Moscow, 12 December 2013: Corporations are progressively falling victims to cyber-attacks. According to a recently conducted survey courtesy, Kaspersky Lab and B2B International, 91% of the organizations polled, underwent a cyber-attack at least once in the preceding 12-month period, while 9% were head counted as being the victims of targeted attacks – which comes across as carefully planned activity aimed at infecting the network infrastructure of the specific organization. It is to be noted in here that these are just self-estimated calculations. The extensive use of digital devices in the business sphere has eked out the ideal conditions dramatically enough for cyber-espionage and the deployment of malware carrying the potential for stealing corporate data. The alarming statistics in here drives home the fact that these malicious programs at the offing may very soon replace wholly company insiders as the way of gathering precious information.
In this regard, the key corporate findings of the year read in the order, viz:
• Spyware-led attacks related to various governments were revealed
• Most of the cybercriminal incidents were aimed at stealing information
• Attacks on contractors were identified, instead of reaching big organizations
• New actors on the APT stage surfaced with cyber-mercenaries conducting cyber-espionage on demand
The Business year of 2013 witnessed some major disclosures about spyware-led attacks that were related, either directly or indirectly, to the activities of various governments’ agencies. Other significant actors on the corporate cyber threat scene were other Conglomerates that turned to cybercriminals to penetrate their competitors’ networks.
It can be seen that outsourced cybercriminal forces performed operations that were usually thrust towards stealing information with other such attacks being based on facets of sabotage – that included using malicious programs in order to wipe data or block infrastructure operations. Also, some special Trojan programs were capable of stealing money via online banking systems. Cybercriminals also helped compromise motley of corporate sites while redirecting visitors to malicious resources, damaging a company’s reputation in the process. Added to these devious developments, financial losses were caused by a DDoS attack, which can close down a company’s public-facing web resources for several days and in the wake of all this clients start looking for a more reliable company, which certainly results in long-term financial losses.
“Mass distribution of malicious programs can affect any company, even a small commercial organization, resulting in the loss of money and intellectual property. Cybercriminals are continuously improving their malware, using unconventional approaches and solutions, from so-called encryptors and shredders that spread like the plague in a corporate environment, to an army of zombies that devours every available resource on web servers and data transfer networks. In 2013 we also fixed first case of targeting supply chains – not being able to reach big organizations, cybercriminals get their ‘weak point’, compromising contractors, as in the Icefog attacks”, Vitaly Kamluk, Principal Security Researcher of Kaspersky Lab’s Global Research and Analysis Team, quipped.
Over the past few years, Kaspersky Lab’s experts have observed big and boisterous APT gangs all over the world targeting large numbers of organizations from almost all sectors. They cleaved and stayed in compromised networks for weeks and even months at a time, stealing every shred of information they could lay their hands unto. However, that approach stands less and less a chance of going unnoticed for long, damaging their prospects of success. That’s why a new emerging trend somewhat as a backup alternative is being seen: trivial hit-and-run gangs which from their quarter, attacks with surgical precision. They appear to know very well as to what they need from their victims. Basically, this kind of attackers arrive, steal what they want and then leave. In another addition to technological semantics and terminologies Kaspersky Lab’s experts have christened them as what is now known as “cyber-mercenaries” – that hails as an organized group of people conducting cyber-espionage/cyber-sabotage activities on demand, following the orders of anyone who pays them.
Icefog, which was discovered this autumn, seems to be a Case and an Instance at hand, reading as – an APT campaign in search of specifically required data. Manual analysis of the data stored in corporate networks was used with the assistance of remote-access technologies integrated into malware on infected workstations. Subsequently, the cybercriminals selected and copied the documents that they hunted. Kaspersky Lab’s analysts’ expect as well as prophesize this trend to grow in future, with more small groups of cyber-mercenaries available for hire to be able to perform surgical hit-and-run operations.
The infamous disclosures of 2013 could possibly lead to a kind of de-globalization and greater interest in creating national equivalents of global services. The advent of those new, national software products and services as delivered by local manufacturers may not be of the same quality as those of the larger international companies. The in – depth investigation of cyber-attacks suggests that the smaller and less experienced the software developer is, the more vulnerability will be found in its code. Thus preparing the ground for targeted attacks with execution of the same becoming easier and more effective with victims being no less than proverbial sitting ducks, that is.