Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Italy. Show all posts
safeguarding data
Consumer Data Cyber Security Cybersecurity measures data security Italy safeguarding data

Italy Demands Cybersecurity Safeguards from Dongfeng for New Auto Plant Investment

 

Italy is demanding that Dongfeng Motor Group Co., a prominent Chinese automaker, agree to stringent cybersecurity and data protection measures as a condition for supporting the establishment of a new plant in the country. According to sources familiar with the matter, Prime Minister Giorgia Meloni’s government is advancing negotiations with Dongfeng but insists on specific safeguards to protect national security and consumer data. One of the key requirements is that certain critical components, such as infotainment units, must be supplied by local Italian companies. 

This measure is intended to ensure that the vehicles produced in the new plant adhere to Western security standards, particularly given the growing concerns about data protection and cybersecurity in the automotive industry. Additionally, Italian officials are pushing for consumer data collected by Dongfeng’s vehicles to be stored and managed within Italy. This stipulation aims to prevent the transfer of sensitive data outside of the country, addressing the broader concerns that have arisen with the increasing integration of digital technologies in automobiles. The Italian government’s approach reflects its dual objectives: capturing the economic benefits of Chinese investment in the auto sector, which has been in decline for decades, while simultaneously mitigating the risks associated with cybersecurity and data protection. 

Prime Minister Meloni, who recently met with Chinese President Xi Jinping in Beijing, is navigating a complex landscape of renewing trade ties with China while ensuring that national security is not compromised. Stefano Aversa, chairman for Europe, the Middle East, and Africa at consultancy firm AlixPartners, highlighted the potential benefits of Dongfeng’s entry into the Italian market. He noted that while the arrival of a Chinese carmaker could revitalize Italy’s stagnant auto market, it is crucial that local suppliers play a central role in the supply chain to ensure compliance with Western security standards, especially for next-generation vehicles. 

As part of a broader strategy to promote Italian automotive suppliers, the government has urged Dongfeng to source at least 45% of the components for each car from within Italy. Meeting this requirement would qualify Dongfeng for several hundred million euros in public incentives. These incentives are designed to boost domestic production and help the country achieve its goal of producing 1 million vehicles annually by 2030. In 2023, Italy’s auto production stood at 880,000 vehicles, down from 1.14 million in 2017 and 1.74 million in 2000, reflecting a long-term decline in the industry. The Italian government’s efforts to attract Dongfeng come as part of a broader push to revive the country’s automotive sector. This initiative gains urgency as Stellantis NV, the dominant player in the Italian market, has signaled its intention to potentially move some production to lower-cost locations. 

Stellantis, which has an automotive partnership with Dongfeng in China, sold assets to the Chinese company last year, further complicating the dynamics between the two companies. In addition to Dongfeng, Italy has also engaged in discussions with other Chinese manufacturers looking to expand in Europe, particularly as they seek to circumvent new tariffs on electric vehicles. Attracting Dongfeng to Italy would not only secure a major investment in the country’s automotive sector but also position Italy as a significant player in Europe’s efforts to accelerate electric vehicle (EV) manufacturing. Moreover, it would help rebuild Italy’s partnership with China following the country’s decision to exit Xi Jinping’s Belt and Road Initiative. 

As negotiations continue, the Italian government remains committed to balancing the benefits of foreign investment with the need to protect national security and bolster its domestic automotive industry.
Read more »
SMS Phishing
Android Malware Bank Accounts Cyber Attacks Italy Malware attacks Mobile Cyber Attacks SMS Phishing

New Android Malware BingoMod Targets Financial Data and Wipes Devices

 

Malware has long been a significant threat to online security, serving as a backdoor entry for cybercriminals. Despite Google’s efforts to keep the Play Store free of malicious apps and deliver timely Android security patches, some attackers manage to bypass these defenses, stealing money and personal information from unsuspecting victims. 

Recently, a new malware named BingoMod has been identified targeting Android devices, stealing financial data and wiping them clean. BingoMod, discovered by researchers at cybersecurity firm Cleafy, uses a technique called smishing (SMS phishing) to infiltrate devices. This method involves sending a malware-laden link to the victim’s device, which, when clicked, installs the BingoMod app (version 1.5.1) disguised as a legitimate mobile security tool like AVG AntiVirus & Security. 

