SlideShare a Scribd company logo

A Vision of Cybercrime in Italy

Matteo Cavallini
Matteo Cavallini

An integrated view on the Italian Cyber-crime scenario. Una visione complessiva della situazione del cyber-crime in Italia

1 of 23
A vision of cybercrime in Italy Matteo Cavallini
About me Currently I am the Head of Security in Consip SpA, a company owned solely by the Italian Ministry of Economy, with the mission of providing consultancy and project support, organizational and technological services aimed at the innovation of Public Administration. Since 2007 I have been the Head of the Local Security Unit (LSU) MEF/Consip, the internal CERT of the Italian Ministry of Economy I am also the VP of the Cloud Security Alliance – Italy Chapter Matteo Cavallini CeCOSVI 2012 - Prague
Italian National CERT is on its way… yet so we built an operational network Associations Tech. & Security Providers Matteo Cavallini CeCOSVI 2012 - Prague
Italian National CERT is on its way… yet We gathered pieces of info from public sources and our peers in order to... create our “vision” Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from Clusit Report DDOS Hacktivism Phishing Cyber attacks Ransomware Child pornography Cyberbullying Growing trends Matteo Cavallini CeCOSVI 2012 - Prague
Police Ransomware in Italy Hundreds of fake bills sent to Italian citizens claiming that there has been an access to some banned pornographic photos. PC is crippled by the malware and there is a request of 100€ to pay. Sources are F-Secure and 2012 - Prague Matteo Cavallini CeCOSVI TrendMicro
Some Pieces... from Clusit Report Target distribution Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from Our Team Monitoring open sources with spefic tools developed by our team, we found early traces of many attacks against Italian and European websites, enabling us to give our contribution to contain the incident. Here some examples: appsrv.ice.gov.it www.qualitapa.gov.it Matteo Cavallini CeCOSVI 2012 - Prague
What about the costs of a breach? Symantec-Ponemon Report Matteo Cavallini CeCOSVI 2012 - Prague
A Direct Consequence… According to EECTF Survey, companies are reluctant to report attacks Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from UCAMP Central Office for Means of Payment Fraud (UCAMP) is responsible for Euro counterfeiting and preventing fraud committed through the use of payment means other than cash Italy is still a small “market” 70 60 50 40 Italy 2010 30 Euro Area 2009 20 EU 27 2009 10 0 Paymentmeans other than cash Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from UCAMP Italy is still a small “market”... also for carders! 0,060% 80% 70% 0,050% 60% 0,040% 50% 0,030% 2009 40% In Country 2010 30% Abroad 0,020% 20% 0,010% 10% 0,000% 0% Italy Australia France Italy UK France Australia Unrecognized transactions by area Losses causedby frauds Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from UCAMP In Italy the majority of frauds are made via POS 2009 Unrecognized transactions involving Internet cards in Italy (organized by type) 5% ATM 25% Internet 2010 7% POS 70% ATM 30% POS 63% Preliminary data for 2011 confirm the trends. Matteo Cavallini CeCOSVI 2012 - Prague
Some Pieces... from the Italian Police Total Total Average People Fake inspections complaints amount charged banks Phishing in 2011 Matteo Cavallini CeCOSVI 2012 - Prague
Beyond Official Data... Here are Some Trends At the moment, in Italy: Phishing and financial malware targets private companies and public administrations more then ever Most of financial malware is a variant of ZeuS In cyberfrauds, there are some “special abilities” related to ethnic groups Most of money mules are abroad On average, every 100 wire transfers made by fraudsters, 80 are blocked before being sent. Matteo Cavallini CeCOSVI 2012 - Prague
Beyond Official Data... Here are Some Trends Efficiency in cross border payments is strongly increased by the institution of the “Single Euro Payment Area” (SEPA). Most of these payments are now executed within 1 day. Also criminals take advantage of this situation so, most of the money mules are abroad. Italian Police is reinforcing its direct contacts with other LEAs of the SEPA countries to increase efficiency. Matteo Cavallini CeCOSVI 2012 - Prague
Other Pieces... from the Italian Police Total Total People complaints inspections charged Identity theft in 2011 Matteo Cavallini CeCOSVI 2012 - Prague
From figures to real crimes... They steal the digital signature and put the company of an unsuspecting businessman in their name: busted by the Financial Police - 03-26-2012 Matteo Cavallini CeCOSVI 2012 - Prague
Here another example... Many gov agencies hacked. Drop-zone was in Malesia. An interesting case of an Italian hacker that sent a lot a spear- phishing emails to users of the local and central PA. Using the stolen password he sold to private investigators illegal accesses to sensitive PII. Sentenced to 4 years in jail. Matteo Cavallini CeCOSVI 2012 - Prague
A Last Piece... from Clusit Report One major event Matteo Cavallini CeCOSVI 2012 - Prague
What to expect in the near future? 1 A growth of Financial 4 Monetization of non Malware on social and financial data mobile channels 2 A growth of the 5 A growth in Hacktivism non-Financial Targets 3 Achievement of the 6 Efficient sharing of data – “Fraud-as-a-Service” effectiveness in model countering botnets and cybergangs Matteo Cavallini CeCOSVI 2012 - Prague
My worst nightmare will we see this fusion in the future? Matteo Cavallini CeCOSVI 2012 - Prague
Thanks a lot! matteo.cavallini@consip.it Matteo Cavallini CeCOSVI 2012 - Prague

