Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Italy. Show all posts

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI


Italy’s privacy watchdog has recently fined the northern city of Trento since they failed to keep up with the data protection guidelines in how they used artificial intelligence (AI) for street surveillance projects. 

Trento was the first local administration in Italy to be sanctioned by the GPDP watchdog for using data from AI tools. The city has been fined a sum of 50,000 euros (454,225). Trento has also been urged to take down the data gathered in the two European Union-sponsored projects. 

The privacy watchdog, known to be one of the most proactive bodies deployed by the EU, for evaluating AI platform compliance with the bloc's data protection regulations temporarily outlawed ChatGPT, a well-known chatbot, in Italy. In 2021, the authority also reported about a facial recognition system tested under the Italian Interior Ministry, which did not meet the terms of privacy laws.

Concerns around personal data security and privacy rights have been brought up by the rapid advancements in AI across several businesses.

Following a thorough investigation of the Trento projects, the GPDP found “multiple violations of privacy regulations,” they noted in a statement, while also recognizing how the municipality acted in good faith.

Also, it mentioned that the data collected in the project needed to be sufficiently anonymous and that it was illicitly shared with third-party entities. 

“The decision by the regulator highlights how the current legislation is totally insufficient to regulate the use of AI to analyse large amounts of data and improve city security,” it said in a statement.

Moreover, in its presidency of the Group of Seven (G7) major democracies, the government of Italy which is led by Prime Minister Giorgia Meloni has promised to highlight the AI revolution.

Legislators and governments in the European Union reached a temporary agreement in December to regulate ChatGPT and other AI systems, bringing the technology one step closer to regulations. One major source of contention concerns the application of AI to biometric surveillance.  

ChatGPT and Data Privacy Concerns: What You Need to Know

As artificial intelligence (AI) continues to advance, concerns about data privacy and security have become increasingly relevant. One of the latest AI systems to raise privacy concerns is ChatGPT, a language model based on the GPT-3.5 architecture developed by OpenAI. ChatGPT is designed to understand natural language and generate human-like responses, making it a popular tool for chatbots, virtual assistants, and other applications. However, as ChatGPT becomes more widely used, concerns about data privacy and security have been raised.

One of the main concerns about ChatGPT is that it may need to be more compliant with data privacy laws such as GDPR. In Italy, ChatGPT was temporarily banned in 2021 over concerns about data privacy. While the ban was later lifted, the incident raised questions about the potential risks of using ChatGPT. Wired reported that the ban was due to the fact that ChatGPT was not transparent enough about how it operates and stores data and that it may not be compliant with GDPR.

Another concern is that ChatGPT may be vulnerable to cyber attacks. As with any system that stores and processes data, there is a risk that it could be hacked, putting sensitive information at risk. In addition, as ChatGPT becomes more advanced, there is a risk that it could be used for malicious purposes, such as creating convincing phishing scams or deepfakes.

ChatGPT also raises ethical concerns, particularly when it comes to the potential for bias and discrimination. As Brandeis University points out, language models like ChatGPT are only as good as the data they are trained on, and if that data is biased, the model will be biased as well. This can lead to unintended consequences, such as reinforcing existing stereotypes or perpetuating discrimination.

Despite these concerns, ChatGPT remains a popular and powerful tool for many applications. In 2021, the BBC reported that ChatGPT was being used to create chatbots that could help people with mental health issues, and it has also been used in the legal and financial sectors. However, it is important for users to be aware of the potential risks and take steps to mitigate them.

While ChatGPT has the potential to revolutionize the way we interact with technology, it is essential to be aware of the potential risks and take steps to address them. This includes ensuring compliance with data privacy laws, taking steps to protect against cyber attacks, and being vigilant about potential biases and discrimination. By doing so, we can harness the power of ChatGPT while minimizing its potential risks.

Global Ransomware Attack Targets VMware ESXi Servers



Cybersecurity firms around the world have recently warned of an increase in cyberattacks, particularly those targeting corporate banking clients and computer servers. The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers, urging organisations to take action to protect their systems.