Once installed, the app requests access to device accessibility services, allowing it to steal login credentials, take screenshots, and intercept SMS messages. This information is then sent to the threat actor, providing near real-time access to the device’s functions. BingoMod leverages Android’s media projection APIs, which handle screencasting requests, to gather displayed information and bypass security measures like two-factor authentication (2FA). The malware is currently targeting devices in Italy, stealing up to 15,000 Euros in each transaction. 

However, experts at Cleafy believe the malware could spread to other markets, as it is still in active development. The malware’s evasive techniques enable it to avoid detection by reputable security tools like VirusTotal. It conceals its activities using fake notifications and screen overlays while stealing money and data in the background. If the BingoMod app is granted device administrator privileges, the attackers can remotely wipe the device, although Cleafy notes this would only clear the external storage. 

To avoid falling victim to smishing attacks like BingoMod, it is crucial never to click on links from unverified sources, especially those claiming to be important. Install apps only from reputable sources like the Google Play Store and set up passkeys for an additional layer of biometric security. A Google spokesperson told Android Police that Play Protect already safeguards Android users from known versions of this malware by blocking the app or showing a warning, even if the malicious app wasn’t downloaded from the Play Store. Additionally, using a password manager can help keep your credentials safe and alert you to recent data breaches that could compromise your accounts. 

By staying vigilant and following these best practices, you can protect your device from BingoMod and other malicious threats, ensuring your financial data and personal information remain secure.
Read more »
Ransomware
Italy malware RansomHouse RansomHub Ransomware

RansomHub and RansomHouse: Unmasking the Culprits Behind Italy’s Attacks

RansomHub and RansomHouse: Unmasking the Culprits Behind Italy’s Attacks

Hackers have claimed responsibility for three major cyberattacks in Italy in the last 24 hours. The RansomHub and RansomHouse gangs allegedly carried out the ransomware assaults in Italy. RansomHub targeted the websites of Cloud Europe and Mangimi Fusco, while RansomHouse claimed responsibility for conducting a cyberattack against Francesco Parisi.

Italy's Ransomware Attacks

Cloud Europe is a Tier IV carrier-neutral data center based in Rome's Tecnopolo Tiburtino. According to the company's website, it specializes in data center architecture and management, focusing on security and service continuity. The company creates, hosts, and operates modular infrastructure for data centers in both the private and public sectors.

The Attacks

1. Cloud Europe: On June 29, 2024, RansomHub claimed responsibility for infiltrating the servers of Cloud Europe, a prominent Tier IV certified data center in Rome. The attackers allegedly encrypted the servers and exfiltrated 70 terabytes of data. Among the stolen information were 541.41 gigabytes of sensitive data, including client records, financial documents, and proprietary software.

2. Mangimi Fusco: The same day, RansomHub targeted Mangimi Fusco, an animal food manufacturer. The group claimed to have stolen 490 gigabytes of confidential data, including client files, budget details, and payroll information. However, as of now, Mangini Fusco’s website shows no signs of the reported attack, leaving room for skepticism.

3. Francesco Parisi: RansomHouse, another hacking collective, breached the website of Francesco Parisi, a group specializing in freight forwarding and shipping services. The attack occurred on May 29, 2024, and resulted in the theft of 150 gigabytes of company data. Francesco Parisi has acknowledged the breach and is working to restore normalcy while enhancing its cybersecurity defenses.

The Implications

These attacks raise critical questions about the state of cybersecurity readiness among Italian businesses:

Vulnerabilities: Despite advancements in security protocols, organizations remain vulnerable to sophisticated attacks. The ability of threat actors to infiltrate well-established data centers and corporate websites highlights the need for continuous vigilance.

Data Privacy: The stolen data contains sensitive information that could be exploited for financial gain or used maliciously. Companies must prioritize data privacy and invest in robust encryption, access controls, and incident response plans.

Business Continuity: When ransomware strikes, business operations grind to a halt. Cloud Europe’s experience serves as a stark reminder that even data centers, designed to ensure continuity, are not immune. Organizations must have contingency plans to minimize disruptions.

How to Stay Safe?

