The exhibition "Kaspersky Security French Newsletter Overall Statistics"For 2015 highlights a new trend. For the first time, the mobile devices banking threats are among 10's top malware programs that have been deployed for money laundering. Two "Families" mobile banking Trojan - Faketoken and Marcher - found 2015 among 10's top bankers Trojan. Another remarkable and worrying trend for the year is the rapid expansion of ransomware programs. Kaspersky Lab has identified this trend in 200 countries and 2015 regions.
The main trends characterizing the activity of digital criminals 2015 also included the following:
- Seeking ways to minimize the risk of criminal prosecution, digital criminals have "gone" from malware attacks to aggressive adware distribution. 2015, adware programs accounted for 12 from 20 leading online threats, while ad programs were recorded on 26,1% of user computers.
- Kaspersky Lab noticed the use of exploit, shellcode and payload techniques as digital criminals sought to make identification of "infections" and malicious code analysis more difficult. In particular, digital criminals have used it the Diffie-Hellman encryption protocol and covered exploit packages on Flash objects.
- Digital criminals actively used Tor anonymization to hide command servers, and they also used Bitcoins to trade.
The mobile devices banking threats mature
2015, two Mobile Banking Trojan families (Faketoken and Marcher) were ranked among 10's top "families" of financial malicious programs. Marcher's "family" programs are in the forefront of payment details on Android devices. In particular, once a device has infected, these programs can detect the launch of two apps, a European bank mobile banking app and Google Play. When the user launches this app or Google Play, the Marcher displays a "fake window" asking for the credit card details, which then end up with the scammers. The projects of the Faketoken family are working in "collaboration" with Trojan computers. Specifically, programs deceive the user, who is required to install an application on his smartphone. In fact, the application is a Trojan that subverts the one-time verification code (mTAN).
"This year, digital criminals devoted time and resources to developing malicious financial programs for mobile devices. This is no surprise, as millions of people around the world use it smartphone them to pay for services and goods. Based on current trends, we can assume that malware targeting services and solutions mobile devices banking, will represent an even greater part of the landscape of economic threats in the next year"He said Yury Namestnikov, Senior Security Researcher at the Worldwide Research and Analysis Group Kaspersky Lab.
Οι «παραδοσιακές» οικονομικές απειλές δεν έχουν μειωθεί. Ωστόσο, οι λύσεις της Kaspersky Lab κατάφεραν να εμποδίσουν σχεδόν δύο εκατομμύρια (1.966.324) απόπειρες εγκατάστασης κακόβουλου λογισμικού ικανού να κλέψει money via online banking in 2015. This size is increased by 2,8% compared to 2014 (1.910.520).
His "detraction" ZeuS
The numerous modifications of ZeuS, the most widely used malware "family", were "dethroned" by the Dyre/Dyzap/Dyreza malware. Over 40% of those affected by banking Trojans in 2015 were attacked by Dyreza, which used an effective Internet penetration method to steal the data and access online banking systems.
The global nightmare of the programs ransomware
2015, ransomware programs quickly expanded their presence on new platforms. One in six attacks (17%) ransomware is now an Android device, just one year after the platform was first spotted for such programs. Kaspersky Lab experts identified two key trends in the ransomware field during 2015. The first is that the total number of users attacked by encryption ransomware increased to almost 180.000, a size increased by 48,3% compared to 2014. Secondly, in many cases, "cryptographers" become multifunctional, providing, in addition to encryption, functions designed to steal data from the victims' computers.
The geography of online attacks
Kaspersky Lab statistics show that digital criminals prefer to operate and use hosting services in different countries, where the hosting market is particularly developed. 80% of the attack notifications blocked by antivirus functions were received from online resources located in 10 countries. The list of the top three countries where online resources were attacked by malware software remained unchanged compared to the previous year (USA with 24,2%, Germany with 13% and the Netherlands with 10,7%).
The full version of the report is available on the site Securelist.com.
On the same site the total statistics for 2014 are also available.