There cybersecurity It's news when well-known people are attacked. In these hours the hackers pro-Russian “NoName057” who announced that they had attacked the websites of the Ministry of Economy and Finance, the Ministry of Infrastructure, a subdomain of the Guardia di Finanza portal dedicated to competitions and the website of the Prime Minister Giorgia Meloni.
In 2023, there has been an increase in credentials of compromised accounts, combined with other data that is extremely valuable to hackers. In fact, it is estimated that the data in circulation on the dark web, or accessible on messaging platforms, is over 7.5 billion globally, with a growth of +44.8% compared to 2022. Furthermore, reports of data detected on the dark web there were 1,801,921, with a growth of +15.9% compared to 2022, while focusing on Italy the number of users alerted for theft of data monitored on the dark web showed growth of +13.9% compared to the previous year.
These are some of the main findings emerging from the CRIF Cyber Observatory, which analyzes the vulnerability of users and companies to cyber attacksinterpreting the main trends affecting data exchanged in both Open Web and Dark Web environments.
The most attractive data on the web
The main categories of data that are under attack remain, also in 2023, respectively:
- password
- email addresses
- username
- name and surname
- telephone number
Compared to 2022, the password overtakes the email reaching the first position, while the username rises to third position, overtaking the name and surname and telephone number, among the most vulnerable data. Very often emails are associated with one password, with a share of 94.4% of cases (increasing by +4.4% compared to 2022); just as usernames often appear together with passwords (65.6%). The telephone number plays a fundamental role in these cases and, when also associated with the password (16.6%), increases the victim's vulnerability. This combination is up +25.6% compared to the previous year.
The activities of monitoring and combating hackers continue to have great importance also in our country, where there is a number of consumers alerted to the dark web, thanks to CRIF services, growing by +13.9% compared to the previous year. In fact, in Italy, where 51.7% of users received at least one alert in 2023, there was in particular an increase in reports sent relating to theft of data monitored on the dark web. In this case, 77.5% of users were alerted, while 22.5% was the share of users alerted due to data collected on the public web.
The safety decalogue
But how to defend yourself from attacks? Net of the actions that companies are entitled to, how can private citizens equip themselves? Some time ago Assoprovider had drawn up a simple decalogue to guide its behaviour.
Ten tips to start with.
- Watch out for emails and private messages. It may seem trivial to repeat it: never click on links and attachments that seem suspicious to us. In emails, so-called phishing is practiced, when a user pretends to be someone else, in the hope of making you “take the bait”. Always pay attention to the sender, therefore. Sometimes, hackers also exploit the identities of your friends: so don't trust anyone on the web. To get a further clue as to the security of the message, analyze the link you were asked to click on: if the address begins with Https (where the s is essential), then it is probably a secure site.
- Select friends. Friend requests, follows, Skype contacts, emails: the web is now the place to enter into relationships. But just like in reality, the people who approach us online don't always have the best intentions. The rule is not to accept invitations from people we don't even know “in person” or who don't come with an introductory message explaining their objectives.
- Browse safely. As in a city, even on the web there are safer areas and others less so. Porn sites, for example; or platforms where it is possible to download copyrighted content for free (films, TV series, and so on). To avoid problems it is always better to navigate safely, staying away from this type of portal: sometimes just one “wrong” click is enough to unknowingly share all your data.
- Deep Web, the dark power of online. Speaking of gray areas on the Internet, the dark web is certainly the most famous. It is a real world apart, which can only be accessed using particular software (such as the Tor browser). Its reputation as a “dark” place is certainly deserved.
- Check the connection. If you don't want to be hacked, be careful with public Wi-Fi connections: at the airport, in bars or in other public places, Internet connections are not always monitored with the same attention as private ones. Avoid using them if you can, or be careful when you do: it's best to avoid, for example, accessing your online banking app when you're connected to a public network.
- Doxxing risk: be careful what you post. The Internet does not forget. If you think you have complete control over what you post online, you're wrong. The rule is: don't share anything you wouldn't want your mom or your employer to see. This way you will avoid the so-called “doxxing”, when friends or complete strangers steal your private information. In this sense, it is important to pay attention to the privacy settings you have set on your different profiles, choosing for example not to automatically accept other people's “tags” on your photos that they publish online.
- Apps are not a game. Due to the overwhelming success that some of them have, the apps have become the favorite target of some malicious people, not necessarily hackers in this case. For example, there are apps that have payment and subscription systems that are poorly transparent: never reveal your card and account details online when you are not sure who developed the game.
- Filter and limit. Today's children and young people are born with a smartphone and a tablet in their hands. They often know its “secrets” better than us, but are we certain that it is a perfectly safe tool? An additional possibility is to select for them the so-called parental control, software that limits access to certain sites and contents considered unsuitable for an audience that is too young.
- Update everything. First of all, you need to equip yourself with a good antivirus (there are many, even free ones) and update it periodically. It is then appropriate to plan for PC and smartphone scans on a regular basis to identify any viruses and malware. However, the advice to update everything also extends to the operating system used (Windows, Linux, iOS and so on) and the applications and software we use most often, in order to improve the overall security of our devices.
- IoT: if “things” become gateways for hackers. The Internet of Things is a great opportunity, which however can prove to be a threat. Today almost all the “things” we have are connected to the Internet: from the oven to the thermostat. However, this makes our online security more vulnerable: every connected device is in fact a possible access door for hacking. Also because some manufacturers have not implemented the necessary safety measures.