Connect with us

Hi, what are you looking for?

HEADLINES

Key security incidents that shaped threat landscape in 2013

Some of the revelations of the past year raised questions about the way the Internet is used nowadays and the type of risks faced by users, according to Kaspersky Lab.

Some of the revelations of the past year raised questions about the way the Internet is used nowadays and the type of risks faced by users, according to Kaspersky Lab.

In 2013, advanced threat actors have continued large-scale operations and cyber-mercenaries, specialist APT groups “for hire” which focus on hit-and-run operations have emerged.

Hacktivists were constantly in the news, together with the term “leak”, which is sure to put fear into the heart of any serious sys-admin out there.

In the meantime, cybercriminals were busy devising new methods to steal money or Bitcoins.

Advertisement. Scroll to continue reading.

Privacy loss: Lavabit, Silent Circle, NSA and the loss of trust
No ITSec overview of 2013 would be complete without mentioning Edward Snowden and the wider privacy implications of his revelations, says Kaspersky.

One of the first visible effects was the shutdown of encrypted e-mail services such as Lavabit and Silent Circle. The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies.

Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST.

New “old” cyber-espionage campaigns: up to 1800 victim organizations in 2013
The majority of the cyber-espionage campaigns that Kaspersky Lab’s analysts have seen were designed to steal data from governmental agencies and research institutions – Red October, NetTraveler, Icefog and MiniDuke all behave this way.

The most widespread campaign of the year was NetTraveler espionage which affected victims from 40 countries all over the world.

Advertisement. Scroll to continue reading.

For the first time ever, cybercriminals harvested information from mobile devices connected to the victims’ networks – clear recognition of importance of mobile to hackers.

Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the human’. They employed spear-phishing to get an initial foothold in the organizations they targeted.

“We predicted 2012 to be revealing and 2013 to be eye opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organization or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects,“ said Costin Raiu, Kaspersky Lab’s Director of the Global Research and Analysis team (GReAT).

“Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets. This point was amply illustrated by Icefog attacks this year,“ he added.

Raiu also said that, “They were part of an emerging trend that appeared in 2013 – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks. Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge.”

Advertisement. Scroll to continue reading.

Stealing money, either by directly accessing bank accounts or by stealing confidential data, is not the only motive behind security breaches.

They can also be launched to undermine the reputation of the company being targeted, or as a form of political or social protest. Ongoing hacktivist activities have continued this year as well.

‘Anonymous’ group has claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments.

Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW.

For those with the relevant skills, it became easier to launch an attack on a web site than it is to coordinate the real-world protests.

Advertisement. Scroll to continue reading.

Bitcoins ruling the world
The Bitcoin system was implemented back in 2009. In the beginning, this crypto currency was used by hobbyists and mathematicians.

Soon, they were joined by others, mostly ordinary people, but also cybercriminals and terrorists. They provide an almost anonymous and secure means of paying for goods. In the wake of surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment. And it is gaining popularity like in November 2013, the mark surpassed the $400 for one Bitcoin.

According to Kaspersky, the methods used by cybercriminals to make money from their victims are not always subtle. Apart from Bitcoins, which could potentially be stolen, ‘ransomware’ programs became a popular means of making easy money, cybercriminals block access to a computer’s file system, or encrypt data files stored on the computer. Then they warn users that they must pay in order to recover their data. This was the case with the Cryptolocker Trojan. The cybercriminals give their victims only three days to pay up, accepting different forms of payment, including Bitcoin.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

HEADLINES

As the year 2024 draws to a close, cybersecurity solutions provider Fortinet unveiled predictions that expect hackers will leverage as well as trends that...

Advertisement