Financial threats

The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works.

As the year comes to an end, we have an opportunity to take stock of how the industry has evolved and to cast our predictions for the coming years. The outlook for our rapidly evolving field of study is quite thought-provoking and will continue to present us with interesting challenges.

Brazil ranks among the most dangerous countries for digital citizens. To understand what is going on in the Brazilian cybercriminal underground, we would like to take you on a journey into their world, to explore their attack strategy and their state of mind.

In the third quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 235,415,870 malicious attacks from online resources located all over the world. There were 5,686,755 registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.

After obtaining the new MD5 hashes for the CoinVault files, we set out to find more clues, more files, and to analyse what these new malware variants had to reveal. However, the best thing was that, based on our analysis, the National High Tech Crime Unit of the Dutch police was able to apprehend two suspects last Monday.

A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Lab’s classification. The original name given to the encryptor by its creator is not known.

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempted malware infections aiming at stealing money via online access to bank accounts. Were detected 291,887 new malicious mobile programs.

TeslaCrypt 2.0 is different from previous ones in that it uses a significantly improved encryption scheme and uses an HTML page instead of a GUI. Incidentally, the HTML page was copied from another Trojan – Cryptowall.

In the first quarter of 2015 Kaspersky Lab products detected a total of 2,2 bln malicious attacks and more than 93 mln unique malicious URLs. The story of the powerful Equation cyberespionage group was perhaps the most talked-about news story of Q1.

Some months ago we wrote a blog post about CoinVault. In that post we explained how we tore the malware apart in order to get to its original code and not the obfuscated one.

The Emotet Trojan is a highly automated and developing, territorially-targeted bank threat. Its small size, the dispersal methods used and the modular architecture, all make Emotet a very effective weapon for the cyber-criminal.

Last autumn, we discovered the first sample of an interesting new encryptor, TorLocker. The Trojan encrypts all files with AES-256 + RSA-2048 and uses the Tor network to contact its “owners”.

Kaspersky Lab and INTERPOL presented research on how blockchain-based cryptocurrencies could be abused through the pollution of public decentralized databases with arbitrary data.

In this article we look at the evolution of complication of the encryption schemes used by virus writers and the methods they adopt to put pressure on their victims. At the end of the article there is some advice for users which might help them protect important files.

A modern smartphone is a full-blown working tool, an entertainment center and a tool to manage your personal finances. The more it can do, the more attractive it is to cybercriminals. The evidence for this is clear when we look at the rapid growth in the numbers of mobile Trojans.