A supposed airline hack and other similar incidences this past quarter have made it clear: Attackers are finding more inventive ways to infiltrate and abuse existing technologies. This signals a rise in threats that go beyond just stealing data, and whose effects are more physical, evident, or close to home.
Take for instance the increasing number of attacks involving routers and DNS changer detections, particularly in Brazil, which accounted for 81% of the total number of DNS changer detections in 2Q. Advancements in point-of-sale (PoS) malware continued to be a nuisance to businesses, yet its slight decline in 2Q could mean that the threat may be reaching its saturation point.
Figure 1. There was a noticeable decrease in PoS threats for the second quarter of the year.
This doesn’t mean that cybercriminals are abandoning their old operations. Traditional malware is still circulating, with basic malware components readily available for just about anyone to create his own malicious enterprise. The second quarter also shed some light on solo cybercriminal operations seen across the globe as evidenced by solo operations seen in Brazil and Canada.
Figure 2. Solo cybercriminal operations were spotted in the second quarter.
One of the more notable developments we saw was coordination across law enforcement agencies for public-private partnerships (PPP). Some law enforcement wins included botnet takedowns for longstanding operations and the indictment of Silk Road mastermind Ross Ulbricht.
Government entities were the primary attack targets in the second quarter, with the OPM breach marking the biggest incident to date exposing more than 20 million records belonging to United States federal employees. Another big attack that continues to affect government entities until now is Operation Pawn Storm, which we saw targeting NATO members as well as the White House in April and even using a Java zero-day to attack governments this July.
The Angler Exploit Kit creators aggressively integrated new exploits for Adobe® Flash® vulnerabilities. We have also seen a faster integration of these kits as evidenced by the high amount of Angler Exploit Kit-related detections in the second quarter. According to Deep Security Labs Director Pawan Kinger, “Enterprises must be very watchful of vulnerabilities in the core software and plug-ins that they use. Custom applications need customized checking. A good penetration test on custom applications always compensates for that.”
As more and more public-facing technologies get developed for Internet connectivity, we are witnessing a recurrence in attacks that are more strongly felt. User online safety and privacy has never been more critical than now.
Read our 2Q 2015 Security Roundup, A Rising Tide: New Hacks Threaten Public Technologies.