Sunday, Sep 27, 2020 | Last Update : 08:39 AM IST

186th Day Of Lockdown

Maharashtra130045899280634761 Andhra Pradesh6614585881695606 Tamil Nadu5693705138369148 Karnataka5572124503028417 Uttar Pradesh3785333136865450 Delhi2644502284365147 West Bengal2410592110204665 Odisha201059165432820 Telangana1838661524411091 Bihar175898161510881 Assam167374136712625 Kerala160935111327636 Gujarat1303911105923394 Rajasthan1247301042881412 Haryana1205781012731273 Madhya Pradesh117588932382152 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   In Other news  10 Aug 2017  How advanced targeted attacks evolved in Q2, 2017

How advanced targeted attacks evolved in Q2, 2017

DECCAN CHRONICLE
Published : Aug 10, 2017, 4:29 pm IST
Updated : Aug 10, 2017, 4:29 pm IST

Expert analysis of the last two suggests the code may have escaped into the wild before it was fully ready.

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
 The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

The second quarter of 2017 saw sophisticated threat actors unleash a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. Expert analysis of the last two suggests the code may have escaped into the wild before it was fully ready, an unusual situation for well-resourced attackers. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

The months from April to end June witnessed significant developments in targeted attacks by, among others, Russian-, English-, Korean-, and Chinese-speaking threat actors. These developments have far-reaching implications for business IT security: sophisticated malicious activity is happening continuously almost everywhere in the world, increasing the risk of companies and non-commercial organizations becoming collateral damage in cyber warfare. The allegedly nation-state backed WannaCry and ExPetr destructive epidemics, whose victims included many companies and organization across the globe, became the first but most likely not the last example of the new, dangerous trend.

Highlights in Q2, 2017 include:

-Three Windows zero-day exploits being used in-the-wild by the Russian-speaking Sofacy and Turla threat actors. Sofacy, also known as APT28 or FancyBear, deployed the exploits against a range of European targets, including governmental and political organizations. The threat actor was also observed trying out some experimental tools, most notably against a French political party member in advance of the French national elections.

-Gray Lambert - Kaspersky Lab has analyzed the most advanced toolkit to date for the Lamberts group, a highly sophisticated and complex, English-speaking cyberespionage family. Two new related malware families were identified.

-The WannaCry attack on 12 May and the ExPetr attack on 27 June. While very different in nature and targets, both were surprisingly ineffective as ‘ransomware’.

-ExPetr, targeting organizations in the Ukraine, Russia and elsewhere in Europe also appeared to be ransomware but turned out to be purely destructive. The motive behind the ExPetr attacks remains a mystery. Kaspersky Lab’s experts have established a low confidence link to the threat actor known as Black Energy.

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

Tags: kaspersky, ransomware, cybercrime, cybersecurity