In its Q3 IT Threat Evolution report, Kaspersky Lab revealed key security incidents of the quarter, including the latest on the Philippines’ cybersecurity threat landscape.
Using statistics from the Kaspersky Security Network (KSN), which obtains information from millions of Kaspersky Lab product users in 213 countries, the report sheds light on the increase in mobile threats, the attempted theft of money from online bank accounts and targeted cyberattacks in the evolving threat landscape.
“The developments in Q3 demonstrate that the global threat landscape is continuing to evolve at a fast pace. Malicious mobile programs are on the rise and in countries where online banking is popular, people are at considerable risk from Trojans looking to target them,” said David Emm, principal senior security researcher at Kaspersky Lab’s Global Research and Analysis team. “With 5.6 million cases of attempted theft from online bank accounts, and cybercriminals continually developing sophisticated attacks, the use of high quality cybersecurity products has never been more important. It’s vital that all those using the Internet – both individuals and organizations – protect themselves from these growing threats.”
Over 300,000 (exactly 323,374) new malicious mobile programs were detected by Kaspersky Lab mobile security products in Q3. This is a 10.8% increase on Q2 2015 and a 3.1-fold increase since Q1 2015. There were more than 1.5 million malicious packages installed on mobiles during the quarter, 1.5 times more than in the previous quarter.
Displaying adverts to users has remained the main method of making money from mobile threats. During the quarter, Kaspersky Lab observed a growing number of programs that used advertising in this way.
They often root the device of a victim and use superuser (admin) privileges, making it very difficult to combat them. In Q3 2015, these Trojans accounted for more than half the most popular mobile malware.
Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
In Q3 2015, Kaspersky Lab’s solutions blocked almost 626,000 attempts to launch malware capable of stealing money via access to users’ online banking. This number is 17.2% lower than in the second quarter of the year, although it is a 5.7% increase since Q3 2014.
During the quarter, there were 5.68 million notifications about attempted malware infections to steal money from users via online access to bank accounts.
In Q3 2015, users in Austria were attacked by banking Trojans more than any other region – 5% of all Kaspersky Lab users in Austria faced this threat during the quarter. Singapore, last quarter’s leader, was moved to second place (4.2%) and 3% of users in Turkey were under threat (third).
Most of the countries in the top 10 have significant numbers of online banking users, attracting cybercriminals. Of the malware used to target online banking users, Trojan-Downloader.Win32.Upatre was the most prevalent, being used in 63.1% of attacks in an attempt to steal users’ payment details.
In Q3, the Kaspersky Lab Global Research and Analysis Team (GReAT) researched a number of sophisticated cyberespionage campaigns.
Among others, these included investigating the Turla group, which makes use of satellite communications to manage its command-and-control servers’ traffic for subsequent operations, the Darkhotel APT, which infiltrates hotel Wi-Fi networks to place backdoors on target computers, and the Blue Termite APT, which focuses on stealing information from organizations in Japan.
Kaspersky Lab also worked on a joint investigation with the Dutch National High Tech Crime Unit (NHTCU) and Panda Security, resulting in the arrest of two suspects, who are believed to be involved in the CoinVault ransomware attacks.
According to KSN data, Kaspersky Lab solutions detected and repelled a total of 235.4 million malicious attacks from online resources located all over the world. This is 38% lower than in Q2.
Over 75 million (exactly 75.4 million) unique URLs were recognized as malicious by web antivirus components. This is 16% higher than in Q2.
Kaspersky Lab’s web antivirus detected 38.2 million unique malicious objects: scripts, exploits, executable files, etc. This is 46.9% higher than in Q2.
There were 5.68 million registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.
Kaspersky Lab’s file antivirus detected a total of 145 million unique malicious and potentially unwanted objects.
Kaspersky Lab mobile security products also detected: 1.6 million malicious installation packages; 323,374 new malicious mobile programs; and 2516 mobile banker Trojans.
The Philippines also experienced a rapid rise in detected malware infections according to the latest security report from Kaspersky Lab. KSN reports for July, August and September showed the country is now the 33rd most-attacked country in the world. The Philippines climbed up 10 notches up from 43rd place during the second quarter of 2015 and is now in the 33rd spot out of 213 countries included in the report.
The recent global security report also showed 17% of Filipino users are infected by malicious programs detected by Kaspersky Lab products, two percent higher compared to second quarter’s 15%.
“Kaspersky Lab’s report revealed a rapid increase in number of malware infections against Filipino users during the third quarter of 2015. From 43rd place to 33rd place in just three months, this shows that cyberattacks against the Philippines are accelerating at full speed. The Philippines may not be one of the top targets yet, but there is no doubt that cybercriminals are now noticing the country,” said Jimmy Fong, channel sales director of Kaspersky Lab Southeast Asia.