April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Kaspersky Lab Quarterly Report Shows Zero-Day Exploits and Rampant ‘Ransomware’

Kaspersky Lab announced its latest quarterly threat intelligence report, which shows sophisticated threat actors unleashed a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. The report highlights the expert analysis of these advanced attacks and other trends in cybersecurity from the second quarter of 2017.

From April to the end of June, experts witnessed significant developments in targeted attacks by, among others, Russian-, English-, Korean-, and Chinese-speaking threat actors. These developments showed that sophisticated, malicious activity is happening continuously across the world and are increasing the risk of companies and non-commercial organizations becoming collateral damage of cyber warfare. The allegedly nation-state backed WannaCry and ExPetr destructive epidemics, whose victims included many companies and organizations globally, became the first example of this new and dangerous trend.

According to the Kaspersky Lab report, highlights in Q2 of 2017 include:

  • Three Windows zero-day exploits being used in-the-wild by the Russian-speaking Sofacy and Turla threat actors - Sofacy, also known as APT28 or FancyBear, deployed the exploits against a range of European targets, including government and political organizations. The threat actor was also observed trying out some experimental tools, most notably against a French political party member in advance of the French national elections.
  • Gray Lambert - Kaspersky Lab analyzed the most advanced toolkit to date for the Lamberts group, a highly sophisticated and complex, English-speaking cyberespionage family, identifying two new related malware families.
  • The WannaCry attack on May 12 and the ExPetr attack on June 27 - While very different in nature and targets, both were surprisingly ineffective as ‘ransomware.’ For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction. Kaspersky Lab experts discovered further ties between the Lazarus group and WannaCry. The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.
  • ExPetr, targeting organizations in the Ukraine, Russia and elsewhere in Europe – It also appeared to be ransomware but turned out to be purely destructive. The motive behind the ExPetr attacks remains a mystery. Kaspersky Lab experts have established a low confidence link to the threat actor known as Black Energy.

“We have long maintained the importance of truly global threat intelligence to aid defenders of sensitive and critical networks,” said Juan Andres Guerrero-Saade, senior security researcher, Global Research and Analysis Team, Kaspersky Lab. “We continue to witness the development of overzealous attackers with no regard for the health of the internet and those in vital institutions and businesses who rely on it on a daily basis. As cyberespionage, sabotage, and crime run rampant, it’s all the more important for defenders to band together and share cutting-edge knowledge to better defend against all threats.” 

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, the Kaspersky Lab Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

 

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...