Kaspersky Lab: Key security incidents that shaped the threat landscape in 2013

NetworkSecurity_0 Some of the revelations of the past year raised questions about the way we use the Internet nowadays and the type of risks we face. In 2013 advanced threat actors have continued large-scale operations, and cyber-mercenaries, specialist APT groups “for hire” which focus on hit-and-run operations emerged. Hacktivists were constantly in the news, together with the term “leak”, which is sure to put fear into the heart of any serious sys-admin out there. In the meantime, cybercriminals were busy devising new methods to steal money or Bitcoins.

Privacy loss: Lavabit, Silent Circle, NSA and the loss of trust:

No ITSec overview of 2013 would be complete without mentioning Edward Snowden and the wider privacy implications of his revelations. One of the first visible effects was the shutdown of encrypted e-mail services such as Lavabit and Silent Circle. The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies. Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST.

New “old” cyber-espionage campaigns: up to 1800 victim organisations in 2013:

  • The majority of the cyber-espionage campaigns that Kaspersky Lab’s analysts have seen were designed to steal data from governmental agencies and research institutions – Red OctoberNetTravelerIcefog and MiniDuke all behave this way.
  • The most widespread campaign of the year was NetTraveler espionage which affected victims from 40 countries all over the world.
  • For the first time ever cybercriminals harvested information from mobile devices connected to the victims’ networks – clear recognition of importance of mobile to hackers.
  • Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the human’. They employed spear-phishing to get an initial foothold in the organisations they targeted

“We predicted 2012 to be revealing and 2013 to be eye – opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organisation or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects.  Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets. This point was amply illustrated by Icefog attacks this year. They were part of an emerging trend that appeared in 2013 – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks. Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge”, – Costin Raiu, Director of the Global Research and Analysis team, Kaspersky Lab commented.

Stealing money – either by directly accessing bank accounts or by stealing confidential data – is not the only motive behind security breaches. They can also be launched to undermine the reputation of the company being targeted, or as a form of political or social protest. Ongoing hacktivist activities have continued this year as well. ‘Anonymous’ group has claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments. Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW. For those with the relevant skills, it became easier to launch an attack on a web site than it is to co-ordinate the real-world protests.

Bitcoins ruling the world:

The Bitcoin system was implemented back in 2009. In the beginning, this crypto currency was used by hobbyists and mathematicians. Soon, they were joined by others – mostly ordinary people, but also cybercriminals and terrorists. They provide an almost anonymous and secure means of paying for goods. In the wake of the surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment. And it is gaining popularity – in November 2013, the mark surpassed the 400$ for one Bitcoin.

The methods used by cybercriminals to make money from their victims are not always subtle.  Apart from Bitcoins, which could potentially be stolen, ‘ransomware’ programmes became a popular means of making easy money – cybercriminals block access to a computer’s file system, or encrypt data files stored on the computer. Then they warn you that you must pay in order to recover your data.  This was the case with theCryptolocker Trojan. The cybercriminals give their victims only three days to pay up, accepting different forms of payment, including Bitcoin.