Kaspersky Lab says that the number of corporate sector cyber attack targets more than doubled in 2014.
The security solutions vendor has undertaken a master review of the key events that defined the threat landscape in 2014.
Among a range of security incidents, targeted attacks and malicious campaigns stand out, particularly in terms of their scale and impact on businesses, governments, public and private institutions, it said.
Over the last 12 months, the company’s Global Research and Analysis Team (GReAT) reported on seven advanced persistent cyber-attack campaigns (APTs).
Between them, these accounted for more than 4,400 corporate sector targets in at least 55 countries worldwide.
2014 also saw a number of fraud campaigns that resulted in losses totaling millions of dollars, while the number of victims affected by targeted attacks in 2014 is 2.4 times that of 2013, when up to 1,800 corporate targets were discovered, Kaspersky Lab said.
It said that in 2014, organisations in at least 20 sectors were hit by advanced threat actors, including the public sector (government and diplomatic offices), energy, research, industrial, manufacturing, health, construction, telecoms, IT, private sector, military, airspace, finance and media, among others.
Cyberespionage actors stole passwords, files and audio-streamed content, took screenshots, intercepted geolocation information, controlled web-cameras, and more, Kaspersky Lab said.
It is likely that in several cases these attacks were performed by state-sponsored threat actors, while others are likely to have been the result of professional cyber-crews organising ‘attacks-as-a-service’.
In June 2014, Kaspersky Lab’s Global Research and Analysis Team reported on its research into an attack on the clients of a large European bank. The attack had resulted in the theft of half a million euros in just one week.
In October, GReAT experts published the results of a forensic investigation into a new direct attack on ATMs in Asia, Europe and Latin America. Millions of dollars were stolen from ATMs worldwide without the attackers requiring access to credit cards.
In the forecast for 2015, Kaspersky Lab’s experts expect to see further evolution of ATM attacks, where APT techniques are used to gain access to the ‘brain’ of cash machines.
“The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real-time,” the group said.