Kaspersky Lab analysts released a new quarterly report “IT Threat Evolution: Q1 2013”, dedicated to the most important events in the field of information security. The abundance of incidents in the first three months of 2013 have produced great many situations involving the use of malware that can reasonably be attributed to the types of cyber weapons and instruments of cyber-espionage. In particular, in the beginning of the year Kaspersky Lab published a large report with the results of global cyber-espionage operations, dubbed Red October. The objectives of this attack that has been carried out, at the very least, for the past five years, were various state and diplomatic structures, as well as commercial companies around the world.
Neither can we ignore the operation TeamSpy, which targeted prominent politicians and human rights activists in the countries of the CIS and Eastern Europe. The main purpose of the attackers was to collect information on users’ computers, including taking screenshots and copying .pgp files with passwords and encryption keys. In the first quarter of 2012 the targeted attacks on the Tibetan and Uighur activists continued, too. To achieve their goals the attackers used every means possible: Mac OS X and Windows users were attacked and in the late March the attackers started sending out malware to infect Android devices.
Concerning Android we should state it still remains the main goal of virus writers around the world, and the number of threats keeps growing, as in 2012. According to the data collected in the first three months of 2013, 99.9% of all new mobile malware was targeted at Android. As before, most of the incidents connected with the SMS trojans engaged in sending unauthorized SMS to premium-rate short phone numbers. Unfortunately, the first quarter was famous for hacking corporate infrastructures and massive leaks of passwords. Among the affected companies were Apple, Facebook, Twitter, Evernote, and a number of other companies. In particular, an extremely popular business community service Evernote announced the loss of 50 million passwords. These emergency measures had to be taken after the owner and operator of the service detected its internal network intrusion.
In the first quarter of 2013 Kaspersky Lab security solutions repelled 821,379,647 attacks from web sites in different countries and successfully blocked 490,966,403 attempts at locally infecting users computers involved in Kaspersky Security Network.
Top 20 countries for online infection risks in Q1 2013
There’s still an alarming situation with vulnerabilities on users’ computers: in the first quarter of 2013 30,901,713 vulnerable applications and files were found on the users’ computers, i.e. every vulnerable computer contained 8 different vulnerabilities on average. Most of them use the vulnerabilities in Adobe’s and Oracle’s software. First of all, we are talking about the vulnerabilities in Adobe Flash and Oracle Java. All of the most common vulnerabilities are “critical” by nature, and thus have the widest distribution.
The full version of the report for the first quarter of 2013 can be found here: http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013