In itsQ3 IT Threat Evolution report, Kaspersky Lab has published the details of the key security incidents of the quarter. Using statistics from the Kaspersky Security Network (KSN), which obtains information from millions of Kaspersky Lab product users in 213 countries, the report sheds light on the increase in mobile threats, the attempted theft of money from online bank accounts and targeted cyberattacks in the evolving threat landscape.
Displaying adverts to users has remained the main method of making money from mobile threats. During the quarter, Kaspersky Lab observed a growing number of programs that used advertising in this way. They often root the device of a victim and use superuser privileges, making it very difficult to combat them. In Q3 2015, these Trojans accounted for more than half the most popular mobile malware.
In Q3 2015, users in Austria were attacked by banking Trojans more than any other region - 5% of all Kaspersky Lab users in Austria faced this threat during the quarter. Singapore, last quarter’s leader, was moved to second place (4.2%) and 3% of users in Turkey were under threat (third).
Most of the countries in the top 10 have significant numbers of online banking users, attracting cybercriminals. Of the malware used to target online banking users, Trojan-Downloader.Win32.Upatre was the most prevalent, being used in 63.1% of attacks in an attempt to steal users’ payment details.
In Q3, the Kaspersky Lab Global Research and Analysis Team (GReAT) researched a number of sophisticated cyberespionage campaigns. Amongst others, these included investigating the Turla group, which makes use of satellite communications to manage its command-and-control servers’ traffic for subsequent operations, the Darkhotel APT, which infiltrates hotel Wi-Fi networks to place backdoors on target computers, and the Blue Termite APT, which focuses on stealing information from organisations in Japan. Kaspersky Lab also worked on a joint investigation with the Dutch National High Tech Crime Unit (NHTCU) and Panda Security, resulting in the arrest of two suspects, who are believed to be involved in the CoinVault ransomware attacks.
“The developments in Q3 demonstrate that the global threat landscape is continuing to evolve at a fast pace. Malicious mobile programs are on the rise and in countries where online banking is popular, people are at considerable risk from Trojans looking to target them. With 5.6 million cases of attempted theft from online bank accounts, and cybercriminals continually developing sophisticated attacks, the use of high quality cybersecurity products has never been more important. It’s vital that all those using the Internet – both individuals and organizations - protect themselves from these growing threats,” says David Emm, Principal Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis team.