Kaspersky Lab Threat Review for 2016: servers for sale, global botnets and a strong focus on mobile

13 Dec 2016

Evolving threat landscape reveals a growing need for security intelligence

Woburn, MA – December 14, 2016 – In 2016, the world’s biggest cyber threats were related to money, information and a desire to disrupt. The notable threats included the underground trade of tens of thousands of compromised server credentials, hijacked ATM systems, ransomware and mobile banking malware – as well as targeted cyberespionage attacks and the hacking and dumping of sensitive data. These trends, their impact and the supporting data are covered in the annual Kaspersky Security Bulletin Review and Statistics reports, published today.

In 2016 Kaspersky Lab research also discovered the extent to which companies struggle to quickly spot a security incident: 28.7 percent said it took them several days to discover such an event, while 19 percent admitted it took weeks or more. For a small but significant minority of 7.1 percent, it took months. Among those that struggled most, eventual discovery often came about through an external or internal security audit, or an alert from a third party, such as a client or a customer. Further details on how a delay in detection impacts business recovery costs can be found in the Executive Summary of the review.

Additional discoveries in 2016:

  • The underground economy is bigger and more sophisticated than ever: just look at xDedic – the shady marketplace for more than 70,000 hacked server credentials that allowed anyone to buy access to a hacked server, for example one located in an EU country’s government network, for as little as $6.
  • The biggest financial heist did not involve a stock exchange as expected: instead it used SWIFT-enabled transfers to steal $100 million.
  • Critical infrastructure is worryingly vulnerable on many fronts: as revealed at the end of 2015 and into 2016 by the BlackEnergy cyberattack on the Ukrainian energy sector that included disabling the power grid, wiping data and launching a DDoS attack. In 2016 Kaspersky Lab experts investigated industrial control threats and discovered thousands of hosts around the world exposed to the Internet, with 91.1% carrying vulnerabilities that can be exploited remotely.
  • Targeted attacks can have no pattern: shown by the ProjectSauron APT, an advanced, modular cyberespionage group that customized its tools for each target, reducing their value as Indicators of Compromise (IoCs) for any other victim.
  • The online release of vast volumes of data can directly influence what people think and believe: as evidenced by the ShadowBrokers and other personal and political data dumps.
  • A camera or DVD player could become part of a global Internet-of-things (IoT) cyber-army: as the year ends it is clear that the Mirai-powered botnet attacks are only the beginning.

“The number and range of cyberattacks and their victims seen in 2016 has put the subject of better detection at the top of the business agenda. Detection is now a complex process that requires security intelligence, a deep knowledge of the threat landscape, and the skills to apply that expertise to each individual organization,” said David Emm, Principal Security Researcher, Kaspersky Lab. “Our analysis of cyberthreats over the years has revealed both patterns and unique approaches. This accumulated understanding underpins our active defense tools, as we believe protection technologies should be powered by security intelligence. It also sits at the heart of our growing number of partnerships and collaborations. We use the past to prepare for the future, so that we can continue to protect our customers from undetected threats, before they do any harm,” he added.

An overview of intelligence-based security protection can be found here.

Notable statistics for the year include:

  • 36 percent of online banking attacks now target Android devices, up from just 8 percent in 2015.
  • 262 million URLs were recognized as malicious by Kaspersky Lab products, and there were 758 million malicious online attacks launched across the world – with one in three (29%) originating in the U.S. and 17 percent in the Netherlands.
  • Eight new families of Point-of-Sale and ATM malware appeared – a rise of 20 percent on 2015.
  • Attackers made use of the Google Play Store to distribute Android malware, with infected apps downloaded hundreds of thousands of times.

The Kaspersky Security Bulletin for 2016 comprises the following documents:

Threat Predictions 2017 available here.

Story of the Year: The Ransomware Revolution available here. It also includes advice on how to stay safe and why not to pay the ransom.

Review of the Year: Executive Summary, available on Securelist.

Review of the Year: Full Report, available here.

Statistics, available here.

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more at www.kaspersky.com.

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Sarah Kitsos
781.503.2615
Sarah.Kitsos@kaspersky.com