23 December 2021
New malicious files discovered daily grow by 5.7% to 380,000 in 2021
In 2021, Kaspersky’s detection systems discovered 380,000 malicious files per day, indicating a 5.7% increase compared to 2020. This growth correlates with the continuous rise in the number of devices used worldwide, among other factors.
14 October 2021
MysterySnail: Kaspersky finds zero-day exploit for Windows OS
In late summer 2021, Kaspersky’s automated detection technologies prevented a series of attacks using an elevation of privilege exploit on multiple Microsoft Windows servers. Upon closer analysis into the attack, Kaspersky researchers discovered a new zero-day exploit.
14 January 2021
Kaspersky experts connect SolarWinds attack with Kazuar backdoor
On December 13, 2020, FireEye, Microsoft and SolarWinds announced the discovery of a large, sophisticated supply chain attack that deployed a new, previously unknown malware Sunburst used against SolarWinds’ Orion IT customers. Kaspersky’s experts found various specific code similarities between Sunburst and known versions of Kazuar backdoors – the type of malware that provides remote access to a victim’s machine. The new findings provide insights that can help the researchers move forward in the investigation of the attack.
7 January 2021
The number of new malicious files detected every day increases by 5.2% to 360,000 in 2020
In 2020, an average of 360,000 new malicious files were detected by Kaspersky per day—an increase of 5.2% when compared to the previous year. This was influenced mostly by a large growth in the number of Trojans (malicious files capable of a range of actions, including deleting data and spying) and backdoors (a specific type of Trojan that gives attackers remote control over the infected device): a 40.5% and 23% increase respectively. These were the trends found by the Kaspersky Security Bulletin: Statistics of the Year Report.
15 December 2020
Infamous hacker-for-hire group DeathStalker hits the Americas and Europe with new PowerPepper malware
DeathStalker is an advanced persistent threat (APT) actor that is believed to offer hacking-for-hire services to steal sensitive business information from companies in the financial and legal sector. First reported by Kaspersky researchers in August of this year, the mercenaries’ activities have once again been spotted in the wild. This time they’re using a new malware implant and delivery tactics: a backdoor dubbed PowerPepper by Kaspersky, which leverages DNS over HTTPS as a communication channel (to hide communications with the control server in legitimate-looking ones). PowerPepper also uses several evasion techniques, including steganography (a method for disguising data).
14 October 2020
Control-Alt-Can’t delete: customized firmware bootkit found in the wild
Kaspersky’s researchers uncovered an advanced persistent threat (APT) espionage campaign that uses a very rarely seen type of malware known as a firmware bootkit. The new malware was detected by Kaspersky’s UEFI / BIOS scanning technology, which detects known and unknown threats.
18 May 2020
New spying Trojan targets diplomatic entities in Europe via spoofed visa application
In November 2019, Kaspersky technologies revealed new malware with a focus on diplomatic bodies in Europe, with the initial dropper spread as a spoofed visa application. Further analysis has indicated that this spyware uses the same code base as the infamous COMPFun. Spyware focuses on propagating across the victims’ devices to collect and transmit data to the actor. It is widely used by various APTs and its danger is equal to the selected victimology: be it government or critical infrastructure segments, harvested information could pose a great value to the malware operators and bring many changes to the affected landscape.
The detected malware has strong code similarities with COMPFun, first reported in 2014. In 2019, the industry already witnessed it successor, Reductor. The new Trojan’s functions include the ability to acquire the target’s geolocation, gather host- and network-related data, keylogging and screenshots.