Fraudulent campaigns via PEC and the use of Telegram bots such as C2 are on the rise. These are the findings of the report published today, which summarises the activities of verification and analysis of malicious campaigns handled by the Agency during 2024.
Activities of the Cert-AGID
In conformity with the Digital Administration Code and in line with the objectives described in the ‘Three-Year Plan for Information Technology in Public Administration’, CERT-AgID's mission includes the maintenance and development of preventive security services, as well as auxiliary services that contribute to the growth and dissemination of the culture of IT security.
The aim is to support the Agency for Digital Italy on all issues concerning IT security.
Top themes and channels for malware delivery
An analysis of the most commonly used words to convey different types of malware showed that the main themes remained similar to previous years. 'Payments', used in no less than 141 campaigns, was a particularly recurring theme.
Malicious campaigns using compromised PECs tripled to 57 attacks compared to last year. The Vidar malware played a central role in these operations.
At the same time, there was a 37 per cent decrease in smishing, which is an SMS attack that simulates communications from legitimate entities and redirects them to malicious resources.
In 2024, the number of malware campaigns targeting Android devices also increased, from 29 to 76. Irata is the most widespread malware, followed by SpyNote and other minor variants. These malware are mainly distributed via smishing, with malicious actors impersonating banking institutions and inducing victims to install malicious apps. The apps, downloaded from links in fake messages, steal banking credentials and, in some cases, intercept SMS messages to obtain OTP codes and complete fraudulent transactions in real time.
For safer services and more informed users
The report and the Agency's monitoring activities aim to raise awareness of the importance of cyber security. CERT-AGID also regularly organises webinars to discuss cyber threats, how to prevent them and the tools that the Agency offers free of charge to public administrations to combat them.
One of these services is the Feed of Indicators of Compromise (IoC), which lists and shares with requesting public administrations the data collected by CERT in its daily monitoring activities, such as IP addresses used for fraudulent activities, URLs of malicious sites, hashes of malicious files and other information on ongoing campaigns. CERT-AGID also provides a tool designed to search for malicious files within a filesystem: this is the Hashr software, recently released in a new version.
These two tools provided by AgID represent an opportunity for administrations to improve the security of their IT systems, complying with the indications of the 2024-2026 Three-Year IT Plan and strengthening the digital resilience of the Public Administration.
Download the report: https://www.agid.gov.it/sites/agid/files/2025-01/Report_Riepilogativo_Cert-AgID_2024.pdf
