1025 matches found
Jack of all trades
Nowadays, it's all too easy to end up with malicious apps on your smartphone, even if you're using the official Google Play app store. The situation gets even worse when you go somewhere other than the official store – fake applications, limited security checks, and so on. However, the spread of...
Kaspersky Security Bulletin. Overall statistics for 2017
All the statistics used in this report were obtained using Kaspersky Security Network KSN, a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213...
Still Stealing
Two years ago in October 2015 we published a blogpost about a popular malware that was being distributed from the Google Play Store. Over the next two years we detected several similar apps on Google Play, but in October and November 2017 we found 85 new malicious apps on Google Play that are...
Cybercriminals vs financial institutions in 2018: what to expect
Introduction – key events in 2017 2017 was a year of great changes in the world of cyberthreats facing financial organizations. Firstly, in 2017 we witnessed a continuation of cyberattacks targeting systems running SWIFT — a fundamental part of the world's financial ecosystem. Attackers were able...
Kaspersky Security Bulletin: Review of the Year 2017
Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...
Kaspersky Security Bulletin: Story of the year 2017
Download the Kaspersky Security Bulletin: Story of the year 2017 Introduction: what we learned in 2017 In 2017, the ransomware threat suddenly and spectacularly evolved. Three unprecedented outbreaks transformed the landscape for ransomware, probably forever. The attacks targeted businesses and...
IoT lottery: finding a perfectly secure connected device
Black Friday and Cyber Monday are great for shopping. Vendors flood the market with all kinds of goods, including lots of exciting connected devices that promise to make our life easier, happier and more comfortable. Being enthusiastic shoppers just like many other people around the world, at...
Android commercial spyware
There's certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method. There's no need to even resort to Tor Browser or other darknet...
Threat Predictions for Connected Life in 2018
Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018 Introduction: To be awake is to be online The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet sever...
Kaspersky Lab – Beyond Black Friday Threat Report, November 2017
Introduction The festive holiday shopping season, which covers Thanksgiving, Black Friday and Cyber Monday in late November as well as Christmas in December, now accounts for a significant share of annual sales for retailers, particularly in the U.S., Europe and APAC. Those selling clothing,...
Investigation Report for the September 2014 Equation malware detection incident in the US
Background In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee's home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities ...
Threat Predictions for Cryptocurrencies in 2018
The landscape in 2017 Today, cryptocurrency is no longer only for computer geeks and IT pros. It's starting to affect people's daily life more than they realize. At the same time, it is fast becoming an attractive target for cybercriminals. Some cyberthreats have been inherited from e-payments,...
Threat Predictions for Financial Services and Fraud in 2018
The landscape in 2017 In 2017 we've seen fraud attacks in financial services become increasingly account-centric. Customer data is a key enabler for large-scale fraud attacks and the frequency of data breaches among other successful attack types has provided cybercriminals with valuable sources o...
Threat Predictions for Connected Health in 2018
The landscape in 2017 In 2017, Kaspersky Lab research revealed the extent to which medical information and patient data stored within the connected healthcare infrastructure is left unprotected and accessible online for any motivated cybercriminal to discover. For example, we found open access to...
Threat Predictions for Automotive in 2018
The landscape in 2017 Modern cars are no longer just electro-mechanical vehicles. With each generation, they become more connected and incorporate more intelligent technologies to make them smarter, more efficient, comfortable and safe. The connected-car market is growing at a five-year compound...
Kaspersky Security Bulletin: Threat Predictions for 2018
Download the Kaspersky Security Bulletin: Threat Predictions for 2018 Introduction As hard as it is to believe, it's once again time for our APT Predictions. Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new even...
Threat Predictions for Industrial Security in 2018
The landscape in 2017 2017 was one of the most intense in terms of incidents affecting the information security of industrial systems. Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on...
APT Trends report Q3 2017
Introduction Beginning in the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of what research we have been conducting. This report serves as the next...
IT threat evolution Q3 2017. Statistics
Q3 figures According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. 72,012,219 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that ai...
IT threat evolution Q3 2017
Targeted attacks and malware campaigns Re-enter the dragon In July, we reported on the recent activities of a targeted attack group called 'Spring Dragon' also known as LotusBlossom, whose activities data back to 2012. Spring Dragon makes extensive use of spear-phishing and watering-hole attacks...
