ONLINE IDENTITY THEFT: Data from Italy

The activities of hackers IN ITALY intensified in 2021, a year in which the number of Italian users who received an alert of a cyber-attack against their personal data grew by +48.7%. More specifically, the data refer to alerts related to information found on the dark web (a set of web environments that do not appear through normal Internet browsing activities and which require specific browsers or targeted searches).

Overall, the number of alerts related to data found on the dark web was 1.8 million in 2021, up +57.9% from 2020. Alerts on the open web were more than 150,000, +16.4% over 2020.

The National Recovery and Resilience Plan provides in Mission 1, investments of 623 million euros (from 2021 to 2024) for cybersecurity with the aim to strengthen Italy’s defences against the risks of cybercrime starting with the implementation of the Cybersecurity National Perimeter (PSNC). This highlights the great importance attributed to the fight against cyber threats.

Some evidence emerged from the latest update of the Cyber Observatory carried out by CRIF (Central Financial Intermediation Risk Centre), which aims to analyze the vulnerability of people and companies to cyber attacks and to interpret: the main trends concerning the data exposed in Open Web and Dark Web environments, the type of information, the areas where data traffic is concentrated and the most exposed countries, as well as to offer recommendations to mitigate cyber risks.

According to the findings of CRIF’s Cyber Observatory, the personal data of Italian users that predominantly circulate on the dark web turned out to be primarily email credentials, followed by phone numbers. This valuable data could be used to try to carry out scams, such as phishing or smishing. Also of note is how passwords detected on the dark web grew by +51% in the last year of observation.

In absolute terms, passwords remain among the most improperly circulated confidential information: they are often combinations of numbers and letters, even very simple ones (at the top is the sequence 123456 followed by 123456789 and the word ‘password’), so it is very easy for hackers to succeed in discovering them.

Looking at the most common passwords found on the dark web, relative to Italy we find at the top proper names such as ‘andrea’, ‘francesco’ and ‘alessandro’, and names of soccer teams such as ‘juventus’ and ‘napoli’, demonstrating the lack of attention that many users pay to these aspects, unaware of the risks they could run into.

Theft of personal data cases in ITALY

In the first half of 2022 cases of personal data theft increased. The number of alerts related to data detected on the dark web was more than 780,000 in the first half of 2022, an increase of +44.1% compared to the previous six months, while alerts related to the open web were more than 70,000, a decrease of -4.9% compared to the second half of 2021.

The sociological profile of victims in Italy

 Men represent the majority of the affected users (63.2% of cases).

The area with the highest number of people affected is the Centre, with 36.8% of the total, followed by the South, with 26.1%, the North West, with 22.3%, and the North East, with 14.7%.

Specifically, the regions where most people are affected are Lazio (with 21.5% of the total), Lombardy (13.4%) and Campania (7.8%), followed by Sicily and Emilia Romagna (both with 7.3%).

Rome alone counts 18.8% of total cases, followed by Milan (5.8%), Naples (5.0%) and Turin (4.1%).

SOURCE: CYBER OBSERVATORY CRIF (https://www.crif.it/chi-siamo/) CRIF aims to analyse the vulnerability of people and companies to cyber attacks and to interpret the main trends concerning data exposed in Open Web and Dark Web environments, the type of information, the areas where data traffic is concentrated and the most exposed countries, as well as to offer some insights into how to consciously deal with cyber risk.