Wipers and fileless malware: The first three months of 2017 saw a sharp increase in the sophistication of state-sponsored digital attacks, with threat actors turning their attention to wipers as well as financial crime. 
These, as well as other trends, are covered in Kaspersky Lab's first quarterly summary of data from regular threats to digital threats sent exclusively to its subscribers.
The new quarterly APT Trends report will be available for free and will highlight significant developments in targeted attacks as well as emerging trends requiring direct attention from businesses and organizations. The content of the first quarter report draws on the observations made by Kaspersky Lab specialists who monitored the activity of APT in the first quarter
The key points of the first quarter of 2017 include:
- The wipers are exploited by targeted threat operators, both for digital sabotage and for tracing traces of digital espionage. An advanced generation of wipers was used in the new wave of group attacks Shamoon. The research which followed led to the discovery of StoneDrill and similarities in the code to that of the NewsBeef (Charming Kitten) group. A StoneDrill victim was found in Europe.
- Targeted attackers differ in how they steal money. The long-term monitoring of the Lazarus team identified a subgroup, which Kaspersky Lab called BlueNoroff and is actively attacking financial institutions from different countries, including a high-intensity attack in Poland. BlueNoroff is believed to be hiding behind the infamous robbery at a bank in Bangladesh.
- The fileless malware is used in attacks by both targeted attackers and digital criminals in general - helping to prevent them from locating them and making it difficult for criminal investigations. Kaspersky Lab experts have found examples of lateral movement tools used in Shamoon attacks, attacks against banks in Eastern Europe and in the hands of a number of other APT operators.
“The targeted threat landscape is constantly evolving and attackers are increasingly better prepared, looking for and exploiting new gaps and opportunities. This is why Threat Intelligence is so important: it "embraces" organizations with understanding and reveals the actions they need to take. For example, the QXNUMX threat landscape highlights the need for in-memory malware detection and incident response to combat attacks fileless malware, and security that can detect anomalies throughout the network activity, said Juan Andres Guerrero-Saade, Senior Security Researcher of Kaspersky Lab's Worldwide Research and Analysis Group.
Kaspersky Lab's Global Research and Analysis Team currently monitors over a hundred threat actors and sophisticated malware functions targeting commercial and government organizations in more than 80 countries. During the first quarter of 2017, the company's expertise generated 33 private reports for Intelligence Services subscribers, with Indicators of Compromise data and YARA rules to help signalknowledge and malware hunting.