To safeguard against ransomware and other cyber threats, companies should consider the following strategies:

  • Regular Backups: Frequent backups of critical data are essential. These backups should be stored securely and tested periodically to ensure their integrity.
  • Employee Training: Human error often opens the door to cyberattacks. Regular training sessions can educate employees about phishing emails, suspicious links, and safe online practices.
  • Multi-Factor Authentication (MFA): Implementing MFA adds an extra layer of security, making it harder for unauthorized individuals to gain access.
  • Incident Response Plans: Organizations should develop comprehensive incident response plans that outline steps to take during a breach. Swift action can minimize damage and prevent data loss.

Read more »
Trento Italy
AI Artificial Intelligence EU European Union Italy Italy privacy watchdog Privacy street surveillance project Trento Italy

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI


Italy’s privacy watchdog has recently fined the northern city of Trento since they failed to keep up with the data protection guidelines in how they used artificial intelligence (AI) for street surveillance projects. 

Trento was the first local administration in Italy to be sanctioned by the GPDP watchdog for using data from AI tools. The city has been fined a sum of 50,000 euros (454,225). Trento has also been urged to take down the data gathered in the two European Union-sponsored projects. 

The privacy watchdog, known to be one of the most proactive bodies deployed by the EU, for evaluating AI platform compliance with the bloc's data protection regulations temporarily outlawed ChatGPT, a well-known chatbot, in Italy. In 2021, the authority also reported about a facial recognition system tested under the Italian Interior Ministry, which did not meet the terms of privacy laws.

Concerns around personal data security and privacy rights have been brought up by the rapid advancements in AI across several businesses.

Following a thorough investigation of the Trento projects, the GPDP found “multiple violations of privacy regulations,” they noted in a statement, while also recognizing how the municipality acted in good faith.

Also, it mentioned that the data collected in the project needed to be sufficiently anonymous and that it was illicitly shared with third-party entities. 

“The decision by the regulator highlights how the current legislation is totally insufficient to regulate the use of AI to analyse large amounts of data and improve city security,” it said in a statement.

Moreover, in its presidency of the Group of Seven (G7) major democracies, the government of Italy which is led by Prime Minister Giorgia Meloni has promised to highlight the AI revolution.

Legislators and governments in the European Union reached a temporary agreement in December to regulate ChatGPT and other AI systems, bringing the technology one step closer to regulations. One major source of contention concerns the application of AI to biometric surveillance.  

Read more »
Sensitive data
BBC Chat GPT Data Privacy Laws Information Security risk Italy Malicious actor OpenAI Privacy Sensitive data

ChatGPT and Data Privacy Concerns: What You Need to Know

As artificial intelligence (AI) continues to advance, concerns about data privacy and security have become increasingly relevant. One of the latest AI systems to raise privacy concerns is ChatGPT, a language model based on the GPT-3.5 architecture developed by OpenAI. ChatGPT is designed to understand natural language and generate human-like responses, making it a popular tool for chatbots, virtual assistants, and other applications. However, as ChatGPT becomes more widely used, concerns about data privacy and security have been raised.

One of the main concerns about ChatGPT is that it may need to be more compliant with data privacy laws such as GDPR. In Italy, ChatGPT was temporarily banned in 2021 over concerns about data privacy. While the ban was later lifted, the incident raised questions about the potential risks of using ChatGPT. Wired reported that the ban was due to the fact that ChatGPT was not transparent enough about how it operates and stores data and that it may not be compliant with GDPR.

Another concern is that ChatGPT may be vulnerable to cyber attacks. As with any system that stores and processes data, there is a risk that it could be hacked, putting sensitive information at risk. In addition, as ChatGPT becomes more advanced, there is a risk that it could be used for malicious purposes, such as creating convincing phishing scams or deepfakes.

ChatGPT also raises ethical concerns, particularly when it comes to the potential for bias and discrimination. As Brandeis University points out, language models like ChatGPT are only as good as the data they are trained on, and if that data is biased, the model will be biased as well. This can lead to unintended consequences, such as reinforcing existing stereotypes or perpetuating discrimination.

Despite these concerns, ChatGPT remains a popular and powerful tool for many applications. In 2021, the BBC reported that ChatGPT was being used to create chatbots that could help people with mental health issues, and it has also been used in the legal and financial sectors. However, it is important for users to be aware of the potential risks and take steps to mitigate them.

