Blueliv Releases Q3 2015 Global Cyber Threat Report


analyzed data

Between July and September 2015 Blueliv detected and analyzed 5.5 million stolen credentials and credit cards, 300,000 targeted malware samples, and 500,000 crime servers through its cyber threat intelligence platform. Now, we want to share the analysis of this data with you in our Blueliv Global Cyber Threat Report.


In the third quarter of 2015, by far, the US continued to be the most targeted country for credit card theft, with 70% of the total volume seen by Blueliv. Most experts believe that the reason why the US has a disproportionately high amount of fraud is because it has been slow to adopt EMV, a global standard in which credit cards carry computer chips that cut down on counterfeiting by dynamically authenticating card transactions. Countries that have deployed EMV have enjoyed a decrease in counterfeit fraud as a result.

South Korea, Mexico and Canada are the countries that follow US in card information theft, but as it can be seen in our info graphic, they are far away from the US.

Moreover, as we predicted some time ago, and due to the industrialization of cybercrime, POS targeted malware is proliferating. As many people and researchers have already noticed, 2015 has been the year of POS malware, as security vendors have been able to identify many new types such as Newposthings, Fighterpos, Poseidon, Pwnpos, Nitlovepos, logPOS, Bernhard, Alina and its evolutions like Joker and Katrina among others.

There’s a common pattern among all of them, they usually scrape processes memory with regular expressions to hunt credit cards managed by POS software during online payment transactions, being that a real alternative of the well-known ATM skimming technique.


Data brcredential thefts by countryeaches and credential thefts, which include all types of sensitive information, keep growing.

This quarter Ukraine, Taiwan and UK have been the countries that have suffered the highest amounts of credential thefts using form grabber malware or bankers, with the 18%, 11% and 8%, respectively.

credential thefts by industry

In terms of the industries, Media, Social Networks & Advertising, Technology & Telcos, Gambling & Gaming, Financial Services and Retail have been the most affected ones.

In order to find out if your organization has compromised credentials, we invite you to register for our 20-day free trial version of our solution to protect from Botnets and C&C threats, which will enable you to detect internal and external infections in your computers, retrieve your compromised credentials and protect your business and users from potential damage such as being part of a botnet network, data theft or other cyber threats.


The amount of analyzed botnets and their geographical distribution has increased from 39% to 53% in US this quarter, while the European Union has gathered 31% of the analyzed botnets.


As for the geolocation of malware crime servers, US and China continued being the countries with the highest amount of malware, as 34% of the malware was located in US and another 28% in China.


Regarding malware, the most common malware type found and analyzed this quarter has once again been the Trojan Banker Dyre, with 33% of the malware samples. With 16% of the total, Pony holds the second position, and is followed by Gozi-Vawtrak (16%) and Zeus (11%). Notice that this quarter Dridex has disappeared out of our top 10 malware distribution list. The reason is the take-downs the gang has suffered from law enforcement entities. All these take-down attempts have regulated the malware distribution through spam campaigns, being these campaigns far less aggressive than last year’s and they have been carefully launched by cyber criminals themselves.

malware types

As we have stated on previous occasions, the increase in the amount of malware found in the wild, is due to the industrialization of cyber crime. This industrial ecosystem has grown more and more, consequently improving and strengthening all threats.

It is universally known that no one, individual or company, can hope to find and neutralize every threat that can be found in the wild. The only way for us, the security companies and professionals, to protect the end-user is to be one step ahead of cyber criminals, but that’s impossible as long as we don’t collaborate and share intelligence on our findings and investigations.

At Blueliv, we believe that sharing expertise and intelligence is the key to getting the upper hand in an ever-changing war on cybercrime. In order to be part of this ecosystem, we have created a community where you can obtain live data about crime servers activity, analyze your IPs to see if they are interacting with crime servers or access the Blueliv’s global intelligence.

Download Blueliv’s Q3 2015 Cyber Threat Intelligence Report now!

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP