8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
1/23
Matteo Cavallini
A vision of cybercrime in Italy
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
2/23
Matteo Cavall ini CeCOSVI 2012 - Prague
About me
Current ly I am the Head of Security in Consip SpA, a company ownedsolely by the Italian Minist ry of Economy, with the mission of providingconsult ancy and proj ect support , organizat ional and technologicalservices aimed at the innovat ion of Public Administ rat ion.
Since 2007 I have been the Head of the Local Security Unit (LSU)MEF/Consip, t he internal CERT of t he Ital ian Minist ry of Economy
I am also the VP of t he Cloud Security All iance Italy Chapter
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
3/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Tech. & SecurityProviders
so we built an operational network
Associat ions
Italian National CERT is on its wayyet
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
4/23
Matteo Cavall ini CeCOSVI 2012 - Prague
We gathered pieces of info from public sources andour peers in order to. .. create our vision
Italian National CERT is on its wayyet
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
5/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Some Pieces.. . f rom Clusit Report
Hacktivism
Ransomware
Cyberbullying
Phishing
Child pornography
DDOS
Cyber at tacks
Growing t rends
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
6/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Hundreds of fake bil ls
sent to Italian cit izensclaiming that therehas been an access to
some bannedpornographic photos.PC is crippled by themalware and there isa request of 100 to
pay.
Police Ransomware in Italy
Sources are F-Secure and TrendMicro
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
7/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Some Pieces.. . f rom Clusit Report
Target distribution
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
8/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Some Pieces.. . f rom Our Team
Monit oring open sources with spefic toolsdeveloped by our team, we found early t racesof many at tacks against Italian and Europeanwebsit es, enabling us to give our cont ribut ionto contain the incident . Here some examples:
www.qualitapa.gov.it
appsrv.ice.gov.it
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
9/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Symantec-Ponemon Report
What about the costs of a breach?
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
10/23
Matteo Cavall ini CeCOSVI 2012 - Prague
A Direct Consequence
According to EECTF Survey, companies arereluctant to report at tacks
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
11/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Some Pieces.. . f rom UCAMP
Central Off ice for Means of Payment Fraud (UCAMP) isresponsible for Euro counterfeit ing and preventing fraud commit tedthrough the use of payment means other than cash
Italy is st ill a small market
010
20
30
40
50
60
70
Italy 2010
Euro Area 2009
EU 27 2009
Paymentmeans other than cash
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
12/23
Matteo Cavall ini CeCOSVI 2012 - Prague
0%
10%
20%
30%
40%
50%
60%
70%
80%
Italy UK France Australia
In Country
Abroad
Unrecognized transactions by area
0,000%
0,010%
0,020%
0,030%
0,040%
0,050%
0,060%
Italy Australia France
2009
2010
Losses causedbyfrauds
Italy is st ill a small market ... also for carders!
Some Pieces.. . f rom UCAMP
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
13/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Some Pieces... from UCAMP
Preliminary data for 2011confirm the trends.
Unrecognized t ransactions involvingcards in It aly (organized by type)
ATM
25%
POS
70%
Internet
5%
2009
ATM
30%
POS
63%
Internet
7%
2010
In Italy the maj ority of f rauds are made via POS
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
14/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Total
inspections
Total
complaints
Average
amount
People
charged
Fake
banks
Phishingin 2011
Some Pieces.. . f rom the Italian Police
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
15/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Beyond Off icial Data.. . Here are Some Trends
Phishing and f inancial malware targets private companiesand publicadminist rationsmore then ever
In cyberf rauds, there are some special abilit ies related to ethnic groups
At the moment, in Italy:
Most of financial malware is a variant of ZeuS
On average, every 100 wire t ransfersmade by fraudsters, 80 are blockedbefore being sent .
Most of money mules are abroad
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
16/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Efficiency in cross border payments is
st rongly increased by the inst it ut ion ofthe Single Euro Payment Area (SEPA).Most of these payments are nowexecuted within 1 day.
Also criminals take advantage of thissit uat ion so, most of the money mulesare abroad.
Italian Police is reinforcing it s directcontacts with other LEAs of the SEPAcount ries to increase efficiency.
Beyond Off icial Data.. . Here are Some Trends
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
17/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Identity theftin 2011
Totalcomplaints
Totalinspections
Peoplecharged
Other Pieces.. . f rom the Italian Police
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
18/23
Matteo Cavall ini CeCOSVI 2012 - Prague
From figures to real crimes...
They steal thedigital signatureand put the
company of anunsuspect ingbusinessman intheir name:busted by the
Financial Police -03-26-2012
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
19/23
Matteo Cavall ini CeCOSVI 2012 - Prague
Here another example.. .
Many govagencies
hacked.Drop-zone was inMalesia.
An interest ing case of an Italian hacker t hat sent a lot a spear-phishing emails to users of t he local and cent ral PA. Using the
stolen password he sold to private invest igators il legalaccesses to sensit ive PII. Sentenced to 4 years in j ail .
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
20/23
Matteo Cavall ini CeCOSVI 2012 - Prague
A Last Piece... from Clusit Report
One major event
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
21/23
Matteo Cavall ini CeCOSVI 2012 - Prague
What to expect in the near future?
A growth of FinancialMalware on social and
mobile channels
1
A growth of the
non-Financial Targets
2
Achievement of the
Fraud-as-a-Servicemodel
3
Monetization of non
financial data
4
A growth in Hacktivism5
6 Efficient sharing of data
effectiveness in
countering botnets and
cybergangs
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
22/23
Matteo Cavall ini CeCOSVI 2012 - Prague
My worst nightmare
will we see this fusion in the future?
8/2/2019 A "vision" of Cyber Crime in Italy by Matteo Cavallini
23/23