Kaspersky is one of the leaders in antivirus and related software products and services. I always enjoy reading their reports on the state of the cyber war. They help us understand where we are vulnerable and why.
In assessing the threat level for first quarter 2013, we have some interesting war stories. A very serious global attack continues to be a threat:
“At the very beginning of the year, Kaspersky Lab published a significant report with the results of a study on the global [cyber-espionage] operation known as Red October. These attacks targeted various government agencies, diplomatic organizations and companies around the world. . . . we were able to determine several key facts. . . . In order to control and manage infected systems, they created more than 60 different domain names and several servers hosted in different countries. . . . In addition to traditional targeted attacks on workstations, Red October is also capable of stealing data from mobile devices, collecting data from network equipment, collecting files from USB drives, stealing email databases from local Outlook archives or from remote POP/IMAP servers, and extracting files from local FTP servers on the Internet.”
Obviously, Red October continues to be a major threat that is demanding ongoing vigilance. What else is new, eh?
In the mobile world, Android is the biggest target. Kaspersky found that 99.9% of new mobile threats are designed for attacking Android devices.
We know some things about which countries have Web sites that tend to be more infected with malware. Some 80+% of Web sites from which visitors pick up malware are located in just 10 countries. The number-one location at 25.1% of all infected sites is the good old United States. The major contenders are Russia (19.2%), the Netherlands (14.4%), Germany (11.5%), Ukraine (3.3%), Great Britain (3.0%), France (1.8%), and Ireland (1.1%). China and Romania are each just under 1%. Several other nations collectively make up the small balance.
The top five IT vulnerabilities are found in Adobe and Oracle products. Specifically, we are talking about Adobe’s Flash, Reader, and Shockwave, and Oracle’s Java. Sadly, these vulnerabilities are easy to fix by simply applying the software patches the manufacturers regularly issue, but too many users fail to do so:
“The most widespread vulnerabilities are found in Java and were detected on 45.26% of all computers. Also in the ratings is a relatively old but very dangerous vulnerability in Adobe Flash Player. This vulnerability was detected back in October 2010, but Kaspersky Lab is still detecting it on 11.21% of vulnerable computers.”
Kaspersky cautions us to guard against complacency about cybersecurity. This is true regardless of the fact some cyber-attacks do not necessarily generate a lot of follow-up press:
“In 2011, we witnessed mass hacking of various companies and mass user data leakages. It might seem like these attacks all came to nothing—but not so! Malicious users remain as interested as ever in hacking large companies and getting their hands on confidential data, including user information.”
Just because we do not see immediate, large-scale consequences does not mean the hackers did not acquire valuable data. Sometimes the hackers will sit on the data for an opportune time to exploit it. As with any kind of a war, we must never sleep.