Kaspersky Lab reviews the malware situation in Q3

An extremely dangerous vulnerability known as Bash/ShellShock dominated the newsfeeds in Q3. The IT security community issued a red alert: Bash is easily exploited, providing full access to the operating system on popular devices – routers, wireless access points etc. In addition to this incident, Kaspersky Lab’s Global Research and Analysis Team discovered two cyber-espionage campaigns that hit more than 2,800 high-profile targets in more than 45 countries across the globe. As for non-targeted mass attacks, their geographical distribution is becoming truly global. Attacks by mobile malware alone were detected in 205 countries.

Q3 in figures

Over a billionmaliciousattackswereblockedonthe computersandmobiledevicesofKasperskyLabusers– 33.1% more than in the previous quarter.

• Twocyber-espionagecampaigns – Crouching YetiandEpic Turla – affectedhigh-profilevictimsinatleast10 industries, suchas government institutions, embassies, military, research organizations and IT companies.
• About110 millionunique URLsthattriggeredwebantivirusdetectionswererecorded – 31% morethaninQ2.
• 74,500newmobilemalwaresampleswereaddedto Kaspersky Lab’scollection. Thisis14.4% more than in Q2.
• Over 7,000mobilebankingTrojansweredetected – 3.4 times more than in the previous quarter.
• BankingTrojanattacksweredetectedin70 countries, compared with 31 countries in Q2.

“InQ3, webantivirusmodules weretriggeredatleastonceonthecomputersofalmostonethirdofInternetuserswhile theyweresurfingtheWeb. Thisfigurehasbeenfallingforayear: inQ3 2013 itwas34.1%, in Q1 2014 it fell to 33.2% and starting from Q2 it ‘froze’ at 29.5%. Thisisduetoanumberoffactors. First, browsersandsearchenginesstarted helping to combat malicious sites. Second, there were fewer attacks involving exploit packs following the arrests of several developers. However, it would be naïve to expect the use of exploits to go down sharply: exploits remain the malware delivery method of choice in the case of targeted attacks,”saidMariaGarnaeva, SecurityResearcheratGlobalResearchandAnalysisTeam, KasperskyLab.

Q3: good news

Kaspersky Lab contributed to an alliance of law enforcement and industry organizations, co-ordinated by Britain’s National Crime Agency (NCA), to disrupt the infrastructure behind the Shylock Trojan. Like other well-known banking Trojans – Zeus, SpyEye and Carberp– Shylock is a man-in-the-browser attack designed to steal banking login credentials from the computers of bank customers. In effect, it diverts money from users’ bank accounts into the pockets of cybercriminals.

How an expert hacked his own home

One of Kaspersky Lab’s security researchers investigated his own home to determine whether it was really cyber-secure. He looked at several devices, including network-attached storage (NAS) devices and his smart TV, router and satellite receiver, to see if they were vulnerable to cyber-attack. The results were striking. The security researcher found 14 vulnerabilities in the network-attached storage devices, one in the smart TV and several potentially hidden remote control functions in the router.

Countries from which web attacks originated

There are major changes in the main sources of web attacks. InQ2 thetopfivepositionsintherankingwereoccupiedbyGermany, theUS, theNetherlands, RussiaandCanada, respectively.InQ3 theUSmadeabigleap (+11.2 pp), landing in the top position with 33%.Germanydroppedtothirdplace (13.5%) and the Netherlands moved into second place(18%).Ukrainereached fifthplace (4%), pushing Canada out of the Top 5.Russiaremainedinfourthpositionwith 9%.

The full version of the Q3 report on cyberthreats is available on the Securelist website. An interactive cyberthreat map that visualizes cyber security incidents occurring worldwide in real time is available here.