Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.
Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium.
Well-known ‘Lost in Translation’ leak, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’.
Recently, we caught a new unknown exploit for Chrome browser. We promptly reported this to the Google. After reviewing of the PoC we provided, the company confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720.
It’s been a long journey since the early days of cheats development, and we can currently encounter them demonstrating malware-like behavior, using anti-detection techniques and evasion features that rival rootkits and implants found in advanced persistent threats.
One of the most popular platforms among users (and hence cybercriminals) is Steam, and we’ve been observing money-making schemes to defraud its users for quite some time. Since June, however, such attacks have become more frequent and, compared to previous attempts, far more sophisticated.
As we saw from the statistics, tech giants that collect and analyze data to show us targeted advertising are present practically everywhere in the world. And it is these companies that store the most data about people from all over the planet.
The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q3 2019.
Since 2008, cyber-criminals have been creating malware to attack IoT-devices. How do we deal with that? The best option for tracking attacks, catching malware and getting an overview of attacks in this area is to use honeypots.
Kaspersky and the research team at the University of Ghent looked deeper into how the wide use of so-called "social robots" in the future could affect humans' private lives, their social behavior and what the cyber security takeaways from this impact are.