Financial threats

A year after Kaspersky Lab warned that cybercriminals would start to adopt the tools and tactics of nation-state backed APTs in order to rob banks, the company has confirmed the return of Carbanak and uncovered two more groups: Metel and GCMAN.

A while ago Turkish security group Otku Sen created the hidden tear ransomware and published the source code online. Idea behind it was to “teach” security researchers how ransomware works. Right from the beginning the reaction of various security professionals was negative. And we were right, it didn’t take long before the first ransomware variants arrived based on the hidden tear source code.

In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms – Android and Linux: almost all types of malicious programs are created and used for these platforms.

The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let’s have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment.

The end of the year is traditionally a time for reflection – for taking stock of our lives before considering what lies ahead. We’d like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015.

The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works.

As the year comes to an end, we have an opportunity to take stock of how the industry has evolved and to cast our predictions for the coming years. The outlook for our rapidly evolving field of study is quite thought-provoking and will continue to present us with interesting challenges.

Brazil ranks among the most dangerous countries for digital citizens. To understand what is going on in the Brazilian cybercriminal underground, we would like to take you on a journey into their world, to explore their attack strategy and their state of mind.

In the third quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 235,415,870 malicious attacks from online resources located all over the world. There were 5,686,755 registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.

After obtaining the new MD5 hashes for the CoinVault files, we set out to find more clues, more files, and to analyse what these new malware variants had to reveal. However, the best thing was that, based on our analysis, the National High Tech Crime Unit of the Dutch police was able to apprehend two suspects last Monday.

A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Lab’s classification. The original name given to the encryptor by its creator is not known.

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempted malware infections aiming at stealing money via online access to bank accounts. Were detected 291,887 new malicious mobile programs.

TeslaCrypt 2.0 is different from previous ones in that it uses a significantly improved encryption scheme and uses an HTML page instead of a GUI. Incidentally, the HTML page was copied from another Trojan – Cryptowall.

In the first quarter of 2015 Kaspersky Lab products detected a total of 2,2 bln malicious attacks and more than 93 mln unique malicious URLs. The story of the powerful Equation cyberespionage group was perhaps the most talked-about news story of Q1.

Some months ago we wrote a blog post about CoinVault. In that post we explained how we tore the malware apart in order to get to its original code and not the obfuscated one.