During the last three months Kaspersky Lab has reported on a banking fraud campaign that saw €500,000 stolen from 190 victims in just one week, as well as the first in-the-wild mobile encryptor that is selling for $5,000 on the black market and has already infected 2,000 devices in 13 countries in less than a month. The quarter also saw iOS- and other mobile-based malware modules for a “legal” spy tool, and a MiniDuke APT campaign, re-loaded from early 2013 to target government, energy, military, and telecom sectors and even traffickers of illegal steroids and hormones.
- 354.5 million attacks were launched from online resources located all over the world, which was 1.3 million more than in the first quarter.
There were changes to the top five sources of web attacks as Germany rose from fourth to first – its share increasing by 12 percentage points. The US (22%) dropped from first to second after its share fell by 6 percentage points. 44% of neutralized web attacks were carried out using malicious web resources located in these two countries. They were followed by the Netherlands (+3 percentage points in Q2), which remained in third place, the Russian Federation (-2.5 percentage points) and Canada (+6.3 percentage points).
- At the end of Q1 2014, Kaspersky Lab’s collection of mobile malware stood at almost 300,000 samples. In the second quarter the collection increased by more than 65,000 new malicious mobile programs.
Not just Android. Android is now not the only target for mobile malware developers. Cybercriminals have exploited iOS functions, with an attack on Apple ID completely blocking a device. This is followed by demands for a payment to be made to unlock the device. This news exposed the activities of Hacking Team, an Italian company that sells “legal” software called Remote Control System (RCS). Kaspersky Lab published the results of its latest research into the software showing a number of mobile malware modules for Android, iOS, Windows Mobile and BlackBerry that came from HackingTeam. The iOS module allows an attacker to access data on the device, to secretly activate the microphone and to take regular camera shots. This gives complete control over the whole environment in and around a victim’s device.
The first mobile encryptor. In May Kaspersky Lab discovered the first mobile encryptor in the wild. Named Pletor, it locks the phone for "viewing banned porn content", encrypts the smartphone memory card and displays a ransom demand.
Evolution of ransomware. Ransomware technology is actively developing. In early June, Kaspersky Lab detected a new modification of Svpeng aimed primarily at users in the US. The Trojan locks the phone and demands $200 to unlock it.
Online banking threats
- Banking malware attacked 927,568 computers in Q2. The figure for May saw a 36.6% increase compared to that for April.
- Most attacks were recorded in Brazil, Russia, Italy, Germany and the US.
- 2,033 mobile banking Trojans were detected in the last three months. Since the beginning of 2014 their number has increased fourfold, and over the last year (since July 2013) the figure has increased 14.5 times.
- Nine out of 10 families of popular banking malware work by injecting a random HTML code in the web page displayed by the browser and intercepting any payment data entered by the user in the original or inserted web forms.
- 60 million unique malicious objects (scripts, web pages, exploits, executable files, etc.) were detected, double the figure for Q1 2014.
- Kaspersky Lab analyzed two new SWF exploits in mid-April, later confirmed by Adobe as a new zero-day.
- 145.3 million unique URLs were recognized as malicious by web antivirus – 63.5 million more than in the previous quarter.
“The first six months of the year have shown that, as predicted, encryption of user data on smartphones has evolved. Criminals are making money by using methods that have proven effective for PC users. The growing interest in ‘big’ money among those carrying out these attacks is obvious – reflected in a sharp rise (14.5 times) in the number of banking Trojans over the last year. In addition to the financial benefits, the surveillance technology race is showing no let up. HackingTeam mobile modules showed that a mobile device can be used to gain complete control over the whole environment in and around a victim’s device,” commented Alexander Gostev, Chief Security Expert, Global Research and Analysis Team at Kaspersky Lab.
The full report is available at securelist.com
Cyberthreat real-time map