Kathy Gibson reports from Kaspersky Labs’ Cybersecurity conference in Baku – At least 2,2-billion cyber-attacks were experiences in the first quarter of 2016 – and significantly, at least 52% of users faced at least one infection attempt during the quarter.
In the Europe, middle East and Africa region, 132-million attacks took place, with 51% of users facing an attack attempt.
Importantly, says Ghareeb Saad, global research and analysis team at Kaspersky Lab, these figure are from people who are using an anti-virus solution.
Online infections are a fraction of the total, but 226-million computer users experienced attacks in the quarter, at 21% of users.
Just in the last month, close to 35% of users experienced attacks.
In South Africa, 36,9% of users experienced attacks overall, with 11,3% targeted through online attacks.
Online users tend to be a bit safer than general users, says Yury Namestnikov, global research and analysis team at Kaspersky Lab, because browsers tend to offer a bit more protection.
The main threat online is still the exploit kit, which targets users who visit infected web sites.
However, social networks are rapidly becoming the main threat. “Social networks are the size of small countries now; and people tend to trust each other,” Namestnikov says.
E-mails are also still a big threat, with up to 3% of mails still infected. “In fact, two of three attacks starts with people opening an email,” he says.
A little-considered but still massive attack vector is the USB – going strong for up to seven years and still popular.
Even users who behave safely are not necessarily safe, Saad warns. Even trusted sites can be compromised by drive-by attacks, usually I the form of “malvertising”.
“To stay safe from these attacks, users need to make sure they keep their browser and security up to date,” Saad says.
Unfortunately, there is very little protection against zero-day attacks, where cybercriminals find new ways of exploiting trusted applications.
“These are very expensive to buy on the black market,” Namestnikov says. “These people are in business, though, and they need to infect a lot of people to get a return on their investment.”
Because user don’t always update their computers regularly, and could miss patches released by the vendor, cybercriminals are able to exploit vulnerabilities that are known and have actually already been patched. “But there is still a window of opportunity when the user is not updated timeously.”
Some of the vulnerable applications exploited by cybercriminals include Adobe Flash Player, Adobe Reader, Android, Java, Microsoft Office and Internet browsers – the last one accounting for about 61% of exploits.
Ransomware is the most prolific threats in the region this last quarter. There were 3-million ransomware attacks around the world in the first quarter of 2016, says Saad – and 150 000 of these were in the Middle East, Turkey and Africa region.
The most popular ransomware is where files are deleted and the cybercriminal asks a company for an amount of money to recover them. The more dangerous type of ransomware is where files are encrypted and the user needs to pay a fine to receive the decryption password.
This cryptoware is growing quickly – it’s very effective for cybercriminals, say Saad. In 2015, close to 7 000 versions of cryptoware were in use.
Locky was very active for about 10 days in February, but has since largely disappeared, Saad says. However, South Africa was among the top most infected countries, with 182 users identified.
Point of sale malware is also growing rapidly and, as the move to bank cards grows around the world, it is becoming more popular.
“Point of sale is just another computer,” says Namestnikov. “The malware then just scans the computer and looks for the credit card information from shoppers.
“They don’t even need to infect thousands of users: they just infect one computer and get the information from thousands of cards.”
He cites the example of cybercriminals using information on a credit card in conjunction with an infected POS device to infect a major bank.
“ATMs are also just another type of computer,” Namestnikov adds. “Without even touching the ATM – just by sending an SMS – a cybercriminal can get money from an ATM.”
As gaming rises in popularity, these platforms are becoming popular attack platforms. “As soon as there is money involved, there will be attacks,” says Saad. “”And there are already a number of threats on gaming platforms.”
Steam Stealer is one that is through to be quite new and is moving rapidly around the world.
Mobile devices are a rich target for cybercriminals – users keep all details of their lives on their mobile devices, including both business and personal information.
“If they want to steal anything, they need to get on to your mobile,” says Saad.
In 2015, Kaspersky Lab detected 2,96-million mobile attacks, most of it on the Android platform (98,05%). “However, this doesn’t mean that other operating systems are super-secure,” says Name.
“Remember, every Apple user has an iCloud account that is connected through login and password security. This is very easy to hack.”
Infected applications can also find their way on to application stores.
The same threats that are seen on PCs are now present on mobile.
The Interne of Things (IoT) is the next big threat landscape, with smart cars a classic example of connected devices that are open to threats.
“Cat-makers have done a great job in making cars smart. Unfortunately, you cannot update your car software yourself, but have to go to a car dealer to get it done,” says Namestnikov. “So it’s very easy to get infected but it’s not that easy to stay protected.”
Routers are a very persistent threat, he adds. “Users don’t notice anything if there is a threat. But because all traffic goes through the device, there is a lot of information that can be threatened.
“There is a huge opportunity to build a safer Internet if we can get router security right.”