Kaspersky Lab reflects on biggest Q1 CyberthreatsBy Staff Writer 8 May 2015 | Categories: news
With cyberthreats popping up like mushrooms these days, it's valuable to take a step back and reflect on the current situation. This is exactly what Kaspersky Lab has done, with a look back on the most important cyberthreats during during the first quarter of 2015.
Highlighting the report is the revelation of the most sophisticated advanced persistent cyberespionage threat to date: Equation. Kaspersky Lab calls it the Death Star of the Malware Galaxy, with it being linked to the infernal Stuxnet and Flame super-threats, its first known sample dates back to 2002 and it is still active.
The same period also saw the company publish a detailed report on Carbanak, the most profitable cybercriminal operation to date, with up to 1bln USD stolen directly from banks; the discovery of the first known Arabic cyberespionage group, Desert Falcons and attacks by Animal Farm, a French speaking cyberespionage campaign.
Furthermore, Kaspersky Lab confirmed it had discovered a threat actor that surpassed anything known to date in terms of complexity and sophistication of tools – The Equation Group. Among its special features are the ability to infect hard drive firmware, the use of an “interdiction” technique to infect victims and an ability to mimic criminal malware.
“In the last few years, Kaspersky Lab has observed many advanced cyberthreat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish. In 2015 we reported on cyberthreats “speaking” Arabic and French, and the question is “who will be next?
”During many years of analysing malware code we also have seen different levels of malicious skills – from the standard “pack” of backdoors and the exploitation of known vulnerabilities to complex cyberespionage platforms, or even tools as powerful as those used by the Equation Group. What’s special in our job is the discovery of a new threat, one that surpasses anything you knew before. You think: this is it, the lord of malicious creation. But within months you discover something new that surpasses the previous discovery. This is how the cyberworld works: we are hunting the hunters, who constantly upgrade the tools they use to trick us, but we learn, too,” commented Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team (GReAT).
Ten months ago Kaspersky Lab reported on the Luuuk cyberfraud campaign targeting the clients of a large European bank. In the space of just one week, cybercriminals stole more than half a million Euros from accounts in the bank. Then, in October 2014, Kaspersky Lab’s Global Research and Analysis Team revealed the Tyupkin malware cybercriminal attacks targeting multiple ATMs around the world. A piece of malware infecting ATMs allowed attackers to empty the cash machines via direct manipulation, stealing millions of dollars without a credit card.
In December, 2014, Costin Raiu, Director of GReAT, published his advanced persistent threats forecast for 2015, saying that the days when cybercriminal gangs focused exclusively on stealing money from end users are over. “Criminals now attack the banks directly because that’s where the money is. And they use APT techniques for these complex attacks,” - said Raiu. Two months later, in Q1 2015, the Carbanak advanced persistent threat (APT) that had stolen up to 1$bln was revealed, opening up an era of APT-style attacks in the cybercriminal world.
Q1 in figures: twice as many malicious attacks
Alongside an overview of major malware outbreaks, Kaspersky Lab has counted the overall level of cyberthreats globally:
- According to Kaspersky Security Network data, Kaspersky Lab products blocked a total of 2.2 billion malicious attacks on computers and mobile devices in the first quarter of 2015, which is double the number blocked in Q1 2014.
- Kaspersky Lab solutions repelled 469 million attacks launched from online resources located all over the world, a third (32.8%) more than in Q1, 2014.
- More than 93 million unique URLs were recognised as malicious by web antivirus, 14.3% more than in Q1, 2014.
- 40% of web attacks neutralised by Kaspersky Lab products were carried out using malicious web resources located in Russia. Last year Russia shared the first place with the USA, with the two countries accounting for 39% of web attacks between them.
Declining but still dangerous: mobile threats in Q1 :
- 103 072 new malicious programmes for mobile devices (6.6% lower than in Q1 2014)
- 1527 new mobile banking Trojans, only 29 percentage points more than in Q1 2014. The rate of increase is slowing down: in all of 2014 Kaspersky Lab counted 12 100 mobile banking Trojans, nine times as many as in 2013.
The full Q1 cyberthreats report is available at securelist.com.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?