the importance of our data to fraudsters. The presence of confidential information and credentials on the web exposes us to great risks, both reputational and financial, and this should cause us to reflect on the importance of handling our data with care and protecting it from possible theft, just as we would do for our most valuable assets. The level of awareness and attention is often insufficient, both on the part of consumers and companies, with the latter increasingly subjected to cyber-attacks that have extremely significant impacts," commented Beatrice Rubini, Executive Director at CRIF. “First of all, it is advisable to check the daily communications we receive before clicking and be very careful before entering confidential data and credentials to access online services. A further opportunity is represented by monitoring services that offer greater control of the exposure of our data on the web and detect the unlawful circulation of codes and passwords."