Woburn, MA - May 6, 2015 – Kaspersky Lab today released the IT Threat Evolution Report for Q1 of 2015, finding that 2.2 billion malicious attacks on computers and mobile devices were blocked during the quarter, which is double the amount detected in Q1 of 2014. Also in the first quarter, the most sophisticated advanced persistent cyberespionage threat to date – The Equation Group – was revealed. Kaspersky Lab also reported Carbanak, the most profitable cybercriminal operation to date, Desert Falcons, the first known Arabic cyberespionage group, and attacks by Animal Farm, a French speaking cyberespionage campaign.
“In the last few years, Kaspersky Lab has observed many advanced cyberthreat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish. In 2015 we reported on cyberthreats “speaking” Arabic and French, and the question now is ‘who will be next?’” commented Aleks Gostev, chief security expert in the Kaspersky Lab Global Research and Analysis Team.
The Magnitude of Cyberattacks
In a monumental quarter, Kaspersky Lab experts confirmed they had discovered a threat actor that surpassed anything known to date in terms of complexity and sophistication of tools – The Equation Group. It’s been linked to the Stuxnet and Flame super threats, its first known sample dates back to 2002, and it is still active. Among its unique proficiencies is the ability to infect hard drive firmware, use an “interdiction” technique to infect victims and mimic criminal malware.
During the same time period Kaspersky Lab also published a report on Carbanak, opening up a new era of APT-style attacks in the cybercriminal world. With an estimated 100 financial organizations hit and a total of close to $1 billion stolen directly from banks, Carbanak has become one of the most successful criminal cyber campaign that has ever been seen.
In addition, while investigating an incident in the Middle East, Kaspersky Lab experts came across the activity of Desert Falcons, the first Arabic speaking group seen conducting full-scale cyberespionage operations. The group has currently claimed more than 3,000 victims, including political activists and leaders, military and governmental organizations, mass media, financial institutions and other organizations. The activities of Animal Farm were also written about during the quarter, as two of three zero-day vulnerabilities discovered in 2014 by Kaspersky Lab are associated with this advanced threat actor.
Q1 in figures
Alongside an overview of major malware attacks, Kaspersky Lab analyzed the overall level of cyberthreats globally. Main statistical findings of the quarterly report include:
· According to Kaspersky Security Network data, Kaspersky Lab products blocked a total of 2.2 billion malicious attacks on computers and mobile devices in the first quarter of 2015, which is double the number blocked in Q1 of 2014.
· Kaspersky Lab solutions repelled 469 million attacks launched from online resources located all over the world, a third (32.8%) more than in Q1 of 2014.
· More than 93 million unique URLs were recognized as malicious by Web antivirus, 14.3 percent more than in Q1 of 2014.
· 40 percent of Web attacks neutralized by Kaspersky Lab products were carried out using malicious Web resources located in Russia. Last year Russia shared first place with the USA, with the two countries accounting for 39 percent of web attacks between them.
Moreover, detected mobile threats were in a decline but still considered dangerous. During the quarter, 103,072 new malicious programs for mobile devices were discovered, a 6.6 percent decline from the amount discovered in Q1 of 2014. However, mobile malware has shown to be evolving toward monetization as malware writers design SMS Trojans, banker Trojans and ransomware Trojans capable of stealing or extorting money and users’ bank data. This category of malware accounted for 23.2 percent of new mobile threats in Q1 of 2015. Kaspersky Lab also detected 1,527 new mobile banking Trojans, 29 percent more than in Q1 of 2014.
“During many years of analyzing malware code we have seen different levels of malicious skills – from the standard “pack” of backdoors and the exploitation of known vulnerabilities to complex cyberespionage platforms, or even tools as powerful as those used by the Equation Group. What’s special in our job is the discovery of a new threat, one that surpasses anything known before. You think: this is it, the lord of malicious creation. But within months something new is discovered that surpasses the previous discovery. This is how the cyber world works: we are hunting the hunters, who constantly upgrade the tools they use to trick us, but we learn too,” – Gostev continues.
The full IT Threat Evolution Report for Q1 of 2015 is available at Securelist.com.
For a look at more in-depth information about each discovery by Kaspersky Lab, visit the Targeted Cyberattacks Logbook.
For a look at threat activity in real-time, check out the Kaspersky Lab Cyberthreat map.