In addition, Italian cybersecurity firm Cleafy researchers Federico Valentini and Alessandro Strino reported an ongoing financial fraud campaign since at least 2019 that leverages a new web-inject toolkit called drIBAN. The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments, altering legitimate banking transfers performed by the victims and transferring money to an illegitimate bank account.

These accounts are either controlled by the threat actors or their affiliates, who are then tasked with laundering the stolen funds. The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that's capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim's own computer.

The operators behind drIBAN have become more adept at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Organisations need to be aware of these threats and take immediate action to protect their systems from cyberattacks. The ACN has reported that dozens of Italian organisations have been likely affected by the global ransomware attack and many more have been warned to take action to avoid being locked out of their systems.


Is Italy's ChatGPT Ban Setting a New Standard for the Rest of Europe?

 

After Italy became the first Western country to block advanced chatbot ChatGPT on Friday due to a lack of transparency in its data use, Europe is wondering who will follow. Several neighboring countries have already expressed interest in the decision.

“In the space of a few days, specialists from all over the world and a country, Italy, are trying to slow down the meteoric progression of this technology, which is as prodigious as it is worrying,” writes the French daily Le Parisien.


Many cities in France have already begun with their own research “to assess the changes brought about by ChatGPT and the consequences of its use in the context of local action,” reports Ouest-France.


The city of Montpellier wants to ban ChatGPT for municipal staff, as a precaution," the paper reports. “The ChatGPT software should be banned within municipal teams considering that its use could be detrimental.”


According to the BBC, the Irish data protection commission is following up with the Italian regulator to understand the basis for its action and "will coordinate with all E.U. (European Union) data protection authorities" in relation to the ban.


The Information Commissioner's Office, the United Kingdom's independent data regulator, also told the BBC that it would "support" AI developments while also "challenging non-compliance" with data protection laws.


ChatGPT is already restricted in several countries, including China, Iran, North Korea, and Russia. The E.U. is in the process of preparing the Artificial Intelligence Act, legislation “to define which AIs are likely to have societal consequences,” explains Le Parisien. “This future law should in particular make it possible to fight against the racist or misogynistic biases of generative artificial intelligence algorithms and software (such as ChatGPT). 


The Artificial Intelligence Act also proposes appointing one regulator in charge of artificial intelligence in each country.


The Italian situation

The Italian data protection authority explained that it was banning and investigating ChatGPT due to privacy concerns about the model, which was developed by a U.S. start-up called OpenAI, which is backed by billions of dollars in investment from Microsoft.


The decision "with immediate effect" announced by the Italian National Authority for the Protection of Personal data was taken because “the ChatGPT robot is not respecting the legislation on personal data and does not have a system to verify the age of minor users,” Le Point reported. 


“The move by the agency, which is independent from the government, made Italy the first Western country to take action against a chatbot powered by artificial intelligence,” wrote Reuters. 


The Italian data protection authority stated that it would not only block OpenAI's chatbot, but would also investigate whether it complied with the EU's General Data Protection Regulation.

Protecting minors

It goes on to say that the new technology "exposes minors to completely inappropriate answers in comparison to their level of development and awareness."


According to the press release from the Italian Authority, on March 20, ChatGPT "suffered a loss of data ('data breach') concerning user conversations and information relating to the payment of subscribers to the paid service."


It also mentions the "lack of a legal basis justifying the mass collection and storage of personal data for the purpose of 'training' the algorithms underlying the platform's operation."


ChatGPT was released to the public in November and was quickly adopted by millions of users who were impressed by its ability to answer difficult questions clearly, mimic writing styles, write sonnets and papers, and even pass exams. ChatGPT can also be used without any technical knowledge to write computer code.


“Since its release last year, ChatGPT has set off a tech craze, prompting rivals to launch similar products and companies to integrate it or similar technologies into their apps and products,” writes Reuters.


"On Friday, OpenAI, which disabled ChatGPT for users in Italy in response to the agency's request, said it is actively working to reduce the use of personal data in training its AI systems like ChatGPT."


