In 2023, there was an increase in compromised account credentials, combined with other data that is extremely valuable to hackers. In fact, it is estimated that more than 7.5 billion pieces of information are circulating on the dark web or are accessible on messaging platforms at a global level, up 44.8% from 2022. Moreover, there were 1,801,921 reports of data found on the dark web, with an increase of 15.9% compared to 2022, while in Italy, the number of users sent alerts on the theft of data monitored on the dark web was up 13.9% compared to the previous year.

These are some of the key findings from the CRIF Cyber Observatory, which analyzes the vulnerability of users and businesses to cyber-attacks, interpreting the key trends affecting data exchanged in both Open Web and Dark Web environments.

“We are seeing certain trends relating to cyber risks. For the theft of personal data, cybercriminals are using malware and apps that over time have become increasingly sophisticated and difficult to distinguish from genuine ones, creating a trap. Also, hackers who use artificial intelligence to target consumers are becoming a real threat due to increasingly sophisticated e-mail scams characterized by correct and therefore plausible language, and the ever-evolving generation of code for malicious app development. Added to this is the fact that many users continue to behave carelessly online, such as reusing the same password for different accounts and services, and saving their login credentials directly in their browser, examples of bad habits that make them particularly vulnerable,” commented Beatrice Rubini, CRIF Executive Director.

Cyber fraud types and dangers

In 2023, e-mail addresses became particularly valuable because they allow access to a number of different services. In fact, in the CRIF Observatory analysis, they were found in combination with passwords in 94.4% of cases, exposing the victim to more accurate and credible fraudulent messages, such as fake payments to be authorized or blocked accounts. These phishing messages contain malicious links that encourage victims to click and provide additional data to fraudsters.

Increasingly rich datasets of contact information supplement the victim’s profile, making victims more vulnerable to fraud. The severity of alerts sent in 2023 increased by 29% overall compared to the previous year, confirming that the vulnerability to fraud per individual data exposure is increasing. In fact, in one in ten cases, as well as the victim’s phone number, the e-mail address and the first and last name also appear. Lists of this type of personal data are a gold mine for fraudsters, who can perpetrate highly tailored fraud, including through the use of artificial intelligence, which is often mentioned in forums for exchanging phishing kits and malware. In 2023, this combination of multiple personal and contact data recorded a 45% increase compared to the previous year.

In addition, throughout 2023, there was a proliferation of ad-hoc tools available to the fraudster community. For example, phishing kits (such as Modlishka, Evilginx and many others) were widespread. These tools are ready to use, even by less experienced hackers, to target consumers with phishing campaigns. Due, among other things, to the malicious use of AI, fraudulent e-mails are becoming increasingly sophisticated, making it even more difficult for the recipient to distinguish between genuine and bogus communications. And the ability to quickly translate into multiple languages helps criminals increase phishing attacks at a global level.

In this context, open source messaging applications – such as Telegram – are increasingly becoming the ideal place to exchange stolen data, but also to provide instructions for creating off-the-shelf malware or to buy and sell hackers’ tools. A simple search within these apps is enough to find channels and groups for the exchange of personal data, including credit cards.

Infostealers (malware designed to steal personal data) are a further threat to consumers: spread via harmful links, malicious e-mails or compromised websites, they pose a threat to users’ security, operating covertly and capturing information and credentials during browsing. Some information is particularly valuable for emulating user activities in fraudulent practices such as account theft.

The most desirable and vulnerable data in cyberspace

Once again in 2023, the main categories of data under attack were passwords, e-mail addresses, usernames, first and last names, and telephone numbers. This information circulates mostly on the dark web and is therefore more vulnerable. Compared to 2022, passwords overtook e-mail addresses to take top spot, while usernames rose to third place, overtaking first and last names and telephone numbers among the most vulnerable data.

Source: 2023 CRIF Cyber Observatory

Very often e-mail addresses are associated with a password, occurring in 94.4% of cases (up 4.4% from 2022); usernames (65.6%) also often appear with passwords. Telephone numbers play a key role in these cases and, when combined with passwords (16.6%), increase the vulnerability of victims. This combination is up 25.6% compared to the previous year.

Most hacked account types

Gmail, Yahoo and Hotmail are the top 3 types of e-mail accounts found on the dark web.

Most hacked accounts are related to entertainment sites (56.6%), followed by e-commerce (16.4%) and social media (11.9%). The risk of theft of such data can have direct financial consequences for victims. Fourth and fifth place are the theft of accounts related to payment service (6.2%) and financial (4.8%) websites and forums, such as banking sites.

Stolen credit card information

As for credit cards, in addition to the card number, the cvv and expiry date are very frequently present on the dark web, in 96.9% of cases.

Among the continents most subject to this illicit exchange of data, North America is ranked top, with 54.5% of the total volume, followed by Europe with 23.8%. Among the countries most susceptible to the exchange of credit card data, the United States, France, Mexico, Brazil and Russia are at the top of the global ranking, while Italy is in 16th place.

Businesses increasingly targeted by cybercrime

Through a qualitative analysis of the domains, the CRIF Cyber Observatory investigated whether the e-mail accounts found on the dark web refer to personal or business accounts. In 91.1% of cases they are personal e-mail accounts, while the remaining 8.9% of cases are business accounts, up 2.1% compared to 2022.

The types of national and international brands targeted by attacks vary, and include not only the financial industry but also the insurance, automotive, recruitment, fashion and luxury sectors. Associations and government bodies are also being attacked, including embassies, ministerial offices and postal services. The targets are increasingly diversified in terms of the sectors affected and company size : unfortunately, no one is immune to cyber-attacks.

“We all need to pay close attention to the e-mails and messages we receive every day, training ourselves to recognize scams and phishing attempts. It is important not to click on links in suspicious e-mails or SMS messages and, above all, not to provide personal information in response to messages that appear to have been sent by our bank or another company, always checking the sender’s telephone number or e-mail address,” explained Beatrice Rubini. “Fraudsters often use messages that play on emotions and exploit a sense of urgency: it’s important not to be impulsive and to stay alert. It is therefore becoming increasingly important for public and private companies to have vulnerability assessment systems and to carry out internal awareness-raising campaigns for employees. On the other hand, it is advisable for consumers to manage their data very carefully, using tools that allow them to protect their devices and monitor their data,” concluded Beatrice Rubini.

Open full infographic