{"id":4908,"date":"2015-12-10T17:35:02","date_gmt":"2015-12-10T17:35:02","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4908"},"modified":"2019-11-15T07:00:18","modified_gmt":"2019-11-15T12:00:18","slug":"kaspersky-security-bulletin-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/kaspersky-security-bulletin-2015\/4908\/","title":{"rendered":"Kaspersky Security Bulletin 2015: Threats evolved as predicted"},"content":{"rendered":"<p>As the year wraps up, Kaspersky Lab released its reports on the overall status of global cybersecurity. Meet <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/72969\/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector\/\" target=\"_blank\" rel=\"noopener\">\u201cKaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector\u201d.<\/a><\/p>\n<p><strong>Corporate-related figures<\/strong><\/p>\n<ul>\n<li>In 2015, one or more malware attacks were blocked on 58% of corporate computers. This is a 3 p.p. rise from the previous year.<\/li>\n<li>29% of computers \u2013 i.e. almost every third business-owned computer \u2013 were subjected to one or more web-based attacks.<\/li>\n<li>Malware exploiting vulnerabilities in office applications were used 3 times more often than in attacks against home users.<\/li>\n<li>File antivirus detection was triggered on 41% of corporate computers (objects were detected on computers or on removable media connected to computers: flash drives, memory cards, telephones, external hard drives, or network disks).<\/li>\n<\/ul>\n<p><strong>APTs and future<\/strong><\/p>\n<p>The defining feature of 2015 were APT-type attacks targeted against businesses. It was predicted last year, and the prediction was totally correct. If previous APTs were launched (or sponsored) by nation states, this year targeted attacks and campaigns were observed hitting financial organizations such as banks, funds and exchange-related companies, including cryptocurrency exchanges. As it is easy to see, criminal APT operators were mostly interested in financial gain (see our reports on <a href=\"https:\/\/business.kaspersky.com\/the-great-bank-robbery-carbanak-apt\/3598\/\" target=\"_blank\" rel=\"noopener nofollow\">Carbanak<\/a> and <a href=\"https:\/\/business.kaspersky.com\/grabit-an-smb-targeting-spy-campaign\/4015\/\" target=\"_blank\" rel=\"noopener nofollow\">Grabit<\/a>, for instance).<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Kaspersky #Security Bulletin 2015: threats evolved as predicted. #protectmybiz #enterprisesec<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F5Wd1&amp;text=Kaspersky+%23Security+Bulletin+2015%3A+threats+evolved+as+predicted.+%23protectmybiz+%23enterprisesec\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>This does not mean, however, that data gathering\/cyberespionage campaigns have gone to the background. They are still there, too.<\/p>\n<p>For 2016, APTs are <a href=\"https:\/\/business.kaspersky.com\/apt-predictions-for-2016-there-will-be-no-more-apts-oh-wait\/4821\/\" target=\"_blank\" rel=\"noopener nofollow\">predicted<\/a> to transform into something else: according to Kaspersky Lab\u2019s GReAT team, APTs will be replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, as the cybercriminals will gladly drop both the \u201cadvanced\u201d and \u201cpersistent\u201d elements for the sake of overall stealth. Furthermore, the \u201cAPT theater\u201d will grow, as more and more \u201ccommercially-motivated\u201d players (including hackers-for-hire) will arrive. These will prefer re-purposing the off-the-shelf malware to minimize their initial investments.<\/p>\n<p><strong>Tools o\u2019thievery<\/strong><\/p>\n<p>Securelist\u2019s new report also provides a lot of statistical insights into corporate-oriented attacks of 2015. For instance, more than a half of the web-based attacks were executed via malicious URLs (i.e. infected web-sites), while the Top 10 of web-based malicious programs consists almost exclusively of objects used in drive-by attacks.<\/p>\n<p>Local threats are topped by a rather vague definition \u2013 DangerousObject.Multi.Generic. In fact this is an umbrella verdict for various malicious programs that were detected with the help of cloud technologies.<\/p>\n<p>Cloud technologies work when antivirus databases do not yet contain signatures or heuristics to detect a malicious program but the company\u2019s cloud antivirus database already includes information about the object. When a client company cannot send statistics to the cloud, <a href=\"https:\/\/business.kaspersky.com\/kpsn\/4897\/\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Private Security Network<\/a> is used instead, meaning that network computers receive protection from the cloud.<\/p>\n<p><strong>Attacked in a different manner<\/strong><\/p>\n<p>Summing up, Securelist points out at the following pecularities of attacks on corporate users:<\/p>\n<ul>\n<li>exploits for vulnerabilities found in office applications are used three times more often than in attacks on home users;<\/li>\n<li>use of malicious files signed with valid digital certificates;<\/li>\n<li>use of legitimate programs in attacks, allowing the attackers to go undetected for longer.<\/li>\n<\/ul>\n<p>Also a rapid growth in the number of corporate user computers attacked by encryptor programs (i.e. ransomware) has been observed this year. In 2015, Kaspersky Lab solutions detected ransomware on more than 50,000 computers in corporate networks, which is double the figure in 2014. The emergence of Linux Encryption malware is also intriguing and troubling at the same time.<\/p>\n<p>A detailed report is available <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/72969\/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector\/\" target=\"_blank\" rel=\"noopener\">at this link<\/a>. It also covers yet another widespread problem \u2013 attacks on PoS terminals. But this topic will be covered separately next week.<\/p>\n<p>Stay tuned.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As the year wraps up, Kaspersky Lab released its reports on the overall status of global cybersecurity. <\/p>\n","protected":false},"author":209,"featured_media":15513,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2258,2035,282,2364,2319],"class_list":{"0":"post-4908","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-apts","10":"tag-cyber-espionage","11":"tag-cybersecurity","12":"tag-kaspersky-security-bulletin","13":"tag-reports"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/kaspersky-security-bulletin-2015\/4908\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/kaspersky-security-bulletin-2015\/4908\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/kaspersky-security-bulletin-2015\/4908\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/apts\/","name":"APTs"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4908"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4908\/revisions"}],"predecessor-version":[{"id":30358,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4908\/revisions\/30358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15513"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}