Increasing number of people turning to Darknet to safeguard their personal data
Number of mobile banking trojans almost doubled from 1,321 to 2,503 in Q1
KASPERSKY Lab said that three months after it published its threat forecast for 2014, all three of the ‘end-user forecasts’ it experts had predicted were confirmed.
Kaspersky Lab experts said that cybercriminals would target (click infographic to enlarge):
Your privacy, leading to greater popularity for VPN (virtual private network) services and Tor-anonymisers. The number of people turning to the Darknet in an attempt to safeguard their personal data is indeed increasing.
But as well as benevolent users, Tor continues to attract dark forces
– anonymous networks can conceal malware activity, trading on illegal sites, and money laundering. For example, in February Kaspersky experts detected
the first Android Trojan that uses a domain in the .onion pseudo zone as a C&C (command and control centre).
Your money: The experts expected cybercriminals to continue developing tools to steal cash. This was confirmed by the detection of Trojan-SMS.AndroidOS.Waller.a in March. It is capable of stealing money from QIWI electronic wallets belonging to the owners of infected smartphones.
The trojan currently only targets Russian users, but it is capable of spreading anywhere where e-wallets are managed using text messages, Kaspersky Lab said in a statement.
Cybercriminals also made use of some standard approaches such as spreading trojans for mobiles that steal money with the help of malicious spam.
And here the global reach is much greater – the Faketoken mobile banking Trojan, for example, has affected users in 55 countries, including users in Germany, Sweden, France, Italy, the United Kingdom and the United States.
In the first quarter of 2014, the number of mobile banking trojans almost doubled from 1,321 to 2,503, Kaspersky Lab said.
Your bitcoins: The experts expected considerable growth in the number of attacks targeting Bitcoin users’ wallets, Bitcoin pools and stock exchanges.
In the first three months of the year there were lots of incidents that proved this prediction was correct. Among the more newsworthy were the hack
of MtGox, one of the biggest bitcoin exchanges; the hacking of the personal blog and Reddit account of MtGox chief executive officer Mark Karpeles and using them to post
the MtGox2014Leak.zip which actually turned out to be malware-capable of searching for and stealing Bitcoin wallet files from victims.
In a bid to boost their illicit earnings, cybercriminals infect computers and use their resources to generate more digital currency. Trojan.Win32.Agent.aduro, the 12th most frequently detected malicious object on the Internet in Q1, is an example of a trojan used in this type of process, Kaspersky Lab said.
Resurrection of cyber-espionage ops
The first quarter also saw a major cyber-espionage incident: in February. Kaspersky Lab published a report on one of the most advanced threats at the current time named The Mask.
The main target was confidential information belonging to state agencies, embassies, energy companies, research institutes, private investment companies, as well as activists from 31 countries.
According to researchers, the complexity of the toolset used by the attackers and several other factors suggest this could be a state-sponsored campaign.
“As well as new incidents, we saw the continuation of campaigns that had seemingly already ended,” said Aleks Gostev (pic)
, chief security expert at Kaspersky Lab’s Global Research and Analysis Team.
“For instance, after cybercriminals had shut down all the known command servers involved in the Icefog
operation, we detected a Java version
of the threat.
“The previous attack had primarily targeted organisations in South Korea and Japan, but the new version, judging by the IP (Internet Protocol) addresses tracked, was only interested in US organisations,” he added.
Q1 in figures
33.2% of user computers worldwide were subjected to at least one web-based attack during the past three months – a decrease of 5.9 percentage points compared to the same period last year.
39% of neutralised web attacks were carried out using malicious web resources located in the United States and Russia; the combined figure for the same two countries was 5 percentage points higher in Q1 2013. They were followed by the Netherlands (10.8%), Germany (10.5%) and the UK (6.3%).
The proportion of threats targeting Android exceeded 99% of all mobile malware. Mobile malware increased by one percentage point over the quarter.
At the end of 2013 Kaspersky Lab’s collection of mobile malware stood at 189, 626, but in Q1 2014 alone 110 324 new malicious programs were added. By the end of the quarter there were 299 950 samples in the collection.
Average of 900 online resources active on Tor daily: Kaspersky
Kaspersky Lab uncovers ‘The Mask,’ advanced global cyber-espionage ops
Bitcoin-mining malware on the rise in APAC: Trend Micro
Smarter, shadier and stealthier cyber-crime forces dramatic change
Govt malware, insider threats to dominate security landscape: CyberArk
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.