OREANDA-NEWS. December 04, 2015. This year saw near-exponential growth in all areas related to cyber-security and the overriding trend seen by Kaspersky Lab has been increased complexity in cyber-attacks. The Company issued today its Security Bulletin on the top security stories, a retrospective of the key events that have shaped the threat landscape in 2015.

Cyber-activity during 2015 is described by Kaspersky Lab’s Global Research and Analysis Team (GReAT) as “elusive”: full of cyber-criminals that are proving hard to catch and cyber-espionage actors that are even harder to attribute. The growing number of attacks, the numbers of both attackers and their victims, together with a greater focus on cyber-security in defense budgets, new or enhanced cyber-laws, international agreements and new standards has redefined the rules of the game in 2015. This year, agreements on cyber-security were signed between Russia and China, China and the United States, and between China and the United Kingdom. These agreements include not just a commitment to mutual cooperation but an assurance that both sides will seek to prevent attacks on each other.

Kaspersky Lab: predicting the future

A year ago, the director of Kaspersky Lab’s GReAT team, Costin Raiu predicted a few trends for advanced, persistent cyber-threats in 2015. As the year was to show, his forecast was accurate:

  • The evolution of malware techniques. In 2015, GReAT discovered previously unseen methods used by the Equation group, whose malware can modify the firmware of hard drives, and by Duqu 2.0, whose infections make no changes to the disk or system settings, leaving almost no traces in the system. These two cyber-espionage campaigns surpassed anything known to date in terms of complexity and the sophistication of techniques.
  • The merger of cybercrime and advanced persistent threats. In 2015 the Carbanak cyber-criminal gang stole up to \\$1 billion from financial institutions worldwide using targeted attack methods.
  • New methods of data exfiltration. Satellite Turla was found to use satellite communications to manage its command-and-control traffic.
  • An APT arms race. French-“speaking” Animal Farm and Arabic-“speaking” Desert Falcons were two of many cyber-threats seen during the year.
  • Targeting executives through hotel networks. This prediction was later modified to include any venue where a high-profile target could be targeted outside the protected corporate perimeter. For example, the Duqu 2.0 malware infections were linked to the P5+1 events and venues for high-level meetings between world leaders.
  • Precise attacks merged with mass surveillance.  Animal Farm’s targeted cyber-attacks merged with DDoS attacks from the same threat actor, which is rare for advanced targeted cyber-campaigns.
  • Threat actors add mobile attacks to their arsenal. Desert Falcons targeted Android users.

What Kaspersky Lab GReAT didn’t anticipate was that in 2015 we’d see wars between APTs. In the spring of 2015, Kaspersky Lab recorded a rare and unusual example of one cybercriminal attacking another. In 2014, Hellsing, a small and technically unremarkable cyberespionage group targeting mostly government and diplomatic organizations in Asia, was subjected to a spear-phishing attack by another threat actor, Naikon, and decided to strike back. Kaspersky Lab believes that this could mark the emergence of a new trend in criminal cyber activity: the APT wars.

In total, Kaspersky Lab GReAT issued 14 public reports on APT attacks in 2015: Duqu 2.0, Darkhotel – part 2, Naikon, MsnMM Campaigns, Satellite Turla, Wild Neutron, Equation, Blue Termite, Hellsing,Carbanak, Desert Falcons, Animal Farm, Spring Dragon and Sofacy. These advanced actors “speak” different languages: traces hidden in the APTs were in Russian, Chinese, English, Arabic, Korean, and French. They targeted financial institutions, government, military and diplomatic organizations, telecommunications companies and energy firms, political activists and leaders, mass media, private business and more. The attacks were all global.  

“Select any economic sector at random, and the chances are high that you’ll find something in the media about a cyber-security incident or problem. The same goes for all aspects of everyday life. This year’s cyber-events have resulted in a sharp increase in interest, not only in the world’s media but also in the entertainment industry. Movies and television programs featuring cyber-security issues sometimes resulted in experts appearing as themselves. Unfortunately,  cyber-security has also become inextricably linked to terrorism. Today, attacking and defending internal and external networks, such as the Internet, are subjects of considerable interest to various illegal groups,” - commented Aleks Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab.

Read the full report on Securelist.com

Additional materials:

  • Watch a video on the work of GReAT team here
  • Explore the threat logbook with 40 APT campaigns researched by GReAT
  • How to reduce the risk of APT infection? Read here
  • Mitigation strategies are available here
  • Kaspersky Security Bulletin 2014 is available on Securelist.com
  • Predictions for 2016 are here

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more at www.kaspersky.com.