Antivirus Protection & Internet Security Software
03 Dec 2013Virus News
Some of the revelations of the past year raised questions about the way we use the Internet nowadays and the type of risks we face. In 2013 advanced threat actors have continued large-scale operations, and cyber-mercenaries, specialist APT groups “for hire” which focus on hit-and-run operations emerged. Hacktivists were constantly in the news, together with the term “leak”, which is sure to put fear into the heart of any serious sys-admin out there. In the meantime, cybercriminals were busy devising new methods to steal money or Bitcoins.
No ITSec overview of 2013 would be complete without mentioning Edward Snowden and the wider privacy implications of his revelations. One of the first visible effects was the shutdown of encrypted e-mail services such as Lavabit and Silent Circle. The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies. Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST.
“We predicted 2012 to be revealing and 2013 to be eye opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organization or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects. Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets. This point was amply illustrated by Icefog attacks this year. They were part of an emerging trend that appeared in 2013 – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks. Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge”, - Costin Raiu, Director of the Global Research and Analysis team, Kaspersky Lab commented.
Stealing money – either by directly accessing bank accounts or by stealing confidential data – is not the only motive behind security breaches. They can also be launched to undermine the reputation of the company being targeted, or as a form of political or social protest. Ongoing hacktivist activities have continued this year as well. ‘Anonymous’ group has claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments. Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW. For those with the relevant skills, it became easier to launch an attack on a web site than it is to co-ordinate the real-world protests.
The Bitcoin system was implemented back in 2009. In the beginning, this crypto currency was used by hobbyists and mathematicians. Soon, they were joined by others – mostly ordinary people, but also cybercriminals and terrorists. They provide an almost anonymous and secure means of paying for goods. In the wake of the surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment. And it is gaining popularity – in November 2013, the mark surpassed the 400$ for one Bitcoin.
The methods used by cybercriminals to make money from their victims are not always subtle. Apart from Bitcoins, which could potentially be stolen, ‘ransomware’ programs became a popular means of making easy money – cybercriminals block access to a computer’s file system, or encrypt data files stored on the computer. Then they warn you that you must pay in order to recover your data. This was the case with the Cryptolocker Trojan. The cybercriminals give their victims only three days to pay up, accepting different forms of payment, including Bitcoin.
The full report is available on securelist.com
Expert opinion on 2013's top security stories - watch the video here.
© 1997 – 2016 Kaspersky Lab
All Rights Reserved. Industry-leading Antivirus Software