Cyber-espionage and weapons on the rise in Q1: Kaspersky
By Digital News Asia June 10, 2013
- Attacks targeted various government agencies, diplomatic organisations and companies around the world
- China govt-sanctioned hackers; attacks against activists; the world becomes a Neal Stephenson novel
THE first three months of the year turned out to be full of incident, especially when it came to cyber-espionage and cyber-weapons, the experts at Kaspersky Lab said in their latest report.
At the very beginning of the year, Kaspersky Lab published a major report with the results of a study into a five-year program of global cyberespionage operations. The operation was dubbed Red October.
These attacks targeted various government agencies, diplomatic organisations and companies around the world, the security company said in a statement.
“The first quarter of 2013 brought a huge number of major incidents related to cyber-espionage and cyber-weapons,” said Dennis Maslennikov (pic), senior malware analyst at Kaspersky Lab.
In addition to workstations, Red October was also capable of stealing data from mobile devices, gathering data from network equipment, collecting files from USB drives, stealing email databases from local Outlook archives or from remote POP/IMAP servers and extracting files from local FTP servers on the Internet.
In February a new malicious program, dubbed MiniDuke, appeared on the scene. It penetrated systems using a zero-day vulnerability in Adobe Reader (CVE-2013-0640).
An investigation into incidents involving this piece of malware was conducted by Kaspersky experts in conjunction with the Hungarian company CrySys Lab. MiniDuke’s victims turned out to be government agencies located in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland, as well as a research organization in Hungary, and a research institute, two scientific research centres and a medical facility in the United States.
In total, the company detected 59 victims in 23 countries.
February also saw the publication of an extensive report by Mandiant on a series of attacks launched by a group of Chinese hackers going by the name of APT1. Mandiant states that APT1 appears to be a division of the Chinese army.
This is not the first time Beijing has been accused of complicity in cyber-attacks against government agencies and organisations in other countries. And there is nothing particularly surprising about the Chinese government’s firm rejection of the claims made in the Mandiant report, Kaspersky Lab said.
Following on in late February, Symantec published a study on a newly identified ‘old’ version of Stuxnet — Stuxnet 0.5. It turned out to be the earliest known modification of the worm, and was active between 2007 and 2009.
Experts have repeatedly stated that there were (or still are) earlier versions of the notorious worm, but this represents the first hard evidence.
“Incidents that require months of relentless investigation are relatively rare in the antivirus industry. Even rarer are events that remain relevant three years after they take place — like the detection of Stuxnet, for example,” said Maslennikov.
“Although this worm has been studied by numerous antivirus vendors, there are still lots of modules that have only been examined briefly, if at all.
“The study of Stuxnet version 0.5 has provided more information about this malicious program in general. It’s likely that we’ll find even more information in the future.
“The same can be said about the other cyber-weapons detected after Stuxnet, as well as malware used in cyber-espionage – there’s a lot we still don’t know,” he added.
The first quarter of 2013 also saw more targeted attacks against Tibetan and Uyghur activists. The attackers appeared to be using everything at their disposal to achieve their goals, and users of Mac OS X, Windows, and Android were subjected to attacks.
Back in 2011, Kaspersky Lab said it witnessed mass hacks of several companies and some major leakage of users’ data.
It might seem like these attacks came to nothing, but this was not so, the company added. Cybercriminals remain as interested as ever in hacking large companies and getting their hands on confidential data, including user information.
In the first quarter of 2013 victims included Apple, Facebook, Twitter and Evernote, among others, it said.
The mobile threat front was also full of incident in Q1 2013. January may have been a quiet month for mobile virus writers, but over the next two months Kaspersky Lab detected in excess of 20,000 new mobile malware modifications, which is equivalent to roughly half of all the malware samples detected over the whole of 2012.
There were also minor changes to the threat geography. This time around, Russia (19%, -6 percentage points) and the United States (25%, +3 percentage points) once again switched places in the ratings in terms of malicious hosting services — the United States returned to first place. The percentages of other countries were more or less unchanged from the fourth quarter of 2012.
The rating of the most prevalent vulnerabilities saw no significant shifts. Java vulnerabilities are still on top, detected on 45.26% of all computers. On average, Kaspersky experts counted eight different breaches on every vulnerable machine.