" pandalabs "

Q1-2015-Results

PandaLab’s Results for the First Quarter of 2015

PandaLabs published its Quarterly Report for Q1, analysing the IT security events and incidents from January through March 2015. The anti-malware laboratory detected over 225 000 new malware strains per day in the first quarter of the year, with peaks reaching 500 000This record-breaking figure represents a 40% increase over Q1 2014 and is well above the average for the entire year, which stood at approximately 205 000 new malware samples per day. Most of these specimens were variants of known malware, conveniently modified by virus writers to evade detection by antivirus laboratories. Trojans continued to be the most common threat type, representing 72.75% of all new malware and the main source of infections  at 76.05% of the total.

The first months of the year were dominated by ransomware attacks – especially CryptoLocker. Ransomware has become cyber-criminals’ preferred method to make money from companies’ stolen information. Ten companies in the oil and gas maritime transportation sector,  fell victim to this type of attack, as revealed by Panda Security in a report on a hacking campaign dubbed Operation Oil Tanker: The Phantom Menace which targeted oil tankers.

(more…)

oil-tanker

Panda Security Uncovers Ongoing Attack Against Oil Tankers

Panda Security has released “Operation Oil Tanker: The Phantom Menace”, a groundbreaking report that details a malicious and largely unknown targeted attack on oil tankers.

First discovered by Panda Security in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers.Despite having been comprised by this cyber-attack, which Panda has dubbed “The Phantom Menace”, none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

“The Phantom Menace” is one of the most unique attacks that PandaLabs has ever discovered. No antivirus engine was able to detect it when first triggered, primarily because the attackers used legitimate tools in conjunction with a number of self-made scripts to bypass any warnings that traditional AV software would detect. It was only discovered when a secretary opened a nonspecific attachment to an email – a type of file that Panda Security would later identify among ten different companies in the oil and gas maritime transportation sector.

(more…)

CTB-Locker

The Latest on Ransomware: CTB – Locker

Ransomware is malware that limits access to data on devices and demands a ransom be paid to the developer. Some forms of ransomware encrypt files on the systems hard drive, while some simply lock the system and display messages intended to persuade the user into paying.

In the past week there have been several cases of ransomware called CTB-Locker also known as Critroni Ransom. Generally spread via e-mail as an attachment; CTB-locker is released from time to time with the most recent cases occurring 18/19/20 January 2015.

CTB locker is run by a user. The application encrypts common file-types such as Excel and Word documents and images files such as Jpegs. The user then receives a display message stating that the data has been encrypted and that they need to pay a ransom.

It is not likely that the encrypted files are recoverable, in some cases users may be able to use Volume Shadow Copy, but essentially the most effective means of “recovery” is to back-up data/files on a regular basis and restore the most recent back-up.

CTB Locker doesn´t always remove the volume shadow copy (VSS), so depending on the affected operating system, if it is Windows Vista or higher, it is possible to retrieve a copy of the files affected by malware.

In this case, it is necessary to follow the steps below:

  1. Download and install the following software: http://www.shadowexplorer.com/downloads.html
  1. Once installed, browse to the location where the affected files are located
  1. Select a date prior to the infection.
  1. Select the affected file or folder, and choose the option “Export”.

(more…)

2015-PandaLabs-Forecast

2015 Malware Predictions from PandaLabs

PandaLabs have released their predictions for IT security in 2015, based on reports and attacks in 2014.

CryptoLocker

This type of malware was in the spotlight in 2014, and these types of attacks are set to increase in 2015.

CryptoLocker operates in straightforward fashion: Once it gets into a computer, it encrypts all types of documents that could be valuable to the user (spreadsheets, documents, databases) and blackmails the victim into paying a ransom to recover the files. This type of malware is also known as ransomware.

Payment is most often demanded in bitcoins, so that it cannot be traced by the police, making this type of attack ideal for cyber-criminals – as many users choose to pay in order to recover the “hijacked” information.

Targeted attacks

A small percentage of the millions of new malware strains that appear every month are specifically created to attack previously defined targets. These attacks, known as targeted attacks, are becoming more common and will be highly significant during 2015.

Many companies are unaware that they could be the targets of such attacks and therefore do not have appropriate measures for detecting or stopping them.

(more…)

Q3-Image

PandaLabs Q3 Results: Trojans exceed PUPs in the third quarter

The results for the third quarter show that malware continues to break records, averaging at 227 747 new samples created daily.

