Kaspersky Lab First Quarter Threats Report Shows Early Predictions Already Coming True

17 Apr 2014

Kaspersky Lab today released its first quarterly Threat Report for 2014, finding that three of its predictions for 2014 have already been confirmed. The report also showcased insightful statistics about cyber threats that occurred during the first three months of the year.

In the end-user forecast, Kaspersky Lab stated that cyber criminals would target the following:

- Your Privacy

This type of targeting would lead to greater popularity for VPN services and people using Tor for anonymous activity. During the first quarter, the cyber-criminal element did in fact grow. For example, in February Kaspersky experts detected the first Android Trojan that uses a domain in the .onion pseudo zone as a control and command. 

- Your Money

The experts expected cybercriminals to continue developing tools to steal cash. This was confirmed by the detection of Trojan-SMS.AndroidOS.Waller.a in March. It is capable of stealing money from QIWI electronic wallets belonging to the owners of infected smartphones. The Trojan currently only targets Russian users, but it is capable of spreading anywhere where e-wallets are managed using text messages. The first quarter report also showed that the number of mobile banking Trojans doubled from 1,321 at the end of 2013 to 2,503 at the end of Q1 2014.

- Your Bitcoins

The experts predicted considerable growth in the number of attacks targeting Bitcoin users’ wallets, Bitcoin pools and stock exchanges. In the first three months of the year there were lots of incidents that demonstrated the validity of this prediction. Among the more newsworthy was the hack of MtGox, one of the largest Bitcoin marketplaces out there. This hack was followed by the hack of the personal blog and Reddit account of MtGox CEO Mark Karpeles. The blog and Reddit account were then used them to post the MtGox2014Leak.zip, which actually turned out to be malware capable of searching for and stealing Bitcoin wallet files from victims.

The Living Dead: the resurrection of cyber-espionage operations

The first quarter also saw a major cyber-espionage incident: The Mask (Careto). In February, Kaspersky Lab published a report on The Mask, which is considered one of the most advanced threats at the current time. The main target was confidential information belonging to state agencies, embassies, energy companies, research institutes, private investment companies, as well as activists from 31 countries. According to the researchers, the complexity of the toolset used by the attackers and several other factors suggest this could be a state-sponsored campaign.  

Q1 in figures

  • At the end of 2013 Kaspersky Lab’s collection of mobile malware stood at 189, 626, but in just Q1 2014 alone 110,324 new malicious programs were added.
  • The proportion of threats targeting Android exceeded 99 percent of all mobile malware. Mobile malware increased by 1 percent over the quarter.
  • 39 percent of neutralized Web attacks were carried out using malicious Web resources located in the US and Russia; the combined figure for the same two countries was 5 percent higher in Q1 2013. They were followed by the Netherlands (10.8%), Germany (10.5%) and the UK (6.3%).
  • 33.2 percent of user computers worldwide were subjected to at least one web-based attack during the past three months – a decrease of 5.9 percent compared to the same period last year.

Alexander Gostev
Chief Security Expert, Global Research and Analysis Team
Kaspersky Lab

“As well as new incidents, we saw the continuation of campaigns that had seemingly already ended. For instance, after cybercriminals had shut down all the known command servers involved in the Icefog operation, we detected a Java version of the threat. The previous attack had primarily targeted organizations in South Korea and Japan, but the new version, judging by the IP addresses tracked, was only interested in US organizations.”

The full report is available at securelist.com