Wipers and fileless malware: The first three months of 2017 saw a sharp increase in digital sophistication attacks supported by states, with threat actors turning their attention to wipers, as well as financial crime.
These, as well as other trends, are covered in its first quarterly summary report Kaspersky Lab with data from the regular digital threat update reports it sends exclusively to its subscribers.
Η νέα τριμηνιαία αναφορά «APT Trends» θα είναι διαθέσιμη δωρεάν και θα επισημαίνει σημαντικές εξελίξεις στις στοχευμένες attacks, as well as emerging trends that require the immediate attention of businesses and organizations. The content of the first quarter report is drawn from the observations of Kaspersky Lab experts, who monitored the activity of APT operators during the first quarter
The key points of the first quarter of 2017 include:
- The wipers are exploited by targeted threat operators, both for digital sabotage and for tracing traces of digital espionage. An advanced generation of wipers was used in her new wave of attacks teamς Shamoon. Η έρευνα που ακολούθησε οδήγησε στην ανακάλυψη του StoneDrill και ομοιοτήτων στον κώδικα με αυτόν της teamς NewsBeef (Charming Kitten). Ένα θύμα του StoneDrill βρέθηκε στην Ευρώπη.
- Targeted attackers vary in how they steal money. The long-term monitoring of the Lazarus team identified a subgroup, which Kaspersky Lab called BlueNoroff and actively attacks financial institutions from different countries, including a high-intensity attack in Poland. BlueNoroff is believed to be behind the infamous robberies at bank of Bangladesh.
- The fileless κακόβουλο λογισμικό χρησιμοποιείται σε attacks τόσο από φορείς στοχευμένων επιθέσεων όσο και από ψηφιακούς εγκληματίες εν γένει – βοηθώντας στην αποφυγή του εντοπισμού τους αλλά και δυσκολεύοντας τις εγκληματολογικές έρευνες. Kaspersky Lab experts have found examples of lateral movement tools used in Shamoon attacks, attacks against banks in Eastern Europe and in the hands of a number of other APT operators.
"The landscape of targeted threats is constantly evolving and attackers are getting better prepared, looking for and exploiting new gaps and opportunities. That is why Information on Threats is so important: it embraces the organizations by understanding and reveals the actions they need to take. For example, the threats landscape for the first quarter highlights the need to track bad software footprints in memory and response to incidents to combat attacks fileless malware, and security that can detect anomalies throughout the network activity, Juan stated Andrew Guerrero-Saade, Senior Security Researcher of Kaspersky Lab's Global Research and Analysis Group.
Kaspersky Lab's Global Research and Analysis Team is currently monitoring over one hundred threatening agencies and sophisticated malware that target commercial and governmental organizations in more than 80 countries. During the first quarter of 2017, the company's know-how created 33 private reports for Information Service subscribers, with Compatibility Indicator data and YARA rules to help mark and hunt malicious software.