The last four months has seen large high profile organisations fall victim to cyber-attacks; companies such as JP Morgan Chase, Target, Home Depot and online services such as Dropbox and iCloud.

The most recent victim is Sony. The hack on the company led to upcoming films and workers’ personal data, such as social security numbers and salaries being leaked online. The malware used in the attack was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other international organisations of the critical threat.

Trojans continue to be the most common malware during Q3, accounting for 75% of infections, compared to 62.80% in the previous quarter. PUPs ranked second, representing 14.55%of infections, decreasing since Q2. Adware/spyware comprises 6.88% of infections, worms at 2.09% and viruses at 1.48% – down since the second quarter.

The global infection rate increased from 36.87% in Q2 to 37.93% in Q3. The results for each country shows that China is still at the top, reaching an infection rate of 49.83%. China is followed by Peru at 42.38% and Bolivia at 42.12%.

Europe remains the region with the lowest infection rate, with nine European countries ranking in the top ten most secure countries.

The full report is available here.

South Korea Has the Highest Percentage of Infected Computers, According to PandaLabs Q2 Report

Panda Security’s anti-malware laboratory, PandaLabs today published its Quarterly Report for Q2, analysing the IT security events and incidents from April through June 2012. In the second quarter of 2012 alone, more than six million new malware samples were created, a similar figure to the first quarter.

South Korea Tops List of Infections per Country for First Time Ever

The average number of infected PCs across the globe stands at 31.63 percent, falling almost four percentage points compared to Q1, according to Panda Security’s Collective Intelligence data.  South Korea led this ranking (57.30 percent of infected PCs) for the first time ever, up by almost three percentage points compared to Q1. China took the second spot (51.94 percent), followed by Taiwan and Bolivia. The list of least infected countries is dominated by European countries with nine out of the first ten places being occupied by them, the only exception being Uruguay. The top-ranked country is Switzerland (18.40 of infected PCs), followed by Sweden (19.07 percent), the only nations with fewer than 20 percent of computers infected. Norway, United Kingdom, Uruguay, Germany, Ireland, Finland, Hungary and Holland are the other eight countries with the least malware infections.

Luis Corrons, technical director of PandaLabs, states: “The list of least infected countries is dominated by some of the world’s most technologically advanced nations, with the sole exception of South Korea. Even though there may be other factors that influence these results, there seems to be a clear connection between technological development and malware infection rates.”  

Countries with the most malware infections

Malware Statistics

Trojans continued to account for most of the new threats created this quarter (78.92 percent); worms took second place, comprising 10.78 percent of samples; followed by viruses at 7.44 percent. The last place was occupied by adware/spyware at 2.69 percent 

Interestingly, viruses continued their decline, moving from second place in the 2011 Annual Report (14.24 percent) to third place (7.44 percent) this quarter. Worms maintained their second position, rising from 9.30 percent last quarter to almost 11 percent this quarter.

When it comes to the number of infections caused by each malware category, Trojans once again topped the ranking, accounting for more infections than in the first quarter (76.18 percent compared to 66.30 percent). Viruses came second (7.82 percent), followed by worms (6.69 percent).

“It is interesting to note that worms have only caused six percent of infections despite accounting for almost 11 percent of all new malware”, says Corrons. “The figures corroborate what is well known: massive worm epidemics have become a thing of the past and have been replaced by an increasing avalanche of banking Trojans and specimens such as the Police Virus.”

 

The Quarter at a Glance

In the report, PandaLabs highlights several top security incidents that occurred during Q2: the proliferation and evolution of the so-called ‘Police Virus’ from scareware to ransomware, and Flame, a cyber-espionage virus that has become one of the highlights of the year. 

The report also covers the latest cases of cyber-crime, such as a hacker attack on Wikipedia users, the exploitation of a major security hole in Iran’s banking system, and the new ways found by law enforcement agencies to fight data theft. Finally, it includes information about the latest attacks on mobile phones and social networking sites, the cyber-espionage operations between nations such as the United States and Yemen, or the traditional cyber-conflict between North and South Korea.

PandaLabs advises all users to keep their computers adequately protected with a solution like Panda Security’s free Panda Cloud Antivirus.

The quarterly report can be downloaded from: http://press.pandasecurity.com/press-room/reports/