Malicious Attacks Increase

Friday, May 8, 2015 @ 04:05 PM gHale

Assaults on systems continue their rise as 2.2 billion malicious attacks on computers and mobile devices ended up blocked during the first quarter, which is double the amount detected in Q1 of 2014, a new report said.

In addition, in Q1 the most sophisticated advanced persistent cyberespionage threat to date – The Equation Group – ended up revealed, according to Kaspersky Lab. Also, the first quarter saw more of Carbanak, the most profitable cybercriminal operation to date,Desert Falcons, the first known Arabic cyberespionage group, and attacks by Animal Farm, a French speaking cyberespionage campaign.

Big Boost in Q4 Crimeware
Self-Control a Key Security Factor
Cloud Security in Disguise
Nano Sandwich Improves Battery Life

“In the last few years, Kaspersky Lab has observed many advanced cyberthreat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish. In 2015 we reported on cyberthreats ‘speaking’ Arabic and French, and the question now is ‘who will be next?’” Asked Aleks Gostev, chief security expert in the Kaspersky Lab Global Research and Analysis Team.

In a monumental quarter, Kaspersky Lab experts confirmed they found a group that surpassed anything known to date in terms of complexity and sophistication of tools: The Equation Group. It’ has links to the Stuxnet and Flame super threats, its first known sample dates back to 2002, and it is still active. Among its unique proficiencies is the ability to infect hard drive firmware, use an “interdiction” technique to infect victims and mimic criminal malware.

During the same time period Kaspersky Lab also published a report on Carbanak, opening up a new era of APT-style attacks in the cybercriminal world. With an estimated 100 financial organizations hit and a total of close to $1 billion stolen directly from banks, Carbanak has become one of the most successful criminal cyber campaigns.

In addition, while investigating an incident in the Middle East, Kaspersky Lab experts came across the activity of Desert Falcons, the first Arabic speaking group seen conducting full-scale cyberespionage operations. The group has currently claimed more than 3,000 victims, including political activists and leaders, military and governmental organizations, mass media, financial institutions and other organizations. The activities of Animal Farm also cropped up during the quarter, as two of three Zero Day vulnerabilities discovered in 2014 by Kaspersky Lab end up related to this advanced threat actor.

Alongside an overview of major malware attacks, Kaspersky Lab analyzed the overall level of cyberthreats globally. Main statistical findings of the quarterly report include:
• Kaspersky Lab products blocked 2.2 billion malicious attacks on computers and mobile devices in the first quarter of 2015, which is double the number blocked in Q1 of 2014.
• Kaspersky Lab solutions repelled 469 million attacks launched from online resources located all over the world, a third (32.8 percent more than in Q1 of 2014.
• More than 93 million unique URLs ended up recognized as malicious by Web antivirus, 14.3 percent more than in Q1 of 2014.
• 40 percent of Web attacks neutralized by Kaspersky Lab products ended up carried out using malicious Web resources located in Russia. Last year Russia shared first place with the U.S., with the two countries accounting for 39 percent of web attacks between them.

“During many years of analyzing malware code we have seen different levels of malicious skills – from the standard “pack” of backdoors and the exploitation of known vulnerabilities to complex cyberespionage platforms, or even tools as powerful as those used by the Equation Group,” Gostev said. “What’s special in our job is the discovery of a new threat, one that surpasses anything known before. You think: this is it, the lord of malicious creation. But within months something new is discovered that surpasses the previous discovery.”

The full IT Threat Evolution Report for Q1 of 2015 is available at

Leave a Reply

You must be logged in to post a comment.