In the end-user forecast, Kaspersky
Lab stated that cyber criminals would target the following:
- Your Privacy
This type of targeting would lead to
greater popularity for VPN services and people using Tor for anonymous
activity. During the first quarter, the cyber-criminal element did in fact grow.
For example, in February Kaspersky experts detected the first Android Trojan
that uses a domain in the .onion pseudo zone as a control and command.
- Your Money
The experts expected
cybercriminals to continue developing tools to steal cash. This was confirmed
by the detection of Trojan-SMS.AndroidOS.Waller.a in March. It is capable of
stealing money from QIWI electronic wallets belonging to the owners of infected
smartphones. The Trojan currently only targets Russian users, but it is capable
of spreading anywhere where e-wallets are managed using text messages. The
first quarter report also showed that the number of mobile banking Trojans
doubled from 1,321 at the end of 2013 to 2,503 at the end of Q1 2014.
- Your Bitcoins
The expertspredicted considerable growth in the
number of attacks targeting Bitcoin users’ wallets, Bitcoin pools and stock
exchanges. In the first three months of the year there were lots of incidents
that demonstrated the validity of this prediction. Among the more newsworthy was
hack of MtGox, one of the largest Bitcoin marketplaces out there. This hack
was followed by the hack of the personal blog and Reddit account of MtGox CEO
Mark Karpeles. The blog and Reddit account were then used them to
post the MtGox2014Leak.zip, which actually turned out to be malware capable
of searching for and stealing Bitcoin wallet files from victims.
The Living Dead: the resurrection
of cyber-espionage operations
The first quarter also saw a major cyber-espionage
incident: The Mask (Careto). In February, Kaspersky Lab published
a report on The Mask, which is considered one of the most advanced threats
at the current time. The main target was confidential information belonging to
state agencies, embassies, energy companies, research institutes, private
investment companies, as well as activists from 31 countries. According to the
researchers, the complexity of the toolset used by the attackers and several
other factors suggest this could be a state-sponsored campaign.
Q1 in figures
end of 2013 Kaspersky Lab’s collection of mobile malware stood at 189, 626, but
in just Q1 2014 alone 110,324 new malicious programs were added.
proportion of threats targeting Android exceeded 99 percent of all mobile
malware. Mobile malware increased by 1 percent over the quarter.
39 percent of neutralized Web attacks were
carried out using malicious Web resources located in the US and Russia; the combined
figure for the same two countries was 5 percent higher in Q1 2013. They were
followed by the Netherlands (10.8%), Germany (10.5%) and the UK (6.3%).
percent of user computers worldwide were subjected to at least one web-based
attack during the past three months – a decrease of 5.9 percent compared to the
same period last year.
Quote Alexander Gostev Chief Security Expert, Global Research and Analysis Team Kaspersky Lab
well as new incidents, we saw the continuation of campaigns that had seemingly
already ended. For instance, after cybercriminals had shut down all the known
command servers involved in the Icefog
operation, we detected a Java
version of the threat. The previous attack had primarily targeted
organizations in South Korea and Japan, but the new version, judging by the IP
addresses tracked, was only interested in US organizations.”