Kapersky Lab yesterday published its report on IT security in 2015, which tracks the evolution of cyber threats in the corporate sector. It found that advanced persistent threats (APT) against businesses expanded and diversified their scope in 2015, in terms of expanding into different geographies and into different business sectors.

The report, based on attacks detected by Kapersky Lab products during 2015, shows an increase in malware and ransomware attacks on corporate computers. One or more malware attacks were blocked on 58% of corporate computers, a 3 percentage point rise on the previous year, while 29% of business-owned computers were subjected to one or more web-based attacks.

It also showed a huge rise in ransomware on corporate computers, which encrypts vital company information that the company can't function without. In 2015, Kaspersky Lab solutions detected ransomware on more than 50,000 computers in corporate networks, which is double the figure for 2014, although the actual figure is likely to be much higher.

Browsers and Office applications are the weakest link

Cyber criminals that target corporates were three times more likely to use malware exploiting vulnerabilities in office applications. Attacks on browsers accounted for 58% of cyber-criminal attacks on corporate users blocked by Kapersky Lab products in 2015. Attacks on Office applications accounted for 12% of attacks, followed by Java (11%), Android and Adobe Reader and Flash Player.

In particular, the report states that attacks on corporate users:

• exploit vulnerabilities found in office applications three times more often than in attacks on home users;
• use malicious files signed with valid digital certificates;
• use legitimate programmes in attacks, allowing the attackers to go undetected for longer.

Don't underestimate security of POS terminals

Kapersky Lab also notes that attacks on POS terminals shouldn't be underestimated. Criminals can use malware to infect computers with a POS card reader attached to steal customer card data. This problem is especially relevant in those countries where cards with EMV chips are not used.

Cyber criminals target and plan meticulously

Kapersky published the following key trends in the evolution of targeted attacks on businesses:

• Financial organisations such as banks, funds and exchange-related companies, including cryptocurrency exchanges, have been subjected to attacks by cybercriminals.
• The attacks are meticulously planned. The cybercriminals scrutinize the interests of potential victims (employees at the targeted company), and identify the websites they are most likely to visit; they examine the targeted company’s contacts, equipment and service providers.
• The information collected at the preparation stage is then put to use. The attackers hack legitimate websites that have been identified and the business contact accounts of the targeted company’s employees. The sites and accounts are used for several hours to distribute malicious code, after which the infection is deactivated. This means the cybercriminals can re-use the compromised resources again later.
• Signed files and legitimate software is used to collect information from the attacked network.
• Attacks are diversifying to include small and medium-sized businesses.
• The geography of attacks on businesses is expanding: a massive attack occurred in Japan, the emergence of new APT groups in Arab countries.