The first quarter of 2015 saw the revelation of the most sophisticated advanced persistent cyberespionage threat to date: Equation. The Death Star of the Malware Galaxy and linked to the infernal Stuxnet and Flame super-threats, its first known sample dates back to 2002 and it is still active. The same period also saw Kaspersky Lab publish a detailed report on Carbanak, the most profitable cybercriminal operation to date, with up to 1bln USD stolen directly from banks; the discovery of the first known Arabic cyberespionage group, Desert Falcons and attacks by Animal Farm, a French speaking cyberespionage campaign.
In Q1, Kaspersky Lab’s experts confirmed they had discovered a threat actor that surpassed anything known to date in terms of complexity and sophistication of tools – The Equation Group. Among its special features are the ability to infect hard drive firmware, the use of an “interdiction” technique to infect victims and an ability to mimic criminal malware.
“In the last few years, Kaspersky Lab has observed many advanced cyberthreat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish. In 2015 we reported on cyberthreats “speaking” Arabic and French, and the question is “who will be next?” During many years of analyzing malware code we also have seen different levels of malicious skills – from the standard “pack” of backdoors and the exploitation of known vulnerabilities to complex cyberespionage platforms, or even tools as powerful as those used by the Equation Group. What’s special in our job is the discovery of a new threat, one that surpasses anything you knew before. You think: this is it, the lord of malicious creation. But within months you discover something new that surpasses the previous discovery. This is how the cyberworld works: we are hunting the hunters, who constantly upgrade the tools they use to trick us, but we learn, too,” - commented Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team (GReAT).
Ten months ago Kaspersky Lab reported on the Luuuk cyberfraud campaign targeting the clients of a large European bank. In the space of just one week, cybercriminals stole more than half a million Euros from accounts in the bank. Then, in October 2014, Kaspersky Lab’s Global Research and Analysis Team revealed the Tyupkin malware cybercriminal attacks targeting multiple ATMs around the world. A piece of malware infecting ATMs allowed attackers to empty the cash machines via direct manipulation, stealing millions of dollars without a credit card. In December, 2014, Costin Raiu, Director of GReAT, published his advanced persistent threats forecast for 2015, saying that the days when cybercriminal gangs focused exclusively on stealing money from end users are over. “Criminals now attack the banks directly because that’s where the money is. And they use APT techniques for these complex attacks,” - said Raiu. Two months later, in Q1 2015, the Carbanak advanced persistent threat (APT) that had stolen up to 1$bln was revealed, opening up an era of APT-style attacks in the cybercriminal world.
Alongside an overview of major malware outbreaks, Kaspersky Lab has counted the overall level of cyberthreats globally:
Declining but still dangerous: mobile threats in Q1
The full Q1 cyberthreats report is available at securelist.com.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.