Threat Category: Web threats

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

In this report, we analyze malware, potentially unwanted applications and phishing cases related to most popular video games and cheats for these games.

In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them.

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families.

Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in Q1. Also, we saw the continuation of a trend that began in spring: an increase in superlong attacks.

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2.

In Q4 2021, as expected, the number of DDoS attacks rose, while DDoS botnets weaponized a Log4Shell vulnerability. In this report, we present the main DDoS trends and statistics.

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth.

Kaspersky Safe Kids statistics on categories of websites, mobile apps and YouTube searches, plus some suggestions on what to buy children for Christmas this year.

Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105).

Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module ‘Owowa’,

The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations.

Reports

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428.

Web threats

NullMixer: oodles of Trojans in a single dropper

Good game, well played: an overview of gaming-related cyberthreats in 2022

Threat in your browser: what dangers innocent-looking extensions hold for users

IT threat evolution in Q2 2022. Non-mobile statistics

IT threat evolution Q2 2022

DDoS attacks in Q2 2022

The SessionManager IIS backdoor

Threat landscape for industrial automation systems, H2 2021

DDoS attacks in Q4 2021

Telehealth: a new frontier in medicine—and security

Choosing Christmas gifts for kids: Squid Game and Huggy Wuggy are trending

Answering Log4Shell-related questions

Kaspersky Security Bulletin 2021. Statistics

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

CVE-2021-44228 vulnerability in Apache Log4j library

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Andariel deploys DTrack and Maui ransomware

Targeted attack on industrial enterprises and public institutions

Subscribe to our weekly e-mails