Exploit This

Security News, Exploits, and Vulnerabilities.

Financial cyberthreats in 2016

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used.

Holiday 2016 financial cyberthreats overview

Last November we conducted a brief analysis of the threat landscape over the holiday period – from October to December in 2014 and 2015. And we made the following prognosis: the same holiday period in 2016 will see a spike in cyberattacks. Now that the holidays are over, it is time to find out how accurate that prediction was.

DDoS attack on the Russian banks: what the traffic data showed

From November 8 to 12, websites of some of the largest Russian banks fell victim to heavy DDoS attacks. Initially, it was no indication of anything unusual – all well-known banks get attacked from time to time – but further developments have evolved in the manner that allowed us to suggest a high level of organization in regards to the series of attacks.

IT threat evolution Q3 2016. Statistics

The most popular mobile Trojan in the third quarter of 2016 was Trojan-Banker.AndroidOS.Svpeng.q. During the quarter, the number of users attacked by it grew almost eightfold.

IT threat evolution Q3 2016

Trojan-Ransom.AndroidOS.Fusob.h remained the most popular mobile Trojan-Ransomware in the third quarter, accounting for nearly 53% of users attacked by mobile ransomware.

IT threat evolution in Q2 2016. Statistics

In the second quarter of 2016, Kaspersky Lab’s web antivirus detected 16,119,489 unique malicious objects: scripts, exploits, executable files, etc. 54,539,948 unique URLs were recognized as malicious by web antivirus components.

IT threat evolution in Q2 2016. Overview

Bankers and encryptors, ransomware and spyware, old and new exploits; APT attacks, ATM infection, spear phishing and fraud targeting large numbers of users – cybercriminals continue their hunt for money and information

SMiShing and the rise of mobile banking attacks

Brazilian cybercriminals are clearly setting their sights on users of mobile banking, with a huge rise in incidents registered in the country over the last two years. In order to carry out these attacks they are using SMiShing (phishing via SMS) and registering new mobile phish domains created especially for this purpose.

Lurk Banker Trojan: Exclusively for Russia

We have written about this banker Trojan before. It caught our attention almost as soon as it appeared because it used a fileless spreading mechanism – malicious code was not saved on the hard drive and ran in memory only. However, until now no detailed description of Lurk had been published.

IT threat evolution in Q1 2016

2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics.

%d bloggers like this: