Carbanak and beyond: banks face new attacks
A year after Kaspersky Lab warned that cybercriminals would start to adopt the tools and tactics of nation-state backed APTs in order to rob banks, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN. They attack financial organisations using covert APT-style reconnaissance and customised malware along with legitimate software and new, innovative schemes to cash out.
Adwind: Malware-as-a-Service Platform that hit more than 400,000 users and organisations globally
Kaspersky Lab’s Global Research and Analysis Team has published extensive research on the Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, which is distributed through a single Malware-as-a-Service Platform. According to the results of the investigation, conducted between 2013 and 2016, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organisations around the world. The platform and the malware are still active.
Kaspersky Lab Exposes the Poseidon Group: A Commercial Malware Boutique Operating on Land, Air and Sea
Kaspersky Lab’s Global Research and Analysis Team has announced the discovery of the Poseidon Group, an advanced threat actor active in global cyber-espionage operations since at least 2005. What makes the Poseidon Group stand out is that it’s a commercial entity, whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims to coerce them into a business relationship. In addition, the malware is designed to function specifically on English and Brazilian Portuguese Windows machines, a first for a targeted attack.