Recommended

Mobile Health | nascent at McKesson
Mobile Health | nascent at McKessonMobile Health | nascent at McKesson
Mobile Health | nascent at McKessonnascent
 
Train Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeTrain Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeHuman Resources & Payroll
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
 
CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!Dr David Probert
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cavallini Focus On Cloud Security
Cavallini Focus On Cloud SecurityCavallini Focus On Cloud Security
Cavallini Focus On Cloud SecurityMatteo Cavallini
 

Recommended

Mobile Health | nascent at McKesson
Mobile Health | nascent at McKessonMobile Health | nascent at McKesson
Mobile Health | nascent at McKessonnascent
 
Train Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeTrain Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeHuman Resources & Payroll
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
 
CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!Dr David Probert
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cavallini Focus On Cloud Security
Cavallini Focus On Cloud SecurityCavallini Focus On Cloud Security
Cavallini Focus On Cloud SecurityMatteo Cavallini
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

More Related Content

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

A Vision of Cybercrime in Italy

  • 1. A vision of cybercrime in Italy Matteo Cavallini
  • 2. About me Currently I am the Head of Security in Consip SpA, a company owned solely by the Italian Ministry of Economy, with the mission of providing consultancy and project support, organizational and technological services aimed at the innovation of Public Administration. Since 2007 I have been the Head of the Local Security Unit (LSU) MEF/Consip, the internal CERT of the Italian Ministry of Economy I am also the VP of the Cloud Security Alliance – Italy Chapter Matteo Cavallini CeCOSVI 2012 - Prague
  • 3. Italian National CERT is on its way… yet so we built an operational network Associations Tech. & Security Providers Matteo Cavallini CeCOSVI 2012 - Prague
  • 4. Italian National CERT is on its way… yet We gathered pieces of info from public sources and our peers in order to... create our “vision” Matteo Cavallini CeCOSVI 2012 - Prague
  • 5. Some Pieces... from Clusit Report DDOS Hacktivism Phishing Cyber attacks Ransomware Child pornography Cyberbullying Growing trends Matteo Cavallini CeCOSVI 2012 - Prague
  • 6. Police Ransomware in Italy Hundreds of fake bills sent to Italian citizens claiming that there has been an access to some banned pornographic photos. PC is crippled by the malware and there is a request of 100€ to pay. Sources are F-Secure and 2012 - Prague Matteo Cavallini CeCOSVI TrendMicro
  • 7. Some Pieces... from Clusit Report Target distribution Matteo Cavallini CeCOSVI 2012 - Prague
  • 8. Some Pieces... from Our Team Monitoring open sources with spefic tools developed by our team, we found early traces of many attacks against Italian and European websites, enabling us to give our contribution to contain the incident. Here some examples: appsrv.ice.gov.it www.qualitapa.gov.it Matteo Cavallini CeCOSVI 2012 - Prague
  • 9. What about the costs of a breach? Symantec-Ponemon Report Matteo Cavallini CeCOSVI 2012 - Prague
  • 10. A Direct Consequence… According to EECTF Survey, companies are reluctant to report attacks Matteo Cavallini CeCOSVI 2012 - Prague
