Ukrainian war, Kaspersky in the sights of the Privacy Guarantor: risks for Italian customers?

An investigation has been launched to investigate the alarms launched by Italian and European bodies specializing in IT security. Meanwhile, Google discovers a financial intermediary for Russian hackers: it would sell access to vulnerable companies 18 Mar 2022 Veronica Balocco

The Guarantor for the protection of personal data has opened an investigation to assess the potential risks relating to the processing of personal data of Italian customers carried out by the Russian company that supplies the Kaspersky antivirus software. The initiative undertaken ex officio by the Authority was necessary, in relation to the war events in Ukraine, in order to investigate the alarms launched by numerous Italian and European bodies specialized in computer security on the possible use of that product for cyber attacks against Italian users. The Guarantor asked Kaspersky Lab to provide the number and type of Italian customers, as well as detailed information on the processing of personal data carried out in the context of the various security products or services, including telemetry or diagnostic ones. The company must also clarify whether, in the course of processing, the data are transferred outside the European Union (for example to the Russian Federation) or otherwise made accessible to third countries. Finally, Kaspersky Lab will have to indicate the number of requests for acquisition or communication of personal data, referring to Italian data subjects, addressed to the company by governmental authorities of third countries, starting from 1 January 2021, distinguishing them by country and indicating for how many of them Kaspersky Lab has provided positive feedback. Intermediary for Russian cybercriminals, including the Conti group And in the meantime, again in the scenario of news related to the ongoing conflict, Google announces that it has discovered a "financial intermediary" for Russian hackers, including the group called Conti which has sided with Putin since the beginning of the conflict in Ukraine. . According to the American firm's Threat Analysis Group security team, the group discovered is called Exotic Lily and serves as a gateway, finding vulnerable organizations and selling access to their networks to the highest bidder. By bargaining the initial entry to a victim's network, cybercriminal groups such as Conti can focus on the execution phase of an attack. Exotic Lily, which operates in central or eastern Europe, operates with email campaigns, in which the group masquerades as legitimate organizations, also creating social media profiles and images of faces generated by artificial intelligence. "This level of human interaction is quite unusual for cybercrime groups focused on large-scale operations," the Google researchers note. With this system, Exotic Lily would send more than 5,000 phishing emails a day to 650 organizations. Among the buyers of this service there would be the Conti group, Russian cybercriminals active on the ransomware front (viruses that take devices hostage and to recover data you have to pay a ransom) which from the beginning of the conflict has publicly declared "full support ”To the invasion of Ukraine and has promised to take revenge if Russia suffers cyber attacks, hitting the critical infrastructures of other countries. In the days following this stance, however, there was an important episode of civil disobedience: an internal member of the Conti group became the protagonist of a data leak from which it emerged that the hackers up to now, from their online criminal activity, raised $ 30.1 million.