Kaspersky Lab has undertaken a master review of the key events that defined the threat landscape in 2014. Among a range of security incidents, targeted attacks and malicious campaigns stand out, particularly in terms of their scale and impact on businesses, governments, public and private institutions.
Over the last 12 months, the company’s Global Research and Analysis Team (GReAT) has reported on seven advanced persistent cyber-attack campaigns (APTs). Combined, these attacks compromised more than 4400 corporate sector targets in at least 55 countries worldwide–more than double the amount in 2013, which saw up to 1800 corporate targets discovered. This year also saw a number of fraud campaigns that resulted in losses totaling millions of dollars.
In 2014, organisations in at least 20 sectors were hit by advanced threat actors. The sectors include the public sector (government and diplomatic offices), energy, research, industrial, manufacturing, health, construction, telecoms, IT, private sector, military, airspace, finance, and media, among others. Cyber espionage actors stole passwords, files, and audio-streamed content; took screenshots; intercepted geolocation information; controlled web-cameras; and more. In several cases, it is likely that these attacks were performed by state-sponsored threat actors, such as the Mask/Careto and Regin campaigns. Others are likely to have been the result of professional cybercriminals organising ‘attacks-as-a-service,’ like HackingTeam 2.0, Darkhotel, CosmicDuke, Epic Turla, and Crouching Yeti.
Free eBook: Modern Retail Security Risk – Get your copy now.
A significant discovery was that of Regin: the first ever cyber-attack platform known to penetrate and monitor GSM networks in addition to other ‘standard’ spying tasks. Another important discovery was that of Darkhotel which targeted C-suite victims, including CEOs, Senior Vice Presidents, Sales and Marketing Directors, and top R&D staff when they stayed at dozens of luxury hotels worldwide, hunting for sensitive information on connected equipment. These two threat actors have been in operation for a decade, making them among the oldest on the APT scene.
“Targeted operations could mean disaster for the victim, resulting in the leak of sensitive information, such as intellectual property, compromised corporate networks, interrupted business processes, and the wiping of data. There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money,” said Alex Gostev, Chief Security Expert at the Global Research and Analysis Team at Kaspersky Lab.
In June 2014, Kaspersky Lab’s Global Research and Analysis Team reported on its research into an attack on the clients of a large European bank, which resulted in the theft of half a million euros in just one week.
In October, GReAT experts published the results of a forensic investigation into a new direct attack on ATMs in Asia, Europe, and Latin America. Millions of dollars were stolen from ATMs worldwide without the attackers requiring access to credit cards.
In the forecast for the next year, Kaspersky Lab’s experts expect to see further evolution of these ATM attacks, where APT techniques are used to gain access to the ‘brain’ of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real-time.
To watch Kaspersky Lab’s video “Game of cyber-thrones: attacks on the corporate sector and business executives in 2014,” please click here.
To read more about key events that have defined the threat landscape in 2014, please read the full report on the Securelist website.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.