While ChatGPT has the potential to revolutionize the way we interact with technology, it is essential to be aware of the potential risks and take steps to address them. This includes ensuring compliance with data privacy laws, taking steps to protect against cyber attacks, and being vigilant about potential biases and discrimination. By doing so, we can harness the power of ChatGPT while minimizing its potential risks.
Read more »
zero-day
Anonymous Data Breach ICAN Italy Kali Linux PowerShell servers Software Trojan unauthorised access zero-day

Global Ransomware Attack Targets VMware ESXi Servers



Cybersecurity firms around the world have recently warned of an increase in cyberattacks, particularly those targeting corporate banking clients and computer servers. The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers, urging organisations to take action to protect their systems.

In addition, Italian cybersecurity firm Cleafy researchers Federico Valentini and Alessandro Strino reported an ongoing financial fraud campaign since at least 2019 that leverages a new web-inject toolkit called drIBAN. The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments, altering legitimate banking transfers performed by the victims and transferring money to an illegitimate bank account.

These accounts are either controlled by the threat actors or their affiliates, who are then tasked with laundering the stolen funds. The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that's capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim's own computer.

The operators behind drIBAN have become more adept at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Organisations need to be aware of these threats and take immediate action to protect their systems from cyberattacks. The ACN has reported that dozens of Italian organisations have been likely affected by the global ransomware attack and many more have been warned to take action to avoid being locked out of their systems.


Read more »
Technology
Ban ChatGPT Data Europe Italy Safety Security Technology

Is Italy's ChatGPT Ban Setting a New Standard for the Rest of Europe?

 

After Italy became the first Western country to block advanced chatbot ChatGPT on Friday due to a lack of transparency in its data use, Europe is wondering who will follow. Several neighboring countries have already expressed interest in the decision.

“In the space of a few days, specialists from all over the world and a country, Italy, are trying to slow down the meteoric progression of this technology, which is as prodigious as it is worrying,” writes the French daily Le Parisien.


Many cities in France have already begun with their own research “to assess the changes brought about by ChatGPT and the consequences of its use in the context of local action,” reports Ouest-France.


The city of Montpellier wants to ban ChatGPT for municipal staff, as a precaution," the paper reports. “The ChatGPT software should be banned within municipal teams considering that its use could be detrimental.”


According to the BBC, the Irish data protection commission is following up with the Italian regulator to understand the basis for its action and "will coordinate with all E.U. (European Union) data protection authorities" in relation to the ban.


The Information Commissioner's Office, the United Kingdom's independent data regulator, also told the BBC that it would "support" AI developments while also "challenging non-compliance" with data protection laws.


ChatGPT is already restricted in several countries, including China, Iran, North Korea, and Russia. The E.U. is in the process of preparing the Artificial Intelligence Act, legislation “to define which AIs are likely to have societal consequences,” explains Le Parisien. “This future law should in particular make it possible to fight against the racist or misogynistic biases of generative artificial intelligence algorithms and software (such as ChatGPT). 


The Artificial Intelligence Act also proposes appointing one regulator in charge of artificial intelligence in each country.


The Italian situation

The Italian data protection authority explained that it was banning and investigating ChatGPT due to privacy concerns about the model, which was developed by a U.S. start-up called OpenAI, which is backed by billions of dollars in investment from Microsoft.


The decision "with immediate effect" announced by the Italian National Authority for the Protection of Personal data was taken because “the ChatGPT robot is not respecting the legislation on personal data and does not have a system to verify the age of minor users,” Le Point reported. 


“The move by the agency, which is independent from the government, made Italy the first Western country to take action against a chatbot powered by artificial intelligence,” wrote Reuters. 


The Italian data protection authority stated that it would not only block OpenAI's chatbot, but would also investigate whether it complied with the EU's General Data Protection Regulation.

Protecting minors

It goes on to say that the new technology "exposes minors to completely inappropriate answers in comparison to their level of development and awareness."


According to the press release from the Italian Authority, on March 20, ChatGPT "suffered a loss of data ('data breach') concerning user conversations and information relating to the payment of subscribers to the paid service."


It also mentions the "lack of a legal basis justifying the mass collection and storage of personal data for the purpose of 'training' the algorithms underlying the platform's operation."


ChatGPT was released to the public in November and was quickly adopted by millions of users who were impressed by its ability to answer difficult questions clearly, mimic writing styles, write sonnets and papers, and even pass exams. ChatGPT can also be used without any technical knowledge to write computer code.


