The first three months of 2017 saw a sharp rise in the sophistication of nation-state backed cyber-attacks, with threat actors turning their attention to wipers, as well as financial crime. These and other trends covered in Kaspersky Lab’s first quarterly summary of its subscriber-only threat intelligence reports.
The new quarterly APT Trends reports will be freely available and will highlight significant developments in targeted attacks as well as emerging trends that demand immediate attention from business and other organizations. The content of the Q1 report is drawn from Kaspersky Lab experts’ observations of APT actors’ activity during the quarter.
Highlights in Q1, 2017 include:
· Wipers are being harnessed by targeted threat actors, both for cybersabotage and for deleting tracks after cyberespionage operations. An evolved generation of Wipers was used in the new wave of Shamoon attacks. The subsequent investigation led to the discovery of StoneDrill and its code similarities to the NewsBeef (Charming Kitten) group. A StoneDrill victim was found in Europe.
· Targeted attackers diversify into money theft. The long term tracking of the Lazarus group has identified a sub-group that Kaspersky Lab has called BlueNoroff, actively attacking financial institutions in different regions, including a high profile attack in Poland. BlueNoroff is believed to be behind the infamous Bangladesh Bank heists.
· Fileless malware is being used in attacks by both targeted threat actors and cybercriminals in general – helping to avoid detection and make forensic investigations harder. Kaspersky Lab’s experts have found examples in the lateral movement tools used in the Shamoon attacks, in attacks against Eastern European banks, and in the hands of a number of other APT actors.
“The targeted threat landscape is evolving constantly, and attackers are increasingly well-prepared, looking for and leveraging new gaps and opportunities. This is why threat intelligence is so important: it arms organizations with understanding and reveals the actions they need to take. For example, the threat landscape in Q1 highlights the need for memory forensics and incident response to combat fileless malware attacks, and security that can detect anomalies across the network’s ongoing activity,” said Juan Andres Guerrero-Saade, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky Lab’s Global Research and Analysis team currently tracks more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, the company’s expertise created 33 private reports for subscribers of its Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.