This post is also available in: עברית (Hebrew)
Kaspersky Lab has undertaken a master review of the key events that defined the threat landscape in 2014.
Among a range of security incidents, targeted attacks and malicious campaigns stand out, particularly in terms of their scale and impact on businesses, governments, public and private institutions. Over the last 12 months, the company’s Global Research and Analysis Team (GReAT) has reported on seven advanced persistent cyber-attack campaigns (APTs). Between them, these accounted for more than 4400 corporate sector targets in at least 55 countries worldwide. This year also saw a number of fraud campaigns that resulted in losses totaling millions of dollars.
The number of victims affected by targeted attacks in 2014 is 2.4 times that of 2013, when up to 1800 corporate targets were discovered.
In 2014, organizations in at least 20 sectors were hit by advanced threat actors. The sectors include the public sector (government and diplomatic offices), energy, research, industrial, manufacturing, health, construction, telecoms, IT, private sector, military, airspace, finance and media, among others. Cyberespionage actors stole passwords, files and audio-streamed content, took screenshots, intercepted geolocation information, controlled web-cameras, and more. It is likely that in several cases these attacks were performed by state-sponsored threat actors, for example the Mask/Careto and Regin campaigns. Others are likely to have been the result of professional cyber-crews organizing ‘attacks-as-a-service’, for example, HackingTeam 2.0, Darkhotel, CosmicDuke, Epic Turla, and Crouching Yeti.
Regin is the first ever cyber-attack platform known to penetrate and monitor GSM networks in addition to other ‘standard’ spying tasks. Darkhotel targeted C-suite victims, including CEOs, Senior Vice Presidents, Sales and Marketing Directors and top R&D staff when they stayed at dozens of luxury hotels worldwide, hunting for sensitive information on connected equipment. These two threat actors have been in operation for a decade, making them among the oldest on the APT scene.
“Targeted operations could mean disaster for the victim: resulting in the leak of sensitive information such as intellectual property, compromised corporate networks, interrupted business processes, and the wiping of data. There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money,” said Alex Gostev, Chief Security Expert at the Global Research and Analysis Team at Kaspersky Lab.
In June 2014, Kaspersky Lab’s Global Research and Analysis Team reported on its research into an attack on the clients of a large European bank. The attack had resulted in the theft of half a million euros in just one week.
In October, GReAT experts published the results of a forensic investigation into a new direct attack on ATMs in Asia, Europe and Latin America. Millions of dollars were stolen from ATMs worldwide without the attackers requiring access to credit cards.
In the forecast for the next year, Kaspersky Lab’s experts expect to see further evolution of these ATM attacks, where APT techniques are used to gain access to the ‘brain’ of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real-time.