According to Euronews, the Italian watchdog has now asked OpenAI to "communicate within 20 days the measures undertaken" to remedy the situation, or face a fine of €20 million ($21.7 million) or up to 4% of annual worldwide turnover.


The announcement comes after Europol, the European police agency, warned on Monday that criminals were ready to use AI chatbots like ChatGPT to commit fraud and other cybercrimes. The rapidly evolving capabilities of chatbots, from phishing to misinformation and malware, are likely to be quickly exploited by those with malicious intent, Europol warned in a report.


LockBit Ransomware Gang Targets Italian Tax Agency

 

Over the weekend, the Lockbit ransomware gang disclosed they have infiltrated Italy’s Revenue Agency (L’Agenzia delle Entrate) and stolen 78 GB of files, including documents, scans, financial reports, and contracts. 

The Italian Revenue Agency manages the financial code of Italy and collects taxes and revenue. The agency also offers multiple online services for Italian and non-Italian taxpayers. 

The ransomware gang gave the agency about six days to pay the ransomware to avoid leaking stolen data. The group then extended the deadline to August 1 and announced it now had 100 GB of data. They also posted several screenshots of the stolen data on their dark web data leak website. 

“The Revenue Agency, operational since 1 January 2001, was born from the reorganization of the Financial Administration following the Legislative Decree No. 300 of 1999. It has its own statute and specific regulations governing administration and accounting. The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” reads the text posted on the leak site. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” 

However, Sogei, an IT firm owned by the Ministry of Economy and Finance, tasked with the investigation of the alleged hack, said that there is no evidence that the tax agency has suffered a data breach. 

“Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred or data has been stolen from the financial administration's technological platforms and infrastructures. From the technical checks carried out, Sogei, therefore, excludes that a computer attack on the Revenue Agency website may have occurred,” the company stated in a lengthy statement. 

At the end of June, the Lockbit ransomware gang announced the launch of Lockbit 3.0, a new ransomware-as-a-service offering and a bug bounty program. The group said it will offer rewards ranging between $1,000 and $1 million to security researchers and ethical or unethical hackers for information regarding vulnerabilities in their website, the ransomware encryption process, the Tox messaging app, and bugs exploiting their Tor infrastructure. 

Additionally, the Lockbit 3.0 version is employing a new extortion methodology that allows threat hackers to buy data stolen from the victims during the attacks. This means that someone could buy data from Italian taxpayers and leverage them for a wide range of financial frauds.

'Hermit' Spyware Deployed in Syria, Kazakhstan, and Italy



Lookout Inc. discovered an enterprise-grade Android surveillanceware being used by the authorities operating within Kazakhstan's borders. Lookout researchers identified evidence of the spyware, called "Hermit," being used in Italy and northern Syria. 

Researchers got a sample of "Hermit" in April 2022, four months after a series of violently suppressed nationwide rallies against government policies. The Hermit spyware was most likely built by RCS Lab S.p.A, an Italian surveillance firm, and Tykelab Srl. 

The Hermit spyware was most likely produced by Italian surveillance vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company accused of acting as a front company, according to Lookout. 

In the same market as Pegasus creator NSO Group Technologies and Gamma Group, which invented FinFisher, is a well-known developer with previous interactions with governments such as Syria. This appears to be the first time that a modern RCS Lab mobile spyware client has been publicly disclosed. 

The spyware is said to be spread by SMS messages that spoof users into installing what appear to be harmless apps from Samsung, Vivo, and Oppo, which, when launched, load a website from the impersonated company while silently initiating the kill chain. 

Spyware has been seen to infect Android smartphones in the past. The threat actor APT-C-23 (aka Arid Viper) was linked to a series of attacks targeting Middle Eastern users with new FrozenCell versions in November 2021. Last month, Google's Threat Analysis Group (TAG) revealed that government-backed actors in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia are purchasing Android zero-day exploits for covert surveillance efforts. 

