The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Italy is not immune to MITM cybercrime attacks. This is confirmed by the arrests of 2 women in Veneto
Italy too is victim of online frauds by cybercrime, which use the Man-in-the-middle (MITM) system. This was confirmed by the arrest of two women, working from various provinces of Veneto. They had carried out MITM cyber attacks in the province of Ragusa, Turin and Campania, causing financial losses to the victims. Usually these are small artisans or professionals in various sectors, among which are building managers. In this case the cyber fraud was simple. The two hackers sent to the victim targeted an invoice issued by a company which had really done some work for the building. But the banking instructions were different from the ones originally used by the company. As s consequence, the unaware victims made regular payments and realized that there was something wrong only when the real beneficiaries complained that they had not received the amount agreed. The event put the Police on alert, and so they opened an investigation and managed to trace the criminals.
The way MITM cyber or “false iban code” frauds function
The cybercrime uses more and more online frauds of the MITM type to make a profit. In Italy they are called frauds of “false iban code”. The victims are mainly individuals or small realities, with a low level of cyber security. The system used in these cases is not malware or special tools, but simply the victim’s email. The system is a simple one. The hackers launch a cyber attack to enter the email account of the chosen target. At this point they are in a position to monitor the email. When an invoice is sent to the email address involved they steal the attachment and modify it. Later this document is sent to the clients, asking them to ignore the previous request and pay directly by using the new banking instructions provided in the new invoice. The funds are transferred elsewhere and then hidden. The operation works well as both the document and the addressee are originals and legitimate. The only thing which changes is the account.
How to protect oneself? A telephone call can lengthen life against cyber frauds
Protecting oneself from this type of cyber attacks is quite simple. In Italy too and if one doesn’t have a good level of cybersecurity or great financial resources. A telephone call is all you need. When one receives an invoice or the reissue of the same, all you need is to call the issuer and confirm the data reported before paying. Above all it is important to verify the name of the beneficiary, the amounts and banking instructions. With these simple steps greater problems can be avoided and the hackers of cybercrime will move to another less protected MITM target