In 2024, cyber threats recorded a worrying increase, with a 15.4% rise in reports related to data exposure on the dark web, with more than 2,080,000 alerts. In terms of the open web, on the other hand, the number of reports related to data exposure stood at 59,000, down 27% from 2023.

These are some of the findings from the CRIF Cyber Observatory, which analyzes the vulnerability of users and companies to cyber attacks, outlining the main trends related to data exchanged on both the dark web and open web.

Italy remains particularly exposed, ranking fifth globally for compromised e-mail addresses on the dark web. Furthermore, Italy is in 18th place in the world for exposed credit card data and 12th in the European Union for the detection of compromised or exposed phone numbers. This data highlights the importance of taking effective preventive measures and maintaining a strong focus on personal data protection.

The Cyber Observatory paints a picture of increasingly sophisticated and targeted attacks based on comprehensive personal data used for advanced fraud. Among the most popular techniques are smishing, phishing, and deepfake, with cases such as the WhatsApp CEO deepfake scam, which hit companies globally by convincing employees to transfer funds after receiving seemingly legitimate instructions. The growing popularity of tools such as “stealer-as-a-service” poses a significant threat, thanks to the amount of sensitive and contextual data this type of malware can collect.

“Not only do we need to keep an eye on the data we share online and protect it with the right tools, but it is also essential to be aware of the new cyber attack techniques and vulnerabilities inherent in the systems and devices we use on a daily basis. The trends emerging from the Observatory show that cyber attacks are constantly evolving and becoming increasingly personalized and sophisticated, also exploiting the potential of AI-based technologies to steal victims’ data and obtain unlawful financial benefits,” underlines Beatrice Rubini, CRIF Executive Director.

Data combinations most exposed on the dark web

The most widespread and vulnerable types of data on the dark web are, in order of importance: e-mail addresses, passwords, usernames, phone numbers, first names and last names. Residential addresses, credit card details, identity document information, and personal ID numbers are also frequently found.

The possession of e-mail addresses and phone numbers is a key element for fraudsters, as this information forms the basis of phishing attacks via email or SMS which are highly personalized and therefore highly credible. To increase the likelihood of success, criminals gather as much information as possible about the target, planning targeted attacks that lead to victims clicking on malicious links.

Analysis of the main data combinations exposed in 2024 highlights the information most at risk. The most common combination is e-mail address and password, present in 89.6% of cases, often accompanied by a username in 87.5% of situations. The combination of username and password, mainly linked to corporate accounts, highlights potential vulnerabilities for businesses.

This data confirms that account theft continues to be a priority for hackers, underlining the importance of adopting secure password management practices, such as the use of unique credentials, regular updates, and the use of password managers. The full residential address, associated with an e-mail address in 51.9% of cases and phone number in 65.5% of cases, is also very attractive to cybercriminals. Moreover, the widespread association of phone numbers with first and last names contributes to the growing phenomenon of smishing, reinforcing the need for greater protection and vigilance.

Source: CRIF Cyber Observatory

Most frequent types of accounts on the dark web

Usernames found on the dark web, excluding e-mail services, are mostly associated with VPN services, which are ranked first (34.3%), followed by accounts related to the most popular social networks (23.9%), and websites (10.0%). In fourth and fifth places are account theft related to e-commerce sites (7.7%) and public sector bodies or institutions (6.9%), while financial services, such as payment platforms, are in seventh (4.3%).

Source: CRIF Cyber Observatory

Stolen credentials are exploited for a wide variety of criminal purposes: unauthorized access to victims’ accounts, unlawful use of services, sending money requests or phishing links, and spreading malware or ransomware, with the aim of extorting money or stealing personal information.

The “human factor” plays a crucial role in these data thefts. It is often user carelessness, such as the use of weak or repeated passwords on multiple accounts (such as social networks, streaming and gaming platforms), that makes such attacks possible. In addition, many users voluntarily provide their credentials to services that appear harmless and which promise gifts such as game elements or streaming music charts, but are actually tools for collecting personal data.

Through a qualitative analysis of the domains of e-mail accounts exposed on the dark web, the Observatory found that in 91.3% of cases they are personal e-mail accounts, while in the remaining 8.7% of cases they are business accounts. This distribution tends to remain stable over time, and seems to confirm that, on the one hand, individuals still pay limited attention to online security, thus continuing to be a primary target for hackers, while, on the other hand, companies are taking security measures to limit their employees’ vulnerability to cyber attacks.

An international comparison: Countries most affected by data theft

In terms of the countries most affected by online e-mail and password theft, the USA is in top spot, followed by Russia, Germany, and France. Italy is in 5th position, followed by the United Kingdom.

With regard to the unlawful exchange of credit card data, Europe is the hardest hit continent, with a significant increase (+93.9%) compared to the previous period, followed by North America (-49.4%) and Asia (+62.1%).

Source: CRIF Cyber Observatory

The ranking of countries most affected by the exchange of stolen credit card data sees Russia rise from fifth in 2023 to top spot, followed by the United States, which dominated the ranking the previous year.

India is ranked third compared to last year’s eighth place, while Iran is fourth, despite not even being in the top 20 in the previous ranking. Mexico completes the top 5, falling from third to fifth place.

“In an increasingly complex cyber landscape, the ability to anticipate and mitigate cyber threats is critical to the security of individuals and businesses. The increase in reports of data exposed on the dark web and Italy’s position among the top five countries for compromised e-mails highlight the urgent need to strengthen digital defenses. Moreover, global geopolitical tensions, along with the advancement of criminal techniques that also leverage artificial intelligence, make protection and prevention measures against attacks targeting businesses, critical infrastructure, and government institutions all the more necessary. To address these growing cyber threats, it is critical to invest in predictive tools, lifelong learning, and greater control over the dissemination of personal information. Only with an integrated and informed approach can we build a more secure and resilient digital environment," concludes Beatrice Rubini.+

Open full infographic