跳到主体内容

Hunting the Hunters: Kaspersky Lab Reflects on Q1 Cyberthreats

2015年5月6日

The first quarter of 2015 saw the revelation of the most sophisticated advanced persistent cyberespionage threat to date: Equation.

The first quarter of 2015 saw the revelation of the most sophisticated advanced persistent cyberespionage threat to date: Equation. The Death Star of the Malware Galaxy and linked to the infernal Stuxnet and Flame super-threats, its first known sample dates back to 2002 and it is still active. The same period also saw Kaspersky Lab publish a detailed report on Carbanak, the most profitable cybercriminal operation to date, with up to 1bln USD stolen directly from banks; the discovery of the first known Arabic cyberespionage group, Desert Falcons and attacks by Animal Farm, a French speaking cyberespionage campaign.

In Q1, Kaspersky Lab’s experts confirmed they had discovered a threat actor that surpassed anything known to date in terms of complexity and sophistication of tools – The Equation Group. Among its special features are the ability to infect hard drive firmware, the use of an “interdiction” technique to infect victims and an ability to mimic criminal malware.

“In the last few years, Kaspersky Lab has observed many advanced cyberthreat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish. In 2015 we reported on cyberthreats “speaking” Arabic and French, and the question is “who will be next?” During many years of analyzing malware code we also have seen different levels of malicious skills – from the standard “pack” of backdoors and the exploitation of known vulnerabilities to complex cyberespionage platforms, or even tools as powerful as those used by the Equation Group. What’s special in our job is the discovery of a new threat, one that surpasses anything you knew before. You think: this is it, the lord of malicious creation. But within months you discover something new that surpasses the previous discovery. This is how the cyberworld works: we are hunting the hunters, who constantly upgrade the tools they use to trick us, but we learn, too,” - commented Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team (GReAT).

Money flow

Ten months ago Kaspersky Lab reported on the Luuuk cyberfraud campaign targeting the clients of a large European bank. In the space of just one week, cybercriminals stole more than half a million Euros from accounts in the bank. Then, in October 2014, Kaspersky Lab’s Global Research and Analysis Team revealed the Tyupkin malware cybercriminal attacks targeting multiple ATMs around the world. A piece of malware infecting ATMs allowed attackers to empty the cash machines via direct manipulation, stealing millions of dollars without a credit card. In December, 2014, Costin Raiu, Director of GReAT, published his advanced persistent threats forecast for 2015, saying that the days when cybercriminal gangs focused exclusively on stealing money from end users are over. “Criminals now attack the banks directly because that’s where the money is. And they use APT techniques for these complex attacks,” - said Raiu. Two months later, in Q1 2015, the Carbanak advanced persistent threat (APT) that had stolen up to 1$bln was revealed, opening up an era of APT-style attacks in the cybercriminal world.

Q1 in figures: twice as many malicious attacks

Alongside an overview of major malware outbreaks, Kaspersky Lab has counted the overall level of cyberthreats globally:

  • According to Kaspersky Security Network data, Kaspersky Lab products blocked a total of 2.2 billion malicious attacks on computers and mobile devices in the first quarter of 2015, which is double the number blocked in Q1 2014.
  • Kaspersky Lab solutions repelled 469 million attacks launched from online resources located all over the world, a third (32.8%) more than in Q1, 2014.
  • More than 93 million unique URLs were recognized as malicious by web antivirus, 14.3% more than in Q1, 2014.
  • 40% of web attacks neutralized by Kaspersky Lab products were carried out using malicious web resources located in Russia. Last year Russia shared the first place with the USA, with the two countries accounting for 39% of web attacks between them.

Declining but still dangerous: mobile threats in Q1

  • 103, 072 new malicious programs for mobile devices (6.6% lower than in Q1 2014)
  • 1,527 new mobile banking Trojans, only 29 percentage points more than in Q1 2014. The rate of increase is slowing down: in all of 2014 Kaspersky Lab counted 12,100 mobile banking Trojans, nine times as many as in 2013.

The full Q1 cyberthreats report is available at securelist.com.

Cyberthreat real-time map

Hunting the Hunters: Kaspersky Lab Reflects on Q1 Cyberthreats

The first quarter of 2015 saw the revelation of the most sophisticated advanced persistent cyberespionage threat to date: Equation.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