Kaspersky said that threat actors are using spear-phishing and waterhole attacks, but no zero-day exploits, and said that popular Trojans Havex and Sysmain are used regularly alongside backdoors like ClientX and Karagany. Some of the various programs are being used to help gather data from industrial control systems – and Havex has reportedly been used for such attacks in recent times.
One contested issue is the origin of the hackers; US-based threat intelligence firm CrowdStrike previously claimed that the attackers were of Russian origin and hence called the campaign ‘Energetic Bear' while Kaspersky says that that is still to be determined.
Most of the C&C infrastructure used by the Crouching Yeti attackers is located in the US, with other servers spread across UK, Germany and Russia.
Data breaches becoming more common – and damaging
A study released at the start of this week revealed a general theme of 2014 – data breaches have become a regular occurrence and yet companies are still to see the hidden damages.
Just weeks after ecommerce giant eBay revealed that its own data breach in May had seen a slump in user activity and revenues, SafeNet published its second quarterly report on the Breach Level Index, a public data breach database which calculates their severity based on multiple dimensions.
The study revealed that more than 375 million customer records were stolen in the first half of 2014, as a result of 559 global breaches, but worse still was the finding that 237 breaches (compromising 175 million customer records of personal and finance information) had come between April and June alone. As an aside, just 10 of these 237 reported incidents saw companies using encryption.
It went on to note that malicious outsiders are responsible for 99 percent of records being stolen, and that healthcare and retail are increasingly being sought – such is their collection of financial records and personal information. Just 10 of the reported 237 data breach incidents saw companies use encryption technologies.
In addition, SafeNet also announced the findings of a global survey of more than 4,500 adult consumers in which 65 percent of respondents said they would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach where financial data was stolen.