Kaspersky: the evolution of the geopolitical feeding scene cyber threats in the first quarter of 2019

Said company Kaspersky Lab said its researchers observed in the first three months of the year 2019, the activity in the threat landscape developed, which focused mainly on the region of South-East Asia, affected affected increasingly by geopolitical developments, included attacks software mining for the encrypted, software spy business, as well as a major campaign targeted supply chains. It has incorporated these and other tensions in the report of the Kaspersky Lab quarterly on the latest information threats.

And Kaspersky Lab its quarterly report on threats, advanced persistent, based on the study of specific research conducted by the information threats, and depending on the other sources, which highlights the main developments that the researchers believe that everyone should grasp.

Noted researchers from Kaspersky Lab found a number of interesting developments during the first quarter of this year. The campaign of threats advanced persistent reported during this period: the process of ShadowHammer, a campaign developed present use of the supply chain for deployment on a very large scale, next techniques were carried out carefully to ensure the precise targeting of victims.

One of the highlights caught it threats advanced persistent in the first quarter to geopolitical developments emerged as the Chief activity of threats, with a clear correlation often between these developments, and subversive activities directed.

Included advanced threats also that the region of South-East Asia remained the most witnesses for threats advanced persistent in the world, with more of the subversive groups, which have brought the largest, the treatment to target activities more than anywhere else.

Related topics what you read now:

Tried groups disruptive speaking in Russian at a low level of activity, compared to the last few years, which may be due to undergoing some internal restructuring, even with continued activity distributing malware generally by the two groups: Sofacy, the وTurla.

Continued the disruptive speaking in Chinese to maintain a high level of activity, the University between the complexity levels of low, and high, depending on the nature of the campaign. For example, it was observed the use of the group known by CactusPete – published since 2012 – new tools and in the first quarter of 2019, including new variants of tools software downloads, and ports background, as well as the attack of the VBScript without waiting, launched by the group DarkHotel disruptive.

The researchers observed the spread of a new type of FinSpy, as well as the recruitment process LuckyMouse tools leaked from HackingTeam, in reference to what seems to “boom” the providers of software disruptive “business” available to governments, and other entities.

Promised Vicente de – int main security group Kaspersky Lab Global Research and analysis GReAT – that’s what happened in the first quarter of the year, “it was amazing”, saying: “even when we’re feeling after the occurrence of something new, we expose for the scene the threats of filled with exciting developments on various fronts, he added: “the threat landscape in the first quarter to the attacks of the complex across the supply chain, the migration of mining for the digital, attacks motivated by geopolitical. Despite our awareness of the incompleteness of our vision, and the activities we didn’t see, or realize it yet, so the lack of emergence of a region or a sector on the radar of our own threats today doesn’t mean it won’t appear in the future, making protection from all known threats and table is important to everyone”.

The report draws the threats advanced persistent for the first quarter of 2019 the results of the information reports of threats participants in the service of the Kaspersky Lab, which also includes data indicators for the occurrence of penetration of the IOC, the rules of the YARA; to assist in the search of the criminal, and turn off the malware.

In order to avoid falling victim to the attack wave Chen his one hand subversive known, or unknown, it is recommended that researchers of Kaspersky Lab to provide the team Security Operations Centre have access to the latest information, threats, and keep abreast of tools, techniques and tactics to new, emerging, or used by others, threats, and the internet.

They also recommend employing special solutions detects threats at the level of terminal points, investigate, and address them in a timely manner, such as: solution, Kaspersky Endpoint Detection and Response, implementation of security solution at the institutional level, detects advanced threats on the network level, at an early stage, such as: Kaspersky Anti Targeted Attack Platform.

It offers the researchers also provide training to raise security awareness, education and practical skills among staff, such as: Kaspersky Automated Security Awareness Platform, due to start many of the attacks attempts, phishing, or other techniques based on the principles of social engineering.

Leave a Reply

Your email address will not be published. Required fields are marked *