Kaspersky Lab has undertaken a review of the key events that defined the IT security threat landscape in 2014.
Over the last 12 months, the company’s Global Research and Analysis Team (GReAT) has reported on seven advanced persistent cyber-attack campaigns (APTs). Between them, these accounted for more than 4,400 corporate sector targets in at least 55 countries worldwide; more than double the 1,800 targeted corporate attacks discovered in 2013.
Targeted attacks and malicious campaigns stood out amongst a range of security incidents, particularly in terms of their scale and impact across both government and business.
Cyber-espionage
In 2014, organisations in at least 20 critical sectors were hit by advanced threat actors. Major public organisations were targeted, including government and diplomatic offices, with further attacks on sensitive financial and industrial segments across the private sector, including attacks on media organisations.
It is likely that in several cases, these attacks were performed by state-sponsored threat actors, as analysis of the Mask/Careto and Regin campaigns reveal. Others are likely to have been the result of professional cyber-crews organising ‘attacks-as-a-service’, reflected in the exposure of the HackingTeam 2.0, Darkhotel, CosmicDuke, Epic Turla, and Crouching Yeti APTs.
The ‘Regin’ threat actor is the first ever cyber-attack platform known to penetrate and monitor GSM networks in addition to other ‘standard’ spying tasks. In the hunt for sensitive information retained on connected equipment, ‘Darkhotel’ targeted C-suite victims, including senior management and R&D staff staying at dozens of luxury hotels worldwide. These two threat actors have been in operation for a decade, making them among the oldest on the APT scene.
Alex Gostev, Chief Security Expert at Kaspersky Lab’s Global Research and Analysis Team, says that targeted operations could mean disaster for the victim, resulting in leaks to sensitive information such as intellectual property, compromised corporate networks, interrupted business processes, and the wiping of data.
“There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money.”
Fraud operations
2014 also saw a number of fraud campaigns that resulted in losses totaling millions of dollars.
In June, Kaspersky Lab experts released their research into an attack on clients of a large European bank. GReAT experts also published in October the results of a forensic investigation into a new direct attack on ATMs in Asia, Europe and Latin America. Millions of dollars were stolen from ATMs worldwide without the attackers requiring access to credit cards.
In Kaspersky Lab’s forecast for 2015, experts expect to see further evolution of these ATM attacks, where APT techniques are used to gain access to the ‘brain’ of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real-time.
The full report about key events that have defined the threat landscape in 2014 can be found on Securelist.
Kaspersky Lab’s video outlining attacks on the corporate sector and business executives in 2014 can be found here.