Connect with us

Hi, what are you looking for?

HEADLINES

Key security incidents that shaped threat landscape in 2013

Some of the revelations of the past year raised questions about the way the Internet is used nowadays and the type of risks faced by users, according to Kaspersky Lab.

Some of the revelations of the past year raised questions about the way the Internet is used nowadays and the type of risks faced by users, according to Kaspersky Lab.

In 2013, advanced threat actors have continued large-scale operations and cyber-mercenaries, specialist APT groups “for hire” which focus on hit-and-run operations have emerged.

Hacktivists were constantly in the news, together with the term “leak”, which is sure to put fear into the heart of any serious sys-admin out there.

In the meantime, cybercriminals were busy devising new methods to steal money or Bitcoins.

Privacy loss: Lavabit, Silent Circle, NSA and the loss of trust
No ITSec overview of 2013 would be complete without mentioning Edward Snowden and the wider privacy implications of his revelations, says Kaspersky.

One of the first visible effects was the shutdown of encrypted e-mail services such as Lavabit and Silent Circle. The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies.

Advertisement. Scroll to continue reading.

Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST.

New “old” cyber-espionage campaigns: up to 1800 victim organizations in 2013
The majority of the cyber-espionage campaigns that Kaspersky Lab’s analysts have seen were designed to steal data from governmental agencies and research institutions – Red October, NetTraveler, Icefog and MiniDuke all behave this way.

The most widespread campaign of the year was NetTraveler espionage which affected victims from 40 countries all over the world.

For the first time ever, cybercriminals harvested information from mobile devices connected to the victims’ networks – clear recognition of importance of mobile to hackers.

Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the human’. They employed spear-phishing to get an initial foothold in the organizations they targeted.

“We predicted 2012 to be revealing and 2013 to be eye opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organization or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects,“ said Costin Raiu, Kaspersky Lab’s Director of the Global Research and Analysis team (GReAT).

“Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets. This point was amply illustrated by Icefog attacks this year,“ he added.

Advertisement. Scroll to continue reading.

Raiu also said that, “They were part of an emerging trend that appeared in 2013 – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks. Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge.”

Stealing money, either by directly accessing bank accounts or by stealing confidential data, is not the only motive behind security breaches.

They can also be launched to undermine the reputation of the company being targeted, or as a form of political or social protest. Ongoing hacktivist activities have continued this year as well.

‘Anonymous’ group has claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments.

Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW.

For those with the relevant skills, it became easier to launch an attack on a web site than it is to coordinate the real-world protests.

Bitcoins ruling the world
The Bitcoin system was implemented back in 2009. In the beginning, this crypto currency was used by hobbyists and mathematicians.

Advertisement. Scroll to continue reading.

Soon, they were joined by others, mostly ordinary people, but also cybercriminals and terrorists. They provide an almost anonymous and secure means of paying for goods. In the wake of surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment. And it is gaining popularity like in November 2013, the mark surpassed the $400 for one Bitcoin.

According to Kaspersky, the methods used by cybercriminals to make money from their victims are not always subtle. Apart from Bitcoins, which could potentially be stolen, ‘ransomware’ programs became a popular means of making easy money, cybercriminals block access to a computer’s file system, or encrypt data files stored on the computer. Then they warn users that they must pay in order to recover their data. This was the case with the Cryptolocker Trojan. The cybercriminals give their victims only three days to pay up, accepting different forms of payment, including Bitcoin.

Advertisement
Advertisement

Like Us On Facebook

You May Also Like

SOFTWARE

MicroWorld's latest offering aims to reinvent cybersecurity in the face of an ever-evolving threat landscape, especially in light of the ongoing pandemic. The cyber...

HEADLINES

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums,...

HEADLINES

The vast majority (70%) of all IT teams said the number of phishing emails hitting their employees increased during 2020. This rose to 82%...

HEADLINES

According to WorldRemit, there are four industry-wide scams that Filipinos should be aware of this 2021: “email scams, online dating scams, shopping scams and...

HEADLINES

Among messenger services, users are most concerned with the WhatsApp security level - the share of requests about its security policy was 13.9%.

HEADLINES

Ransomware has become a modern epidemic, hitting government, hospitals, schools and private enterprises and any other targets deemed vulnerable to extortion and capable of...

HEADLINES

Data acquired by Finbold projects that the number of VPN downloads globally will hit 1.05 billion in 2021. The projection represents a growth of 70.45% from...

HEADLINES

The new version of Kaspersky Endpoint Security for Linux hardens defenses from exploits and ransomware attacks. It also extends protection for DevOps with support...

Advertisement