Secure environment (IoT)

2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, attack scale and impact on our daily life. In fact, the year ended with massive DDoS attacks unseen before, leveraging Mirai botnet technology.

The Mirai botnet, which is made up of IoT devices and which was involved in DDoS attacks whose scale broke all possible records, has been extensively covered by the mass media. Given that the botnet’s source code has been made publicly available and that the Internet of Things trend is on the rise, no decline in IoT botnet activity should be expected in the near future.

2016 was a tense and turbulent year in cyberspace – from the massive IoT botnets and ransomware to targeted cyberespionage attacks, financial theft, ‘hacktivism’ and more. Kaspersky Lab’s Review of the Year and Statistics provide a detailed review – you can read the Executive Summary here.

Starting from yesterday, many DSL customers in Germany were reporting problems with their routers. Today we saw news, that a malicious attack could be the reason for this widespread problem.

In September 2016, while researching a new wave of attacks, we found an interesting target which appeared to constantly receive spearphishes, a practice we commonly describe as a “magnet of threats”. Among all the attacks received by this magnet of threats, which included various older Office exploits such as CVE-2012-0158, one of them attracted our attention.

Interesting trend this quarter was the increased activity of DDoS botnets in Western Europe. For the first time in a year the TOP 10 most attacked countries included three Western European countries – Italy, France and Germany.

The concept of a smart city brings together many modern technologies and solutions. Smart city infrastructures develop faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals.

August 13, 2016 saw the beginning of a truly bizarre episode. A new identity going under the name ‘ShadowBrokers’ came onto the scene claiming to possess files belonging to the apex predator of the APT world, the Equation Group.

Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims.

We caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT Group we call “ScarCruft”.

These sensors are the lowest tier of ‘smart city’ infrastructure – they collect raw data about traffic and pass it on; without that data, no analysis can be done and systems cannot be configured properly. Therefore, the information coming from the sensors has to be accurate. But is that actually the case?

The year 2016 started with a quite a number of security incidents related to hacks of hospitals and medical equipment. They include a ransomware attack on a Los Angeles hospital, the same in two German hospitals, an attack on a Melbourne hospital and so on – in just two months of 2016!

Sergey Lozhkin, senior researcher at Kaspersky Lab’s GReAT gave a talk about several critical vulnerabilities he found in one hospital’s IT infrastructure. From Kaspersky Security Analyst Summit 2016 on Tenerife, Spain.

In a comment on Reddit this week, user “moeburn” raised the possibility of new malware circulating for Smart TVs. We immediately got to work trying to figure out if this threat was targeting connected televisions specifically or whether this was an accidental infection.

The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let’s have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment.