Kaspersky Lab released its annual global Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2017 that was obtained using the Kaspersky Security Network. Highlights of the report you can find below.
In 2017, Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects (scripts, exploits, executable files, etc.) and 199 455 606 unique URLs were recognized as malicious by web antivirus components. Kaspersky Lab solutions detected and repelled 1 188 728 338 malicious attacks launched from online resources located in 206 countries all over the world.
Highlights of 2017
- The defining cyber-moments of 2017 were, without doubt, the WannaCry, ExPetr and BadRabbit ransomware attacks. The infamous Lazarus threat actor is believed to have been behind WannaCry, which spread at staggering speed and is now believed to have claimed around 700,000 victims worldwide. ExPetr was more targeted, hitting businesses including many well-known global brands through infected business software. Maersk, the world’s largest container ship and supply vessel company has declared anticipated losses of between $200 mln. and $300 mln. as a result of ‘significant business interruption’ caused by the attack; while FedEx/TNT has announced around $300 mln. in lost earnings.
- Elsewhere, the world’s big cyberespionage threat actors continued to do what they do, but with new, harder-to-detect tools and approaches. We reported on a wide range of campaigns, including the historically significant Moonlight Maze, believed to be related to Turla, as well as another Turla-related APT we call WhiteBear. We also uncovered the most recent toolkit of the Lamberts, an advanced threat actor that can be compared with Duqu, Equation, Regin or ProjectSauron in terms of complexity, and more technical details about the Spring Dragon group. In October, our advanced exploit prevention systems identified a new Adobe Flash zero-day exploit used in the wild against our customers, delivered through a Microsoft Office document. We can confidently link this attack to an actor we track as BlackOasis. For a more detailed summary of APT activity during 2017, you can view our annual APT review webinar here.
- In 2017 we also observed a resurgence of targeted attacks designed to destroy data, either instead of, or as well as data theft, for example Shamoon 2.0 and StoneDrill. We also uncovered threat actors achieving success, sometimes for years, with simple and poorly executed campaigns. The EyePyramid attack in Italy was a good example of this. Microcin provided another instance of how cybercriminals can achieve their goals by using cheap tools and selecting their targets with care.
- 2017 also revealed the extent to which advanced threat actors were diversifying into common theft to fund their expensive operations. We reported on BlueNoroff a subset of the infamous Lazarus group and responsible for the generation of illegal profits. BlueNoroff targeted financial institutions, casinos, companies developing financial trade software and those in the crypto-currency business, among others. One of the most notable BlueNoroff campaigns was its attacks on financial institutions in Poland.
- Attacks on ATMs continued to rise in 2017, with attackers targeting bank infrastructure and payment systems using sophisticated fileless malware, as well as by the more rudimentary methods of taping over CCTVs and drilling holes. More recently, we discovered a new targeted attack on financial institutions – mainly banks in Russia, but also some in Malaysia and Armenia. The attackers behind this Silence Trojan used a similar approach to Carbanak.
- Supply chain attacks appear to be the new ‘watering holes’ when it comes to targeting business victims. An emerging threat in 2017, seen in ExPetr and ShadowPad, which looks set to increase further in 2018.
- A year on from the Mirai botnet in 2016, the Hajime botnet was able to compromise 300,000 connected devices – and it was just one of many campaigns focused on connected devices and systems.
- 2017 also saw a number of massive data breaches, with millions of records exposed overall – these include Avanti Markets, Election Systems & Software, Dow Jones, America’s Job Link Alliance and Equifax. The Uber data breach which took place in October 2016 and exposed the data of 57 million customers and drivers was only made public in November 2017.
- The mobile malware landscape also evolved in 2017, and Trojanized mobile apps were downloaded in their tens of thousands or more, resulting in victims being swamped with aggressive advertising, hit with ransomware or facing theft through SMS and WAP billing. Mobile malware added new tricks to avoid detection, bypass security and exploit new services. As in 2016, many such apps were readily available through reputable sources such as the Google Play Store. Trojans particularly prevalent in 2017 included the Ztorg Trojan, Svpeng, Dvmap, Asacub and Faketoken.
For more information on these trends and advice on staying safe, please see the full Review of the Year 2017.