Over the last 12 months, the company’s Global Research and Analysis Team (GReAT) has reported on seven advanced persistent cyber-attack campaigns (APTs). Combined, these attacks compromised more than 4400 corporate sector targets in at least 55 countries worldwide: more than double the amount in 2013, which saw up to 1800 corporate targets discovered. This year also saw a number of fraud campaigns that resulted in losses totaling millions of dollars.
Cyber espionage
In 2014, organisations in at least 20 sectors were hit by advanced threat actors. The sectors include the public sector (government and diplomatic offices), energy, research, industrial, manufacturing, health, construction, telecoms, IT, private sector, military, airspace, finance and media, among others. Cyber espionage actors stole passwords, files and audio-streamed content, took screenshots, intercepted geolocation information, controlled web-cameras, and more. In several cases, it is likely that these attacks were performed by state-sponsored threat actors, for example the Mask/Careto and Regin campaigns. Others are likely to have been the result of professional cybercriminals organising ‘attacks-as-a-service’, for example, HackingTeam 2.0, Darkhotel, CosmicDuke, Epic Turla, and Crouching Yeti.
A significant discovery was that of Regin: the first ever cyber-attack platform known to penetrate and monitor GSM networks in addition to other ‘standard’ spying tasks. Another important discovery was that of Darkhotel which targeted C-suite victims, including CEOs, Senior Vice Presidents, Sales and Marketing Directors and top R&D staff when they stayed at dozens of luxury hotels worldwide, hunting for sensitive information on connected equipment. These two threat actors have been in operation for a decade, making them among the oldest on the APT scene.
“Targeted operations could mean disaster for the victim: resulting in the leak of sensitive information, such as intellectual property, compromised corporate networks, interrupted business processes, and the wiping of data. There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money,” said Alex Gostev, Chief Security Expert at the Global Research and Analysis Team at Kaspersky Lab.
Fraud operations
In June 2014, Kaspersky Lab’s Global Research and Analysis Team reported on its research into an attack on the clients of a large European bank, which resulted in the theft of half a million euros in just one week.
In October, GReAT experts published the results of a forensic investigation into a new direct attack on ATMs in Asia, Europe and Latin America. Millions of dollars were stolen from ATMs worldwide without the attackers requiring access to credit cards.
In the forecast for the next year, Kaspersky Lab’s experts expect to see further evolution of these ATM attacks, where APT techniques are used to gain access to the ‘brain’ of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real-time.