You are on page 1of 23

A vision of cybercrime in Italy

Matteo Cavallini

About me
Currently I am the Head of Security in Consip SpA, a company owned solely by the Italian Ministry of Economy, with the mission of providing consultancy and project support, organizational and technological services aimed at the innovation of Public Administration. Since 2007 I have been the Head of the Local Security Unit (LSU) MEF/Consip, the internal CERT of the Italian Ministry of Economy I am also the VP of the Cloud Security Alliance Italy Chapter

Matteo Cavallini CeCOSVI 2012 - Prague

Italian National CERT is on its way yet


so we built an operational network

Associations

Tech. & Security Providers

Matteo Cavallini CeCOSVI 2012 - Prague

Italian National CERT is on its way yet


We gathered pieces of info from public sources and our peers in order to... create our vision

Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from Clusit Report


DDOS Hacktivism Phishing Ransomware Child pornography Cyberbullying
Growing trends
Matteo Cavallini CeCOSVI 2012 - Prague

Cyber attacks

Police Ransomware in Italy


Hundreds of fake bills sent to Italian citizens claiming that there has been an access to some banned pornographic photos. PC is crippled by the malware and there is a request of 100 to pay.

Matteo Cavallini CeCOSVI TrendMicro Sources are F-Secure and 2012 - Prague

Some Pieces... from Clusit Report


Target distribution

Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from Our Team


Monitoring open sources with spefic tools developed by our team, we found early traces of many attacks against Italian and European websites, enabling us to give our contribution to contain the incident. Here some examples:

appsrv.ice.gov.it

www.qualitapa.gov.it
Matteo Cavallini CeCOSVI 2012 - Prague

What about the costs of a breach?


Symantec-Ponemon Report

Matteo Cavallini CeCOSVI 2012 - Prague

A Direct Consequence
According to EECTF Survey, companies are reluctant to report attacks

Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from UCAMP


Central Office for Means of Payment Fraud (UCAMP) is
responsible for Euro counterfeiting and preventing fraud committed through the use of payment means other than cash

Italy is still a small market


70 60 50 40 30 20 10 0 Italy 2010 Euro Area 2009 EU 27 2009

Paymentmeans other than cash

Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from UCAMP


Italy is still a small market... also for carders!
0,060% 0,050% 0,040% 0,030% 0,020% 0,010%
10% 80% 70% 60% 50%

2009 2010

40% 30% 20%

In Country Abroad

0,000% Italy Australia France

0% Italy UK France Australia

Losses causedby frauds

Unrecognized transactions by area

Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from UCAMP


In Italy the majority of frauds are made via POS

2009
Internet 5% ATM 25% POS 70%

Unrecognized transactions involving cards in Italy (organized by type)


Internet 7%

2010
ATM 30%

POS 63%

Preliminary data for 2011 confirm the trends.


Matteo Cavallini CeCOSVI 2012 - Prague

Some Pieces... from the Italian Police

Total Total Average inspections complaints amount

People charged

Fake banks

Phishing in 2011
Matteo Cavallini CeCOSVI 2012 - Prague

Beyond Official Data... Here are Some Trends


At the moment, in Italy:
Phishing and financial malware targets private companies and public administrations more then ever Most of financial malware is a variant of ZeuS In cyberfrauds, there are some special abilities related to ethnic groups Most of money mules are abroad On average, every 100 wire transfers made by fraudsters, 80 are blocked before being sent.

Matteo Cavallini CeCOSVI 2012 - Prague

Beyond Official Data... Here are Some Trends


Efficiency in cross border payments is strongly increased by the institution of the Single Euro Payment Area (SEPA). Most of these payments are now executed within 1 day. Also criminals take advantage of this situation so, most of the money mules are abroad. Italian Police is reinforcing its direct contacts with other LEAs of the SEPA countries to increase efficiency.
Matteo Cavallini CeCOSVI 2012 - Prague

Other Pieces... from the Italian Police

Total Total complaints inspections

People charged

Identity theft in 2011


Matteo Cavallini CeCOSVI 2012 - Prague

From figures to real crimes...

They steal the digital signature and put the company of an unsuspecting businessman in their name: busted by the Financial Police 03-26-2012

Matteo Cavallini CeCOSVI 2012 - Prague

Here another example...


Many gov agencies hacked. Drop-zone was in Malesia.

An interesting case of an Italian hacker that sent a lot a spearphishing emails to users of the local and central PA. Using the stolen password he sold to private investigators illegal accesses to sensitive PII. Sentenced to 4 years in jail.
Matteo Cavallini CeCOSVI 2012 - Prague

A Last Piece... from Clusit Report


One major event

Matteo Cavallini CeCOSVI 2012 - Prague

What to expect in the near future?


1
A growth of Financial Malware on social and mobile channels

Monetization of non financial data

A growth of the non-Financial Targets

A growth in Hacktivism

Achievement of the Fraud-as-a-Service model

6 Efficient sharing of data


effectiveness in countering botnets and cybergangs

Matteo Cavallini CeCOSVI 2012 - Prague

My worst nightmare
will we see this fusion in the future?

Matteo Cavallini CeCOSVI 2012 - Prague

Thanks a lot!
matteo.cavallini@consip.it

Matteo Cavallini CeCOSVI 2012 - Prague

You might also like