News

Malware around the world: Brazilian, Russian and Spanish infections

Security research firm Kaspersky Lab recently created an interactive map that illustrates in real time the malware attacks happening around the world. This resource shows just how impactful malware strains are around the world, using multi-colored lines to show both the origin and target for the attacks.

The map demonstrates that no region is outside of cybercriminals' reach, and attacks are taking place in cities and countries across the globe. In order to adequately protect sensitive files and personal details, users and organizational leaders must be aware of emerging threats in their sector. In this spirit, it is important to examine some of the top malware strains infecting users currently, including those originating outside of the United States.

Brazilian Boletos Malware
The first stop on this tour of the top malware samples around the world is Brazil, where users are being infiltrated by a man-in-the-middle attack designed to intercept money order payments. According to ZDNet, by stealing Boletos payments - the Brazilian equivalent of an American money order - hackers were able to compromise more than 495,000 users and steal approximately $3.75 billion.

The strain was first discovered in 2012, and since then has worked to head off Boletos payments to modify the data being sent between the customer, the bank and the merchant. This way, the funds are redirected to an account under cybercriminal control.

Russian Dragonfly attackers infect energy grid
The next stop on the tour is Russia, where a group of hackers known as Dragonfly are infecting energy companies supplying oil and natural gas to the national power grid. According to The New American contributor Bob Adelmann, the malware cybercriminals are using in these security incidents are so impactful that it has the capability to disrupt internal messaging controls and the overall operations of physical power plants and pipelines.

Symantec found that the Russian hackers have targeted energy firms in the U.S, Spain, France, Italy, Germany Turkey and Poland. Their prime region for infection, however, is in the U.S. and Spain.

"The Dragonfly group is technically adept and able to think strategically," Symantec noted. "[T]he group found a 'soft underbelly' … invariably smaller, less protected companies."

The most worrisome part of these attacks, according to Symantec chief researcher Eric Chien, is that the cybercriminals are likely not only motivated by espionage, but sabotage as well.

Spanish Careto malware
Earlier this year, Kaspersky Lab discovered the Careto, or "The Mask," a malware sample it calls "an advanced Spanish-speaking threat actor." Most surprisingly, however, is the fact that the strain has been active since 2007.

Careto is also a very complex sample that leverages a complicated toolset including sophisticated malware, a rootkit and bootkit, as well as versions tailored specifically for Max OS X and Linux. Kaspersky also noted that their may potentially be versions for the mobile platform. 

The stain specifically targets government agencies, diplomatic organizations and embassies, utility companies, research firms and activists. Researchers have discovered victims in 31 countries thus far, including those in North and South America, the Middle East, Europe and Africa.

Protect data in transit with an SSL certificate today. 

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!