Business Threats over the year: Q1, 2014-2015

Kaspersky Lab has just released its quarterly report on IT threats evolution. It’s full of woeful figures, showing that threats keep climbing. Judging by dynamics, this trend is here to stay for a time.

Kaspersky Lab has just released its quarterly report on IT threats evolution. It’s full of woeful figures, showing that threats keep climbing. Judging by dynamics, this trend is here to stay for at least some time. In this post, we take a comparative look at the business-specific threats that Kaspersky Lab’s products users faced in Q1, 2014 through Q1, 2015.

In general it’s bad…

According to KSN data, Kaspersky Lab products detected and neutralized a total of 2,205,858,791 malicious attacks on computers and mobile devices in the first quarter of 2015. Twice as much as in Q1, 2014 (1 131 000 866 attacks).

At the same time, compared to Q1, 2014, there is a sharp, 8.5x drop in the number of new mobile malware installation packages. However, compared to Q4, 2014, there is a 3x growth.

The number of new malicious mobile programs overall grew from 103 to 110 thousands, while the number of newly detected banking Trojans, perhaps the most dangerous kind of mobile malware, increased from 1,182 to 1,527. However, compared to Q4, 2014, there is 4.4 – fold decline.

It’s all about money, again

The basic trend is the same: cybercriminals are after money, and everything they do has more or less the same purpose – to reach others’ bank accounts or to steal valuable data.

Banking malware authors seem to have been especially prolific in Q1, 2015: Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on the computers of 929,082 users. This figure represents a 64.3% increase compared to the previous quarter (565,515). It’s also 30% more than in Q1, 2014, but roughly the same as in Q2, 2014 (927k).

Banking malware is the most prevalent kind of financial threat in Q1 – 71%. The rest is Bitcoin-related threats and keyloggers.


Kaspersky Lab experts picked a formidable crop of APT campaigns in 2013-2015: those publicly reported in Q1, 2014 and Q1, 2015, are usually discovered before, sometimes even months ahead.

In Q1, 2014 such campaigns as Mask/Careto and Turla were announced. Both are “seasoned data stealers”, with Mask being more business-oriented than Turla – the latter has mostly governments, intelligence agencies, military and academia entities in its crosshairs, albeit the pharmaceutical industry is also targeted.

In Q1, 2015 more campaigns were made public – Equation (espionage), Carbanak (money stealing), Desert Falcons (espionage), and Animal Farm (espionage, DDoS).

Also a couple of dire Trojans – Dyreza banker and PoSeidon, a PoS-attacking Trojan, were revealed.

Carbanak stands out

This ultra-massive campaign (see this sizeable report) made headlines due to the huge total losses inflicted, up to $1 bn by February – maybe more since it is still active.

It is the most “money-direct” campaign specifically targeting banks – and the damage is massive. The campaign operators do think outside the box, using all imaginable tricks to infiltrate bank networks, find the proper victim therein, infect it, and then transfer money electronically, or cash out via ATMs, while effectively covering their tracks.

Business and not just that

All in all, we see a further increase in numbers of finance-oriented threats, ranging from malware through formidable APT Campaigns. In fact, there’s a blurred line between what should be considered business and non-business threats. The same malware attacks both corporate and individual users, and the same or similar tools are used for both targeted and non-targeted attacks. Both individuals and businesses fall victim to the same banking Trojans and phishing campaigns – since, in fact, it is people who are ultimately targeted.

APT campaigns may mostly aim at governmental, military, and research organizations – along with the largest corporations – but after awhile, the same techniques are adopted by the criminals taking on commercial entities, and not only the large ones.

We have said before that cybersecurity is everybody’s business, and to ensure the efficient protection all kinds of threats should be considered and addressed.