According to Kaspersky DDoS Protection data, the second quarter of 2019 turned out to be rather less eventful than the previous one. As such, the number of attacks foiled by our protection systems fell by 44%. But at the same time, the quarter turned out to be richer than the first in terms of high-profile DDoS attacks.
The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q2 2019.
In the first half of 2019, more than 430,000 unique users were attacked by financial threats - seven percent more than during the same period in 2018. The number of financial attacks was 10,493,792 – 93% more than in the first half of 2018.
This cybercriminal's thirst for stolen data is confirmed by the statistics: in the first half of 2019, more than 940,000 users were attacked by malware designed to harvest a variety of data on the computers. The threat’s called “Stealer Trojans” or Password Stealing Ware (PSW), a type of malware designed to steal passwords, files, and other data from victim computers.
This year, we decided to continue our tradition of small-scale experiments with security of connected devices but focused on the automotive-related topic. We randomly took several different automotive connected devices (a couple of auto scanners, a dashboard camera, a GPS tracker, a smart alarm system, a pressure and temperature monitoring system) and reviewed their security setup.
2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.
FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.
Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.
When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.