Financial threats

We have seen many shapes and colors of cryptolockers, but the new CTB-Locker variant says it all. A new variant of the CTB-Locker targets web servers only, and to our knowledge it has already successfully encrypted web-root files in more than 70 servers.

On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. The incident Israeli banks experienced had a very fascinating and innovative method of stealing the money.

As the functionality of mobile devices and mobile services grows, the appetite of cybercriminals who profit from mobile malware will grow too. Malware authors will continue to improve their creations, develop new technologies and look for new ways of spreading mobile malware. Their main aim is to make money.

Kaspersky Lab security researchers Santiago Pontirol and Roberto Martinez explain how ATM malware works in Latin America and why it’s difficult to discover ‘jackpotting’ malware.

A year after Kaspersky Lab warned that cybercriminals would start to adopt the tools and tactics of nation-state backed APTs in order to rob banks, the company has confirmed the return of Carbanak and uncovered two more groups: Metel and GCMAN.

A while ago Turkish security group Otku Sen created the hidden tear ransomware and published the source code online. Idea behind it was to “teach” security researchers how ransomware works. Right from the beginning the reaction of various security professionals was negative. And we were right, it didn’t take long before the first ransomware variants arrived based on the hidden tear source code.

In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms – Android and Linux: almost all types of malicious programs are created and used for these platforms.

The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let’s have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment.

The end of the year is traditionally a time for reflection – for taking stock of our lives before considering what lies ahead. We’d like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015.

The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works.

As the year comes to an end, we have an opportunity to take stock of how the industry has evolved and to cast our predictions for the coming years. The outlook for our rapidly evolving field of study is quite thought-provoking and will continue to present us with interesting challenges.

Brazil ranks among the most dangerous countries for digital citizens. To understand what is going on in the Brazilian cybercriminal underground, we would like to take you on a journey into their world, to explore their attack strategy and their state of mind.

In the third quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 235,415,870 malicious attacks from online resources located all over the world. There were 5,686,755 registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.

After obtaining the new MD5 hashes for the CoinVault files, we set out to find more clues, more files, and to analyse what these new malware variants had to reveal. However, the best thing was that, based on our analysis, the National High Tech Crime Unit of the Dutch police was able to apprehend two suspects last Monday.

A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Lab’s classification. The original name given to the encryptor by its creator is not known.