“Since its release last year, ChatGPT has set off a tech craze, prompting rivals to launch similar products and companies to integrate it or similar technologies into their apps and products,” writes Reuters.


"On Friday, OpenAI, which disabled ChatGPT for users in Italy in response to the agency's request, said it is actively working to reduce the use of personal data in training its AI systems like ChatGPT."


According to Euronews, the Italian watchdog has now asked OpenAI to "communicate within 20 days the measures undertaken" to remedy the situation, or face a fine of €20 million ($21.7 million) or up to 4% of annual worldwide turnover.


The announcement comes after Europol, the European police agency, warned on Monday that criminals were ready to use AI chatbots like ChatGPT to commit fraud and other cybercrimes. The rapidly evolving capabilities of chatbots, from phishing to misinformation and malware, are likely to be quickly exploited by those with malicious intent, Europol warned in a report.


Read more »
Tax agency
Cyber Crime Data Leak Italy Ransomware Gang Tax agency

LockBit Ransomware Gang Targets Italian Tax Agency

 

Over the weekend, the Lockbit ransomware gang disclosed they have infiltrated Italy’s Revenue Agency (L’Agenzia delle Entrate) and stolen 78 GB of files, including documents, scans, financial reports, and contracts. 

The Italian Revenue Agency manages the financial code of Italy and collects taxes and revenue. The agency also offers multiple online services for Italian and non-Italian taxpayers. 

The ransomware gang gave the agency about six days to pay the ransomware to avoid leaking stolen data. The group then extended the deadline to August 1 and announced it now had 100 GB of data. They also posted several screenshots of the stolen data on their dark web data leak website. 

“The Revenue Agency, operational since 1 January 2001, was born from the reorganization of the Financial Administration following the Legislative Decree No. 300 of 1999. It has its own statute and specific regulations governing administration and accounting. The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” reads the text posted on the leak site. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” 

However, Sogei, an IT firm owned by the Ministry of Economy and Finance, tasked with the investigation of the alleged hack, said that there is no evidence that the tax agency has suffered a data breach. 

“Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred or data has been stolen from the financial administration's technological platforms and infrastructures. From the technical checks carried out, Sogei, therefore, excludes that a computer attack on the Revenue Agency website may have occurred,” the company stated in a lengthy statement. 

At the end of June, the Lockbit ransomware gang announced the launch of Lockbit 3.0, a new ransomware-as-a-service offering and a bug bounty program. The group said it will offer rewards ranging between $1,000 and $1 million to security researchers and ethical or unethical hackers for information regarding vulnerabilities in their website, the ransomware encryption process, the Tox messaging app, and bugs exploiting their Tor infrastructure. 

Additionally, the Lockbit 3.0 version is employing a new extortion methodology that allows threat hackers to buy data stolen from the victims during the attacks. This means that someone could buy data from Italian taxpayers and leverage them for a wide range of financial frauds.
Read more »
Spyware
Android devices Command and Control(C2) Data Breach f Italy Lookout Pegasus SMS Attack Spyware

'Hermit' Spyware Deployed in Syria, Kazakhstan, and Italy



Lookout Inc. discovered an enterprise-grade Android surveillanceware being used by the authorities operating within Kazakhstan's borders. Lookout researchers identified evidence of the spyware, called "Hermit," being used in Italy and northern Syria. 

Researchers got a sample of "Hermit" in April 2022, four months after a series of violently suppressed nationwide rallies against government policies. The Hermit spyware was most likely built by RCS Lab S.p.A, an Italian surveillance firm, and Tykelab Srl. 

The Hermit spyware was most likely produced by Italian surveillance vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company accused of acting as a front company, according to Lookout. 

In the same market as Pegasus creator NSO Group Technologies and Gamma Group, which invented FinFisher, is a well-known developer with previous interactions with governments such as Syria. This appears to be the first time that a modern RCS Lab mobile spyware client has been publicly disclosed. 

The spyware is said to be spread by SMS messages that spoof users into installing what appear to be harmless apps from Samsung, Vivo, and Oppo, which, when launched, load a website from the impersonated company while silently initiating the kill chain. 

