The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting at least 136,000 users globally. A report on the ransomware threat landscape, conducted by Kaspersky Lab, also found that the majority of attacks are based on only four groups of malware. The report covers a full two-year period which, for reasons of comparison, has been divided into two parts of 12 months each: from April 2014 to March 2015, and April 2015 to March 2016. These particular timescales were chosen because they witnessed several significant changes in the mobile ransomware threat landscape.
Based on the results of efficacy assessments conducted in Q3 2014, MRG Effitas has certified Kaspersky Internet Security as a solution that provides effective protection for online transactions.
As in the previous assessment, which was carried out in Q2, security solutions were tested in three phases. However, this time MRG Effitas used an improved methodology. In particular the test for protection against Man-in-the-Middle attacks (i.e., interfering with the data transmission protocol in order to distort data) was removed. In its place the organisation assessed the quality of protection against API Hooking attacks, which involve injecting malicious code into the browser’s process and then redirecting API calls in order to intercept confidential information and redirect it to the attacker. Since the programmes used in the tests were not samples of widespread malware, they were unknown to security solutions. The purpose of the test, therefore, was to measure the ability to protect against so-called zero day threats. Kaspersky Internet Security successfully blocked all four attempts to inject malicious code into the browser protected by the solution.
The remaining two testing phases, as before, assessed how well the solutions could protect against widespread malware capable of stealing banking credentials or interfering with the process of exchanging information with online payment services, and a modern-botnet test. In the first phase, the solutions needed to detect 406 malicious programmes that were widely distributed by cybercriminals at the time of testing; Kaspersky Lab’s product successfully detected and blocked all of these malicious programmes. The second phase was carried out on systems infected using files containing Trojan programmes (‘droppers’) for the most widespread botnets. The botnets’ C&C servers were configured within the test lab’s infrastructure, enabling researchers to determine immediately whether the malware was able to steal financial credentials or not. Kaspersky Internet Security effectively blocked this threat as well, preventing a data leak.
As a result, Kaspersky Internet Security once again demonstrated that it is a reliable security solution and was awarded a well-deserved certificate from MRG Effitas. Overall, out of the 17 solutions participating in the assessment, only four were able to protect the user against all banking cyberthreats. Of these, only two were full-scale Internet security solutions, while the others were highly specialised applications designed to protect online payments.
“Online payment services are of special interest to cybercriminals, since interfering with the exchange of information between a service and its customers could open up access to client accounts for the attackers. This is why Kaspersky Lab regards protecting users from financial cyberthreats as one of its most important goals. Testing results confirm that Kaspersky Lab technologies, primarily Safe Money, are able to provide effective protection against the latest threats while working with online banking systems,” commented Timur Biyachuev, Director Anti-Malware Research at Kaspersky Lab.
The Safe Money technology used in Kaspersky Internet Security protects online transactions by matching a payment site’s address to a cloud database, confirming the authenticity of the security certificate, isolating the browser from any attempts to inject malicious code and preventing screenshots from being taken. More information about the principles upon which the technology is based can be found in this whitepaper.
Articles related to Comparative Tests
Kaspersky Lab and the Archeological Society at Athens Extend Cooperation in Akrotiri
While performing a security assessment for one of its clients in the critical infrastructure sector, the Kaspersky Lab Security Services team discovered an important vulnerability. The CVE-2016-4785 vulnerability could allow an attacker to remotely obtain a limited amount of device memory content from relay protection equipment. The vulnerability was reported to Siemens, the equipment vendor, and has already been patched.