In its latest report, experts at Kaspersky Lab analysed the development of IT threats in the first quarter of 2013, highlighting new incidents, and the return of a few old suspects.
The first three months of the year turned out to be full of incident, especially when it came to cyberespionage and cyberweapons.
At the start of 2013, Kaspersky Lab published a major report with the results of a study into a five-year programme of global cyberespionage operations. The operation was dubbed Red October.
These attacks targeted various government agencies, diplomatic organisations and companies around the world. In addition to workstations, Red October was also capable of stealing data from mobile devices, gathering data from network equipment, collecting files from USB drives, stealing email databases from local Outlook archives or from remote POP/IMAP servers and extracting files from local FTP servers on the Internet.
In February a new malicious programme, dubbed MiniDuke, appeared on the scene. It penetrated systems using a 0-day vulnerability in Adobe Reader (CVE-2013-0640).
MiniDuke’s victims turned out to be government agencies located in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland, as well as a research organisation in Hungary, and a research institute, two scientific research centers and a medical facility in the US. In total, 59 victims in 23 countries were detected.
February also saw the publication of an extensive PDF report by Mandiant on a series of attacks launched by a group of Chinese hackers going by the name of APT1. Mandiant states that APT1 appears to be a division of the Chinese army.
Following on in late February, Symantec published a study on a newly identified “old” version of Stuxnet — Stuxnet 0.5.
The first quarter of 2013 also saw more targeted attacks against Tibetan and Uyghur activists. The attackers appeared to be using everything at their disposal to achieve their goals, and users of Mac OS X, Windows, and Android were subjected to attacks, Kaspersky Lab said.
“Back in 2011, we witnessed mass hacks of several companies and some major leakage of users’ data. It might seem like these attacks came to nothing — but not so,” Kaspersky Lab said.
The group noted that cybercriminals remain as interested as ever in hacking large companies and getting their hands on confidential data, including user information. In the first quarter of 2013 victims included Apple, Facebook, Twitter, and Evernote, among others.
The mobile threat front was also full of incident in Q1 2013. January may have been a quiet month for mobile virus writers, but over the next two months Kaspersky Lab detected in excess of 20,000 new mobile malware modifications, which is equivalent to roughly half of all the malware samples detected over the whole of 2012.
There were also minor changes to the threat geography. This time around, Russia (19%, -6 percentage points) and the US (25%, +3 percentage points) once again switched places in the ratings in terms of malicious hosting services — the US returned to first place.
The percentages of other countries were more or less unchanged from Q4 2012.
The rating of the most prevalent vulnerabilities saw no significant shifts. Java vulnerabilities are still on top, detected on 45.26% of all computers. On average, Kaspersky experts counted eight different breaches on every vulnerable machine.