Financial cyber threats in 2013
The study has clearly demonstrated that users’ electronic money is under constant threat. Whenever users work with their accounts via online banking or pay for their purchases in online stores, cybercriminals are there hunting for their money.
All types of financial threats demonstrated a significant growth in 2013. The proportion of phishing attacks involving bank brands doubled and that of malware-based financial attacks was a third greater than the year before.
There were no ‘newcomers’ in the financial malware segment which could have an impact comparable to that of Zbot and Qhost. Those two and other infamous Trojans were responsible for the majority of attacks during the past year. However, cybercriminals have once again demonstrated that they are keen to follow any changes in market conditions: the dramatic growth in attacks designed to steal Bitcoins, which began in late 2012, continued in 2013.
Kaspersky Lab’s security research team discovered “The Mask” (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS (iPad/iPhone).
Kaspersky Lab’s team of experts discovered a cyber-espionage operation exposing a new emerging trend: appearance of small groups of cyber-mercenaries available for hire to perform surgical hit and run operations. The APT group focuses on targets in South Korea and Japan, hitting the supply chain for Western companies. The operation started in 2011 and has increased in size and scope over the last few years. Based on the profiles of identified targets, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, computer and software development, research companies, telecom operators, satellite operators, mass media and television.
Kaspersky Lab identified operation “Red October”, an advanced cyber-espionage campaign targeting diplomatic, governmental and scientific research organizations in several countries for at least five years. The primary focus of this campaign targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America.