Web threats

Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research.

The pandemic has affected us all in some way, so it would be surprising if cybercriminals were an exception. Spammers and phishers were naturally the trailblazers in this but the entire cybercrime landscape has changed in the last few months.

Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, delivery services, and gaming and educational platforms.

With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape.

We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired.

In the last quarter of the year, the number of both attacks and C&C servers fell sharply, while the number of extra-long attacks (over 400 hours) was the highest ever recorded in the history of our observations.

During the year, Kaspersky solutions repelled 975 491 360 attacks launched from online resources located all over the world and 273 782 113 unique URLs were recognized as malicious by web antivirus components.

In this report, we will discuss the numerous information security issues affecting biometric authentication systems and present the results of our own research, to provide additional information for a more objective evaluation of risks associated with using existing biometric authentication system implementations.

Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe; 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future.

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts.

It is very common to see cybercriminals exploit vulnerabilities in blogging software such as WordPress and Joomla! for injecting their malicious code. In my research, I decided to investigate this further and see what the current threat landscape looks like by researching the most visited blogs in Sweden.

Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.

One of the most popular platforms among users (and hence cybercriminals) is Steam, and we’ve been observing money-making schemes to defraud its users for quite some time. Since June, however, such attacks have become more frequent and, compared to previous attempts, far more sophisticated.

As we saw from the statistics, tech giants that collect and analyze data to show us targeted advertising are present practically everywhere in the world. And it is these companies that store the most data about people from all over the planet.