Quarterly IT Security reports: a roundup

Kaspersky Lab’s quarterly IT Threat Evolution report is in and so is Kaspersky DDoS Intelligence Report for Q3 2015. Let’s take a look into what happened this last quarter.

Kaspersky Lab’s quarterly IT Threat Evolution report is in and so is Kaspersky DDoS Intelligence Report for Q3 2015. Let’s take a look into what happened this last quarter.

Key findings

  • According to KSN data, Kaspersky Lab solutions detected and repelled a total of 235,415,870 malicious attacks from online resources located all over the world.
  • There were 5,686,755 registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.
  • There was a spike of new banker Trojans: 2,516 new specimen discovered in Q3, compared to just 630 in Q2.
  • 323,374 new malicious mobile programs have been discovered.
  • There were 5.68 million notifications about attempted malware infections to steal money from users via online access to bank accounts.
  • A DDoS attack that went on for 320 hours (i.e. almost two weeks) continuously has been observed.

APTs and other targeted attacks

Q3 report (available at Securelist) specifically highlights recent research in Turla APT (which proved to become “spaceborne” – attackers are actively using satellites). There was also an update on Darkhotel APT (which expanded its area of operation to include victims in a number of countries, including both Koreas, Russia, Japan, Bangladesh, Thailand, India, Mozambique and Germany. In August there was a fresh report on Blue Termite – a targeted attack campaign focused on stealing information from organizations in Japan.

Also a Coinvault ransomware campaign was brought down, with its suspected operators arrested.


In Q3, DDoS attacks remained a highly localized phenomenon: 91.6% of victims resources are located in only 10 countries around the world, although overall attacks happened in 79 countries. Most of the time DDoS attacks originate from the same country where the victims are located.

The 320 hours-long DDoS attack mentioned above is indeed a particularly noticeable event whereas more than 90% of attacks lasted less than 24 hours in Q3. Still, there is an apparent growth in the number of attacks lasting over 150 hours.

Linux-based botnets began to play a significant part, accounting for up to 45.6% of all attacks recorded by Kaspersky Lab. The main reasons include poor protection and higher bandwidth capacity.

And last, but not least, banks are reported to be frequent targets of complex attacks and ransom demands in Q3, which isn’t really surprising.


Both reports are full of massive figures, showing that overall situation is unlikely to improve any time soon. In fact, as the cybercrime has completely become financially-driven, there will be more and more malware and other threats of various quality and efficiency. This “arms race” is likely to go on forever: malware writers will create new nasty things, security vendors will pin and tag them.

Then there is a third party which is even more responsible for overall security: businesses and consumers.

Because they are in reticle of cybercriminals, they are getting attacked, and the success rate of those attacks depends how much cybercriminals are encouraged (or discouraged) to keep going.

There is a sort of simplification, of course, as there is no linear dependence. But the companies using mature and well-tested security solutions, and who have established proper information access and security policy are way less likely to experience a successful attack on their infrastructure and lose data.

Take a look at the Q3 Threat Evolution report here.

The latest quarterly DDoS report is available here. It is based on data from the DDoS Intelligence system, part of Kaspersky DDoS Protection. Learn more about the product here.