As per Lookout, the samples studied used a Kazakh language website as a decoy, and the main Command-and-control (C2) server used by this app was a proxy, with the true C2 being located on an IP from Kazakhstan. "They call themselves 'lawful intercept' organizations since they claim to only sell to customers with legitimate surveillance purposes, such as intelligence and law enforcement agencies. Under the pretext of national security, similar technologies have been used to phish on corporate executives, human rights activists, journalists, academics, and government officials "as per the researchers. 

The revelations came as the Israel-based NSO Group is rumored to be in talks to sell its Pegasus technology to US defense contractor L3Harris, which makes StingRay cellular phone trackers, raising concerns it could allow law enforcement to deploy the controversial hacking tool.

Italy Alerts Organizations of Incoming DDoS Attacks

 

On Monday, Italy's Computer Security Incident Response Team (CSIRT) issued an urgent warning about the significant threat of cyberattacks against national entities. The Italian organisation is referring to a DDoS (distributed denial-of-service) cyberattack, which may not be catastrophic but can nonetheless cause financial and other harm due to service failures and interruptions. 

“There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy,” describes the public alert. 

The indicators are Telegram postings from the Killnet organisation inciting massive and unprecedented assaults on Italy. Killnet is a pro-Russian hacktivist group that launched an attack on Italy two weeks ago, employing an ancient but still powerful DDoS technique known as 'Slow HTTP.' As a result, CSIRT's advised defensive actions this time are related to this sort of assault but also contain numerous generic pieces of advice. 

Last Tuesday, Killnet announced "Operation Panopticon," appealing for 3,000 "cyber fighters" to join in 72 hours. Last week, the group restated the call to action multiple times. The necessary sign-up form requests information on the volunteers' system, origin, age, and Telegram account, as well as the tools needed to launch resource-depletion attacks. 

While DDoS appears to be the primary purpose, it is possible that Killnet intends to utilise DDoS to force defences to cope with service outages rather than active cyberattacks. Killnet presented an etymology definition of the word Panopticon, implying data leaks and warning that 90% of the country's officials will 'go crazy.' 

Killnet's recent targeting of entities in numerous countries, Italy among them, for backing Ukraine's resistance against Russia has resulted in the group's targeting of Italian groups. This prompted Anonymous Italy to take action, launching attacks on Killnet and doxing some of its members via social media. As a result, Killnet retaliated. 

The CSIRT Italy website was intermittently inaccessible at the time of writing, but no long-term connection difficulties were observed. There have also been reports of Poste Italiane, Italy's national postal service provider, going down for many hours this morning. 

However, the agency told la Repubblica that the disruption was caused by a software upgrade that did not proceed as planned, rather than by Killnet assaults. Other local media sources that regularly monitor the availability of Italian sites claim that the web portals of the State Police and the Italian Ministries of Foreign Affairs and Defense are also unavailable. At the time of writing, the sites of the two ministries appear to have been damaged by a DDoS assault, according to BleepingComputer.

Ursnif Banking Trojan is Back in Italy

 

The banking trojan 'Ursnif' (aka 'Gozi') is back in business in Italy, targeting a large range of banking users with mobile malware. According to the IBM's Trusteer Team's analysis, the stakeholders behind Ursnif now include "Cerberus," in their operations, a Trojan whose code had been leaked in September 2020 after a failing auction attempt. 

Ursnif is a banking trojan and is seen in several automated exploit kits, spreading attachments and dangerous links. Ursnif is primarily related to data theft, although its component versions also contain (backdoors, spyware, file injectors, etc.).

Cerberus is a mobile overlay malware that was first developed in the midst of 2019. Cerberus is allegedly utilized to get two-factor authentication codes in real-time during the attack whereas it is also useful to obtain the screen code from the lock and remotely operate the device. 

In September 2020, the development team of Cerberus agreed to dissolve, encouraging an endeavor to sell the source code to the highest bidder starting at $100,000. 

