subscribe: Daily Newsletter

 

Unpacking the growing malware threats

0 comments

Kathy Gibson reports from Kaspersky Labs’ conference in Lisbon – The threat of malware attacks on corporates and states is growing in 2015. While the first advanced persistent threats (APTs), Stuxnet, was detected in 2010, four new APTs have already been already recorded in 2015.The bulk of malware attacks is still on the individual user, however, with up to three new attacks being launched every second of every day – for a total of 350 000 per day.

However, Sergey Novikov, deputy director of Kaspersky Lab, points out that the threat to corporates and states is growing rapidly.

In the first quarter of 2015 there were about 2,1-billion cyber-attacks globally, with about 130-million in the Middle East, Turkey and Africa region alone.

Amin Hasbini, senior security research Kaspersky Lab Middle East, points out that the bulk of attacks in the region are still delivered via removable devices and local networks, accounting for about 70% of attacks.

South Africa is relatively well off compared to the rest of the region, with the number of threats at between 29% and 37%.

Online infections are growing, though, with about 32-million recorded in the region during the first quarter, the bulk of them being via e-mail attacks.

These threats include drive-by downloads as the most common form of attack, but phishing is still prevalent, as is social engineering via social networks.

The online threat level in South Africa is between 12% and 17%, again far below other countries in the region. And, encouragingly, the average global Internet threat level decreased two percentage points in the first quarter of 2015.

In META, most malware originates in Turkey (which is also 24th in the world), then South Africa (57th globally), United Arab Emirates (58 in the world), Egypt (75 in the world) and Kenya (80 in the world). This is generally because these are the countries that have the best infrastructure to be able to launch attacks, Hasbini says.

Most of the vulnerable applications are in Java at 90,53%, followed by the other platforms at much lower rates, he adds.

For the year ahead, Hasbini says that ransomware is set to become a major problem for companies, governments and individuals in the META region. “It is quite popular and we are already working on a number of instances of ransomware,” he says.

Ransomware is where files on the user’s devices are encrypted, and the cyber-criminals then ask for money to decrypt them. “And it is military grade encryption so you have to get the key from the attackers in order to get your data back,” Hasbini says. “Even police in the US have paid the ransom to get the keys.”

Point of sale (POS) malware is also becoming popular, targeting some of the major trade institutions around the world. This allows criminals to steal credit card details from the retailers’ customers and is becoming a major problem.
“In addition, mobile malware is growing,” Hasbini says. “We are using more smart devices, and keeping a lot of sensitive information on these devices, so there are more attacks.

“In 2015 we are seeing massive growth of mobile malware, which is increasing even faster than PC malware. And 99% of all mobile malware is specifically on Android devices.”

In addition, cyber-criminals and using location-based services to see exactly where their victims are geographically.

One of the main trends coming into its own in 2015 is advanced persistent threats (APTs). “These are focusing not only on home users, but on cyber espionage as well; and these attacks are taking place on a daily basis.”
Already in 2015, Kaspersky Labs has seen four major APT campaigns come to light.

“APT is set to be the main trend in 2015 and we are seeing more cyber espionage and states attacks,” says Novikov.

South African companies are still experiencing the most attacks from spam (68% of organisations), viruses and malware (64%), phishing (41%) and network intrusion (13%). In terms of internal threats, they are concerned about vulnerabilities (35%); accidental leaks by staff (24%); loss or theft of mobile devices (36%); intentional leaks (24%); data leaks on mobile devices (20%); and fraud by staff (29%).

Novikov says there are three main strategies that should be adopted to help minimise the threats.

“The first, of course, is education at different levels in the organisations, at schools and universities,” he says. “You can have the best technology in the world, the weakest link is the social factor.”

The second strategy is to establish processes, both inside the organisation and also at a legislative and compliance level, working with law enforcement and having all the rules and policies properly set up.

“The third strategy is to implement the best, up to date and modern technologies,” Novikov says.