Targeted cyberattacks logbook
Every day Kaspersky automatically processes around 400,000 new malicious files. Only one percent of these need manual work from a security expert, and only a tiny fraction of that 1% go to the company’s top-notch Global Research and Analysis Team (GReAT). Those chosen few samples belong to the rarest, most menacing new APTs (advanced persistent threats). Kaspersky Lab’s Targeted Cyberattack Logbook chronicles all of these ground-breaking malicious cybercampaigns that have been investigated by!
Discovery
First known sample
Name of attack
Current status
Number of targets
- 1-100
- 100-1000
- 1000-3000
- 3000-10000
- 10000-300000
Use your mouse to move table to the left or to the right
Research stages
- Adding detection for known modules
- Collecting samples
- Reversing the samples
- Decrypting sophisticated encryption and compression schemes
- Understanding lateral movement
- Outlining multiple attack stages in the correct order
- Mapping C&C infrastructure
- Setting up sinkholes
- Analyzing collected traffic and communication protocols
- Crawling other hosts that understand the same protocol
- Taking down and acquiring images of C&C servers
- Identifying victims, sending out notifications to victims and global CERTs
- Applying forensic analysis and extracting logs, stolen files, other components
- Collecting and analyzing data from KSN, C&C servers, individual victims who are willing to work with us, sinkholes, crawlers, etc.
- Writing a comprehensive report
Mitigation strategies
Mitigation is where enterprises need to start, prevention being significantly more effective and more cost-efficient than remediation after an attack Read more