As IBM notes, Ursnif is arguably now the oldest existing banking malware, with its main focus being Italy. It will usually be sent through e-mail with an attached document with harmful macros - to various business addresses. After that Web injection takes over and calls on the targets to download a presumed safe software - essentially a mobile Trojan app. This is done using a QR code with an encoded string of base64. 

“If users scan the QR code, they will open a web page on their smartphone and be sent to a fake Google Play page featuring a corresponding banking app logo of the banking brand the victim originally attempted to access. The campaign, in this case, included several domains that were most likely registered for that purpose and reported in other malicious activity in the past, such as hxxps://play.google.servlce.store/store/apps/details.php?id=it.[BANK BRAND],” wrote Itzik Chimino, a researcher at Security Intelligence. 

Each domain that hosts bogus Google Play pages uses identical terms or typosquatting to make it appear legitimate. Examples include:
 google.servlce.store
 gooogle.services
 goooogle.services
 play.google.servlce.store
 play.gooogle.services
 play.goooogle.services 

For a few months, these malicious domains have also been on VirusTotal, and additional reports have accumulated over time.

For customers who fail to scan the QR code effectively, a download link will be provided that asks them to give their telephone number and then receive an SMS message with a malicious app link, that warns consumers about a service disruption if the app is failing to collect them. 

The remote server sends a download URL to allow users to unintentionally download the Cerberus malware if they enter a phone number on a website injector. This injection also retains device IDs for victims associated with their bot ID and account passwords. 

These URLs bring Cerberus on the mobile phone, while Ursnif is on the PC. The performers are therefore completely infected by the mixture of both instruments, while Ursnif still has a job. The malware hooks the desktop internet browser on this front and handles websites that are dynamically used for the purpose. 

One of Ursnif's primary measures is to automatically change the transaction-receiving IBAN with one that it manages. In particular, the actors only specify a parameter that enables this swap if the amount of the account exceeds €3,000. 

Finally, it is noteworthy that the injections are highly adaptive and the actors differentiate their method depending on the victim and the bank service that is faked. The actors have considered everything, including security problems, log-in times, and even a fake maintenance notice, to prevent the victim from viewing the real service portal. 

Further, it is advised to not download the app outside the Play Store and neither to click on any URLs received via SMS. If one receives any message that claims its source as some bank, avoid acting according to that instead visit or contact the bank personally.

Banca di Credito Cooperativo Bank Suffers a Major Cyber Attack

 

A suspected cyber-attack by hackers has paralyzed the operations of the 188 branches of the Banca di Credito Cooperativo (Bcc) in Rome, one of the largest Italian cooperative credit banks. Yesterday morning, during the daily security checks, the institute’s experts discovered a security loophole, which reduced the possibility of carrying out normal operations at the institute’s counters.

Threat actors targeted the internal network 

According to an unofficial source, a component of the IT infrastructure of the Bcc showed traces of activity not attributable to normal operation in some servers and internal workstations. To allow controls and secure the network, security experts isolated this piece of infrastructure. But this caution reduced the operations at the branches for 24 hours: the portals continued to work, but customers who showed up for withdrawals, deposits, and more struggled to be identified and supported at the branches.

Execution of the backup plan 

The institute would be examining the incident with its IT security experts, to be able to say in the next few hours whether it was a telematic attack or a simple technical malfunction. However, the bank announces that as of today, operations at the branches have been fully restored, by virtue of the activation of the emergency plan, which provides for analogue integration to digital deficiencies that could last for the whole week. Meanwhile, the DarkSide ransomware gang has taken responsibility for the attack.

In the afternoon the Bcc of Rome released a note, according to which “the technical malfunctions did not affect the information system in the strict sense, and the home banking systems, payment cards, and ATM services are all fully operational today”. 

The institute also points out that “today the agencies are regularly open to the public and the technical problems that affected their operations are in the final resolution phase, which will be gradually restored from Monday 3 May” for those who go to the branch. While, for what seems a paradox since it is a cyber-attack, “home banking services can be regularly used from PCs or smartphones and through them it is possible to carry out all information and dispositive operations”.