Mobile malware has grown almost 3-fold in Q2, and cyberespionage attacks target SMB companies

Kaspersky Lab has published its Q2 cyberthreats report highlighting key security incidents of the quarter and evaluating the Q2 cyberthreat level. 51% of web-borne attacks blocked by Kaspersky Lab’s products were launched from malicious web resources located in Russia. Next on the list came the USA, the Netherlands, Germany, France, Virgin Islands, Ukraine, Singapore, the UK and China.

Mobile threats

• 291,800 new mobile malware programs emerged in Q2, which is 2.8 times greater than in Q1.
• There were 1 million mobile malware installation packages in Q2, which is 7 times greater than in Q1.

Mobile banking has remained a main target for mobile threats. Kaspersky Lab’s Q1 2015 report mentioned Trojan-SMS.AndroidOS.OpFake.cc which was capable of attacking no less than 29 banking and financial applications. The Trojan’s latest version that emerged in Q2 is capable of attacking 114 (four times more) banking and financial applications. Its main goal is to steal the user’s login credentials with which to attack, among others, several popular email applications.

Attacks on the Web: financial threats

• There were 5,900,000 notifications about attempted malware infections to steal money via online access to bank accounts – this is 800,000 lower than in Q1.

In Q2 2015, Singapore became the leader in the number of Kaspersky Lab users who came under web-borne attacks by banking Trojans – 5.3% of all Kaspersky Lab users in Singapore faced this threat over this time period. Next came Switzerland with 4.2%, Brazil (4%), Australia (4%) and Hong Kong (3.7%). Note that most countries in the TOP 10 are technologically advanced and/or have a developed banking system, which attracts the cybercriminals’ attention.

Financial threats are not limited to banking malware programs which attack the clients of online banking systems. Apart from banking malware (83%), financial threats are posed by Bitcoin miners (9%) – these are malware programs that use the victim’s computer’s computational resources to generate bitcoins, as well as bitcoin wallet stealers (6%) and keyloggers (2%).

Targeted cyberattacks

In Q2, Kaspersky Lab’s Global Research and Analysis Team disclosed four cyberespionage campaigns CozyDuke, Naikon, Hellsing and Duqu 2.0. The victim toll includes government agencies, commercial companies and other high-level targets.

The second quarter has also demonstrated the cybercriminals’ interest in small and medium businesses – this type of businesses was targeted by the cyberespionage campaign Grabit. Cybercriminals focused on such economic sectors as chemical industry, nanotechnologies, education, agriculture, mass media and construction.

“In Q2 we launched an important initiative called Securing Smart Cities which aims to help those responsible for developing smart cities to do so without forgetting about cybersecurity. If security measures are not planned at the development stage, that could have serious implications later, and retro-fitting security might not be a straightforward task,” comments Alexander Gostev, Chief Security Exert at Kaspersky Lab’s Global Research and Analysis Team.

Q2 in figures

• According to KSN data, Kaspersky Lab solutions detected and repelled a total of 379.9 million of malicious attacks from online resources located all over the world – this is 19% lower than in Q1.
• During the three month period, an average of 23.9% of Internet users’ computers across the world came under a web-borne attack at least once. This is 2.4 percentage points lower than in Q1.
• 26,000,000 unique malicious objects were detected, which is 8.4% lower than in Q1. The script AdWare.JS.Agent.bg was the most widespread among such objects – this script is injected by adware programs into arbitrary web pages.