Web threats

In Q2 2015, botnet-assisted DDoS attacks targeted victims in 79 countries. 77% of botnet-assisted attacks targeted resources located in 10 countries. The largest numbers of DDoS attacks targeted victims in China and the USA. Cybercriminals continue to exhibit a growing persistence: DDoS attacks lasting up to 8.5 days were observed.

Intelligence services are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. In this research, we will present practical examples to demonstrate how Tor users may lose their anonymity.

One popular DDoS scenario is a botnet-assisted attack. In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported. These statistics refer to those botnets which were detected and analyzed by Kaspersky Lab.

Kaspersky Lab was involved in botnet takedown operation. Preliminary analysis of some of the sinkholed server logs revealed a list of 190 countries affected by the Simda botnet.

A long time has passed since we published our analysis of threats for home network devices. Since then, the situation has significantly changed – alas, not for the better.

Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts.

In a series of online attacks targeting flaws on network devices and involving malicious DNS servers, fake documents, browser code injections, malicious browser extensions and a lot of creativity, the crooks have successfully stolen vast amounts of money.

‘Malvertising’ is a relatively new term for a technique used to distribute malware via advertising networks, which have long since become a popular medium among cybercriminals.

The biggest security news of the week is the leaked photos of many celebrities. Many people, especially the involved celebrities, wondered how such a hack could take place.

Anyone using the Internet is at risk, regardless of age and regardless of what they like to do online. Cybercriminals can deploy an impressive arsenal and use it to get access to our money, our personal data and the resources of our computer systems.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

A couple weeks ago, my colleague Mikhail K posted on the analysis of several bots, including a bot implementing some extraordinary DNS amplification DDoS functionality. Let’s explore some additional offensive details of this crew’s activity, and details of the overall situation, in the past week.

The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc.

In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

In this first part we’ll look at some very professional phishing and malware attacks that use digitally-signed malware, a breached customer database used for online ticket sales, SSL-certified phishing domains and a lot of social engineering.