Trend Micro threat researchers are seeing a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions. According to Trend Micro’s Third Quarter Threat Report, their work led them to the uncovering of one of the most notable groups of targeted attacks during the third quarter – the LURID downloader.
These attacks, classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users’ systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.
Other notable security attacks, scams, breaches and exploits:
- Trend Micro threat analysts came across a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps utilize, copies of this new Android malware littered a Chinese third-party app store.
- Trend Micro researchers spotted a page that enticed users to click a link to get free invitations to Google’s latest stab at taking a slice of the social media pie—Google+. Instead of invitations to join the site, however, all the users got was an “opportunity” to take part in a survey that put them at risk.
- LinkedIn users were also part of a criminal scam that tricked them into clicking a malicious link to a supposed Justin Bieber video that redirected them to a malicious site.
- The most notorious spam runs this quarter led to the download and execution of two banking Trojans: The first campaign featured a spam that purported to come from the Spain National Police; the second supposedly came from the Internal Revenue Service.
- India and South Korea were three of the top three spam-sending countries. Neither Canada nor the United States, which commonly takes the top spot, were among the top 10 spam-sending countries list most likely due to the arrest of several spambot operators
In addition to the discovery of the LURID downloader, Trend Micro and other global security teams made impressive takedowns in Q3:
- After months of monitoring, Trend Micro researchers uncovered a SpyEye operationcontrolled by a cybercriminal residing in Russia with the handle, “Soldier,” and his accomplice in Hollywood, California. This botnet operation, which amassed more than US$3.2 million within six months, targeted large enterprises and government institutions, Canada, the U.S., the United Kingdom, India, and Mexico. More details on this win can be found in Trend Micro’s research paper, “From Russia to Hollywood: Turning Tables on a SpyEye Cybercrime Ring.”
- Trend Micro researchers were also able to gather in-depth information on two of the largest FAKEAV affiliate networksto date—BeeCoin and MoneyBeat. More details on how FAKEAV affiliate networks work can be found in the research paper, “Targeting the Source: FAKEAV Affiliate Networks.”