Using legitimate tools to hide malicious code
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g...
DDoS attacks in Q3 2017
News Overview In the third quarter of 2017, the trends of the preceding quarters continued to develop further. The number of DDoS attacks in China, the United States, South Korea and Russia increased, which were reflected in the statistics we gathered for botnets. A sharp surge in the number more...
Spam and phishing in Q3 2017
Quarterly highlights Blockchain and spam Cryptocurrencies have been a regular theme in the media for several years now. Financial analysts predict a great future for them, various governments are thinking about launching their own currencies, and graphics cards are swept off the shelves as soon a...
Silence – a new Trojan attacking financial organizations
More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: [email protected] In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected...
Tales from the blockchain
Cryptocurrency has gradually evolved from an element of a new world, utopian economy to a business that has affected even those sectors of society least involved in information technology. At the same time, it has acquired a fair number of "undesirable" supporters who aim to enrich themselves at...
Gaza Cybergang – updated activity in 2017:
1. Summary information The Gaza cybergang is an Arabic-language, politically-motivated cybercriminal group, operating since 2012 and actively targeting the MENA Middle East North Africa region. The Gaza cybergang's attacks have never slowed down and its typical targets include government...
Analyzing an exploit for СVE-2017-11826
The latest Patch Tuesday 17 October brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX...
Bad Rabbit ransomware
UPDATE 27.10.2017. Decryption opportunity assessment. File recovery possibility. Verdicts What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been report...
Dangerous liaisons
It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...
ATM malware is being sold on Darknet market
Disclaimer and warning ATM systems appear to be very secure, but the money can be accessed fairly easily if you know what you are doing. Criminals are exploiting hardware and software vulnerabilities to interact with ATMs, meaning they need to be made more secure. This can be achieved with the he...
BlackOasis APT and new targeted attacks leveraging zero-day exploit
More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: [email protected] Introduction Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the...
ATMii: a small but effective ATM robber
While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list - Backdoor.Win32.ATMii...
The Festive Complexities of SIGINT-Capable Threat Actors
To read the full paper and learn more about this, refer to "Walking in Your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell" Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough...
Threat Landscape for Industrial Automation Systems in H1 2017
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. All statistical data used in this report was collected using the Kaspersk...
A simple example of a complex cyberattack
We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...
A Modern Hypervisor as a Basis for a Sandbox
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment or vice versa, to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an...
An (un)documented Word feature abused by attackers
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a clo...
Connected Medicine and Its Diagnosis
Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is "scattered" across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and...
Miners on the Rise
Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabiliti...
Satoshi Bomb
Let us discuss what defines the profitability of bitcoin mining, what principles for mining speed adaptation were initially embedded into it, and why these principles can lead to the failure of the cryptocurrency in the long run. We assume that the reader has an idea of basic Bitcoin mechanics su...
Dissecting the Chrome Extension Facebook malware
It's been a few days since Kaspersky Lab's blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify...
Introducing WhiteBear
As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper...
Jimmy Nukebot: from Neutrino with love
"You FOOL! This isn't even my final form!" In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as...
Neutralization reaction
Incident Response Guide PDF Despite there being no revolutionary changes to the cyberthreat landscape in the last few years, the growing informatization of business processes provides cybercriminals with numerous opportunities for attacks. They are focusing on targeted attacks and learning to use...
WAP-billing Trojan-Clickers on rise
During the preparation of the "IT threat evolution Q2 2017" report I found several common Trojans in the "Top 20 mobile malware programs" list that were stealing money from users using WAP-billing - a form of mobile payment that charges costs directly to the user's mobile phone bill so they don't...
New multi platform malware/adware spreading via Facebook Messenger
One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzin...
Spam and phishing in Q2 2017
Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware –...
Booking a Taxi for Faketoken
The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware,...
ShadowPad in corporate networks
ShadowPad, part 2: Technical Details PDF In July 2017, during an investigation, suspicious DNS requests were identified in a partner's network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Furth...
IT threat evolution Q2 2017
Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit SAS included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London present...