Spyware has been seen to infect Android smartphones in the past. The threat actor APT-C-23 (aka Arid Viper) was linked to a series of attacks targeting Middle Eastern users with new FrozenCell versions in November 2021. Last month, Google's Threat Analysis Group (TAG) revealed that government-backed actors in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia are purchasing Android zero-day exploits for covert surveillance efforts. 

As per Lookout, the samples studied used a Kazakh language website as a decoy, and the main Command-and-control (C2) server used by this app was a proxy, with the true C2 being located on an IP from Kazakhstan. "They call themselves 'lawful intercept' organizations since they claim to only sell to customers with legitimate surveillance purposes, such as intelligence and law enforcement agencies. Under the pretext of national security, similar technologies have been used to phish on corporate executives, human rights activists, journalists, academics, and government officials "as per the researchers. 

The revelations came as the Israel-based NSO Group is rumored to be in talks to sell its Pegasus technology to US defense contractor L3Harris, which makes StingRay cellular phone trackers, raising concerns it could allow law enforcement to deploy the controversial hacking tool.
Read more »
Safety
Cyber Attacks DDOS Attacks Italy Killnet Russia-Ukraine War Safety

Italy Alerts Organizations of Incoming DDoS Attacks

 

On Monday, Italy's Computer Security Incident Response Team (CSIRT) issued an urgent warning about the significant threat of cyberattacks against national entities. The Italian organisation is referring to a DDoS (distributed denial-of-service) cyberattack, which may not be catastrophic but can nonetheless cause financial and other harm due to service failures and interruptions. 

“There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy,” describes the public alert. 

The indicators are Telegram postings from the Killnet organisation inciting massive and unprecedented assaults on Italy. Killnet is a pro-Russian hacktivist group that launched an attack on Italy two weeks ago, employing an ancient but still powerful DDoS technique known as 'Slow HTTP.' As a result, CSIRT's advised defensive actions this time are related to this sort of assault but also contain numerous generic pieces of advice. 

Last Tuesday, Killnet announced "Operation Panopticon," appealing for 3,000 "cyber fighters" to join in 72 hours. Last week, the group restated the call to action multiple times. The necessary sign-up form requests information on the volunteers' system, origin, age, and Telegram account, as well as the tools needed to launch resource-depletion attacks. 

While DDoS appears to be the primary purpose, it is possible that Killnet intends to utilise DDoS to force defences to cope with service outages rather than active cyberattacks. Killnet presented an etymology definition of the word Panopticon, implying data leaks and warning that 90% of the country's officials will 'go crazy.' 

Killnet's recent targeting of entities in numerous countries, Italy among them, for backing Ukraine's resistance against Russia has resulted in the group's targeting of Italian groups. This prompted Anonymous Italy to take action, launching attacks on Killnet and doxing some of its members via social media. As a result, Killnet retaliated. 

The CSIRT Italy website was intermittently inaccessible at the time of writing, but no long-term connection difficulties were observed. There have also been reports of Poste Italiane, Italy's national postal service provider, going down for many hours this morning. 

However, the agency told la Repubblica that the disruption was caused by a software upgrade that did not proceed as planned, rather than by Killnet assaults. Other local media sources that regularly monitor the availability of Italian sites claim that the web portals of the State Police and the Italian Ministries of Foreign Affairs and Defense are also unavailable. At the time of writing, the sites of the two ministries appear to have been damaged by a DDoS assault, according to BleepingComputer.
Read more »
Ursnif Trojan
Bank Cerberus Gozi Italy malware Ursnif Trojan

Ursnif Banking Trojan is Back in Italy

 

The banking trojan 'Ursnif' (aka 'Gozi') is back in business in Italy, targeting a large range of banking users with mobile malware. According to the IBM's Trusteer Team's analysis, the stakeholders behind Ursnif now include "Cerberus," in their operations, a Trojan whose code had been leaked in September 2020 after a failing auction attempt. 

Ursnif is a banking trojan and is seen in several automated exploit kits, spreading attachments and dangerous links. Ursnif is primarily related to data theft, although its component versions also contain (backdoors, spyware, file injectors, etc.).

Cerberus is a mobile overlay malware that was first developed in the midst of 2019. Cerberus is allegedly utilized to get two-factor authentication codes in real-time during the attack whereas it is also useful to obtain the screen code from the lock and remotely operate the device. 

