With the emerging use of computers there is many data and valuable information generated day by day. This also creates a need of stealing others data and information when competitors stand in the market. Malwares are the best way to do so, as it can be in the form of Trojans and backdoors. Energetic Bear, Crouching Yeti and Stuxnet are among the very popular malwares which spreads in your network and gather the information and transmit to their origins.

Image Credits: https://www.flickr.com/photos/drewcoffman/5829907887
Image Credits: https://www.flickr.com/photos/drewcoffman/5829907887

Kaspersky Lab,  a major security solution for endpoint users has mentioned in their research that the computers worldwide are still under attack with malwares like Energetic Bear, Crouching Yeti and Stuxnet. These codes work as a campaign which collect data and send it to their origin. This all started by distributing the code which is the malware in the form of Spear Phishing using PDF documents embedded with a flash exploit, Trojanized software installers and Waterhole attacks using a variety of re-used exploits.

[symple_box color=”blue” fade_in=”false” float=”center” text_align=”left” width=””]
What is Energetic Bear/Crouching Yeti?

Energetic Bear/Yeti is an actor involved in different campaigns dating back to at least the end of 2010. It uses different techniques to spread its malware, most notably the repackaging of legitimate software installers and waterhole attacks. The victims, from several different sectors, are infected with backdoors.

[symple_box color=”blue” fade_in=”false” float=”center” text_align=”left” width=””]
What is Stuxnet?

Stuxnet is a computer worm that was discovered in June 2010 and is designed to attack industrial Programmable Logic Controllers or PLCs. PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks.

Related Post: Stuxnet Is A Virus Code: But Not Yet Deactivated.

As per the report from Kaspersky, 2800 victims were observed worldwide. The major areas of interest for stealing the data was from Industrial/machinery building sector, Manufacturing,     Pharmaceutical, Construction, Education and Information technology. The interesting part is that the most targeted countries are: United States, Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland and China.

Energetic Bear, Crouching Yeti and Stuxnet are still not secured reports Kaspersky_buggingweb_1

Kaspersky Labs also mentioned that the distribution of such kinds of malwares and exploits due to outdated Operating Systems without updated service patches. According to the report, which was made on the basis of Kaspersky Lab products 64.19% detections were registered over the last eight months in Windows XP and 27.99% were on Windows 7. This is not all, even Windows Server 2003 and 2008 also reported detections of such exploits(3.99% and 1.58% respectively). Windows 8.1 is also listed in the report but with regular security updates it was able to avoid such malwares.

Energetic Bear, Crouching Yeti and Stuxnet are still not secured reports Kaspersky_buggingweb_2

Geographical distribution of all registered detections is alarming as many countries still using outdated Operating System without any security solutions. Vietnam (42.45%), India (11.7%) and Algeria (5.52%) are among the leading countries which is detected with the most dangerous Windows vulnerabilities according to Kaspersky Labs.

These vulnerabilities occur due to outdated and least updated Operating System(OS). No updated security solutions will be able to give a good secured service for any outdated OS. Therefore it is very important to keep almost all the installed software updated and above all, the Operating System should be updated with new available security patches. The new security patches are made on the basis of research about the most recent virus/malware attacks and thus protect data and information.

If you like this blog, please follow me on Twitter @buggingweb, like the Facebook page and add us in your Google Profile.

http://securelist.com/blog/research/65240/energetic-bear-more-like-a-crouching-yeti/ https://securelist.com/blog/research/65367/the-echo-of-stuxnet-surprising-findings-in-the-windows-exploits-landscape/