subscribe: Daily Newsletter

 

Extortion in 2015 sets stage for 2016 threats

0 comments

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organisations being victimised.
Ashley Madison, Hacking Team, the Office of Personnel Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed.
A majority of data breaches in the US in 2015 (41%) were caused by device loss, followed by malware and hacking.
These are among the findings of Trend Micro’s annual security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. The research confirms that attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis.
“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” says Raimund Genes, chief technology officer of Trend Micro. “The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organisational security strategies must be prepared to defend against a potentially greater onslaught in 2016. This realisation can help the security community better anticipate and respond to what attackers are trying to accomplish.”
Additional report highlights include:
* Pawn Storm and Zero-Days – In 2015, there were more than 100 zero-days discovered. In addition the long-running cyberespionage campaign Pawn Storm utilised several zero-day exploits to target high-profile organisations, including a US defense organisation, the armed forces of a NATO country and several foreign affairs ministries.
* Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
* Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
* Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57,3% of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
* Data Held Hostage – Crypto-ransomware rose to 83% of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
* Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the US. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.