In September 2020, the development team of Cerberus agreed to dissolve, encouraging an endeavor to sell the source code to the highest bidder starting at $100,000. 

As IBM notes, Ursnif is arguably now the oldest existing banking malware, with its main focus being Italy. It will usually be sent through e-mail with an attached document with harmful macros - to various business addresses. After that Web injection takes over and calls on the targets to download a presumed safe software - essentially a mobile Trojan app. This is done using a QR code with an encoded string of base64. 

“If users scan the QR code, they will open a web page on their smartphone and be sent to a fake Google Play page featuring a corresponding banking app logo of the banking brand the victim originally attempted to access. The campaign, in this case, included several domains that were most likely registered for that purpose and reported in other malicious activity in the past, such as hxxps://play.google.servlce.store/store/apps/details.php?id=it.[BANK BRAND],” wrote Itzik Chimino, a researcher at Security Intelligence. 

Each domain that hosts bogus Google Play pages uses identical terms or typosquatting to make it appear legitimate. Examples include:
 google.servlce.store
 gooogle.services
 goooogle.services
 play.google.servlce.store
 play.gooogle.services
 play.goooogle.services 

For a few months, these malicious domains have also been on VirusTotal, and additional reports have accumulated over time.

For customers who fail to scan the QR code effectively, a download link will be provided that asks them to give their telephone number and then receive an SMS message with a malicious app link, that warns consumers about a service disruption if the app is failing to collect them. 

The remote server sends a download URL to allow users to unintentionally download the Cerberus malware if they enter a phone number on a website injector. This injection also retains device IDs for victims associated with their bot ID and account passwords. 

These URLs bring Cerberus on the mobile phone, while Ursnif is on the PC. The performers are therefore completely infected by the mixture of both instruments, while Ursnif still has a job. The malware hooks the desktop internet browser on this front and handles websites that are dynamically used for the purpose. 

One of Ursnif's primary measures is to automatically change the transaction-receiving IBAN with one that it manages. In particular, the actors only specify a parameter that enables this swap if the amount of the account exceeds €3,000. 

Finally, it is noteworthy that the injections are highly adaptive and the actors differentiate their method depending on the victim and the bank service that is faked. The actors have considered everything, including security problems, log-in times, and even a fake maintenance notice, to prevent the victim from viewing the real service portal. 

Further, it is advised to not download the app outside the Play Store and neither to click on any URLs received via SMS. If one receives any message that claims its source as some bank, avoid acting according to that instead visit or contact the bank personally.
Read more »
Italy
188 Branches BCC Attack Cyber Attacks Italy

Banca di Credito Cooperativo Bank Suffers a Major Cyber Attack

 

A suspected cyber-attack by hackers has paralyzed the operations of the 188 branches of the Banca di Credito Cooperativo (Bcc) in Rome, one of the largest Italian cooperative credit banks. Yesterday morning, during the daily security checks, the institute’s experts discovered a security loophole, which reduced the possibility of carrying out normal operations at the institute’s counters.

Threat actors targeted the internal network 

According to an unofficial source, a component of the IT infrastructure of the Bcc showed traces of activity not attributable to normal operation in some servers and internal workstations. To allow controls and secure the network, security experts isolated this piece of infrastructure. But this caution reduced the operations at the branches for 24 hours: the portals continued to work, but customers who showed up for withdrawals, deposits, and more struggled to be identified and supported at the branches.

Execution of the backup plan 

The institute would be examining the incident with its IT security experts, to be able to say in the next few hours whether it was a telematic attack or a simple technical malfunction. However, the bank announces that as of today, operations at the branches have been fully restored, by virtue of the activation of the emergency plan, which provides for analogue integration to digital deficiencies that could last for the whole week. Meanwhile, the DarkSide ransomware gang has taken responsibility for the attack.

In the afternoon the Bcc of Rome released a note, according to which “the technical malfunctions did not affect the information system in the strict sense, and the home banking systems, payment cards, and ATM services are all fully operational today”. 

The institute also points out that “today the agencies are regularly open to the public and the technical problems that affected their operations are in the final resolution phase, which will be gradually restored from Monday 3 May” for those who go to the branch. While, for what seems a paradox since it is a cyber-attack, “home banking services can be regularly used from PCs or smartphones and through them it is possible to carry out all information and dispositive operations”.
Read more »
Subscribe to: Posts (Atom)