The first three months of 2017 saw a sharp rise in the sophistication of nation-state backed cyber-attacks, with threat actors turning their attention to wipers, as well as financial crime. These and other trends covered in Kaspersky Lab’s first quarterly summary of its subscriber-only threat intelligence reports*.
Highlights in Q117 Advanced Persistent Threat (APT) Trends report include:
· 'Wipers' are being harnessed by targeted threat actors, both for cybersabotage and for deleting tracks after cyberespionage operations. A wiper is malware that will erase data. An evolved generation of wipers was used in a new wave of Shamoon virus attacks. The subsequent investigation led to the discovery of StoneDrill and its code similarities to the NewsBeef (Charming Kitten) hacking group which has been linked to Iran. StoneDrill was initially targeting KSA.
· Targeted attackers diversify into money theft. The long term tracking of the shadowy Lazarus hacking group has identified a subgroup that Kaspersky Lab has called BlueNoroff, actively attacking financial institutions in different regions. BlueNoroff is believed to be behind the Bangladesh Bank heists.
· Fileless malware is being used in attacks by both targeted threat actors and cybercriminals in general – helping to avoid detection and make forensic investigations harder. Fileless malware exists only in memory instead of in storage, evading detection from security tools that focus on examining files in storage.
“The targeted threat landscape is evolving constantly, and attackers are increasingly well-prepared, looking for and leveraging new gaps and opportunities. This is why threat intelligence is so important: it arms organisations with understanding and reveals the actions they need to take. For example, the threat landscape in Q1 highlights the need for memory forensics and incident response to combat fileless malware attacks, and security that can detect anomalies across the network’s ongoing activity,” said Juan Andres Guerrero-Saade, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky Lab’s Global Research and Analysis team currently tracks more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organisations in over 80 countries. During Q117, the company’s expertise created 33 private reports for subscribers of its Intelligence Services, with indicators of compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
*The new quarterly APT Trends reports will be freely available and will highlight significant developments in targeted attacks as well as emerging trends that demand immediate attention from business and other organisations. The content of the Q1 report is drawn from Kaspersky Lab experts’ observations of APT actors’ activity during the quarter.
Highlights in Q117 Advanced Persistent Threat (APT) Trends report include:
· 'Wipers' are being harnessed by targeted threat actors, both for cybersabotage and for deleting tracks after cyberespionage operations. A wiper is malware that will erase data. An evolved generation of wipers was used in a new wave of Shamoon virus attacks. The subsequent investigation led to the discovery of StoneDrill and its code similarities to the NewsBeef (Charming Kitten) hacking group which has been linked to Iran. StoneDrill was initially targeting KSA.
· Targeted attackers diversify into money theft. The long term tracking of the shadowy Lazarus hacking group has identified a subgroup that Kaspersky Lab has called BlueNoroff, actively attacking financial institutions in different regions. BlueNoroff is believed to be behind the Bangladesh Bank heists.
· Fileless malware is being used in attacks by both targeted threat actors and cybercriminals in general – helping to avoid detection and make forensic investigations harder. Fileless malware exists only in memory instead of in storage, evading detection from security tools that focus on examining files in storage.
“The targeted threat landscape is evolving constantly, and attackers are increasingly well-prepared, looking for and leveraging new gaps and opportunities. This is why threat intelligence is so important: it arms organisations with understanding and reveals the actions they need to take. For example, the threat landscape in Q1 highlights the need for memory forensics and incident response to combat fileless malware attacks, and security that can detect anomalies across the network’s ongoing activity,” said Juan Andres Guerrero-Saade, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky Lab’s Global Research and Analysis team currently tracks more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organisations in over 80 countries. During Q117, the company’s expertise created 33 private reports for subscribers of its Intelligence Services, with indicators of compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
*The new quarterly APT Trends reports will be freely available and will highlight significant developments in targeted attacks as well as emerging trends that demand immediate attention from business and other organisations. The content of the Q1 report is drawn from Kaspersky Lab experts’ observations of APT actors’ activity during the quarter.
posted from Bloggeroid
No comments:
Post a Comment