  • 11. Some Pieces... from UCAMP Central Office for Means of Payment Fraud (UCAMP) is responsible for Euro counterfeiting and preventing fraud committed through the use of payment means other than cash Italy is still a small “market” 70 60 50 40 Italy 2010 30 Euro Area 2009 20 EU 27 2009 10 0 Paymentmeans other than cash Matteo Cavallini CeCOSVI 2012 - Prague
  • 12. Some Pieces... from UCAMP Italy is still a small “market”... also for carders! 0,060% 80% 70% 0,050% 60% 0,040% 50% 0,030% 2009 40% In Country 2010 30% Abroad 0,020% 20% 0,010% 10% 0,000% 0% Italy Australia France Italy UK France Australia Unrecognized transactions by area Losses causedby frauds Matteo Cavallini CeCOSVI 2012 - Prague
  • 13. Some Pieces... from UCAMP In Italy the majority of frauds are made via POS 2009 Unrecognized transactions involving Internet cards in Italy (organized by type) 5% ATM 25% Internet 2010 7% POS 70% ATM 30% POS 63% Preliminary data for 2011 confirm the trends. Matteo Cavallini CeCOSVI 2012 - Prague
  • 14. Some Pieces... from the Italian Police Total Total Average People Fake inspections complaints amount charged banks Phishing in 2011 Matteo Cavallini CeCOSVI 2012 - Prague
  • 15. Beyond Official Data... Here are Some Trends At the moment, in Italy: Phishing and financial malware targets private companies and public administrations more then ever Most of financial malware is a variant of ZeuS In cyberfrauds, there are some “special abilities” related to ethnic groups Most of money mules are abroad On average, every 100 wire transfers made by fraudsters, 80 are blocked before being sent. Matteo Cavallini CeCOSVI 2012 - Prague
  • 16. Beyond Official Data... Here are Some Trends Efficiency in cross border payments is strongly increased by the institution of the “Single Euro Payment Area” (SEPA). Most of these payments are now executed within 1 day. Also criminals take advantage of this situation so, most of the money mules are abroad. Italian Police is reinforcing its direct contacts with other LEAs of the SEPA countries to increase efficiency. Matteo Cavallini CeCOSVI 2012 - Prague
  • 17. Other Pieces... from the Italian Police Total Total People complaints inspections charged Identity theft in 2011 Matteo Cavallini CeCOSVI 2012 - Prague
  • 18. From figures to real crimes... They steal the digital signature and put the company of an unsuspecting businessman in their name: busted by the Financial Police - 03-26-2012 Matteo Cavallini CeCOSVI 2012 - Prague
  • 19. Here another example... Many gov agencies hacked. Drop-zone was in Malesia. An interesting case of an Italian hacker that sent a lot a spear- phishing emails to users of the local and central PA. Using the stolen password he sold to private investigators illegal accesses to sensitive PII. Sentenced to 4 years in jail. Matteo Cavallini CeCOSVI 2012 - Prague
  • 20. A Last Piece... from Clusit Report One major event Matteo Cavallini CeCOSVI 2012 - Prague
  • 21. What to expect in the near future? 1 A growth of Financial 4 Monetization of non Malware on social and financial data mobile channels 2 A growth of the 5 A growth in Hacktivism non-Financial Targets 3 Achievement of the 6 Efficient sharing of data – “Fraud-as-a-Service” effectiveness in model countering botnets and cybergangs Matteo Cavallini CeCOSVI 2012 - Prague
  • 22. My worst nightmare will we see this fusion in the future? Matteo Cavallini CeCOSVI 2012 - Prague
  • 23. Thanks a lot! matteo.cavallini@consip.it Matteo Cavallini CeCOSVI 2012 - Prague