First Line of Defense: 2015 Threat Trends and the New Status Quo in Cybersecurity

3 years ago

Text only:

This message contains graphics. If you do not see the graphics, click here to view.
View the Web version.
First Line of Defense
Your regular source of security updates from TrendLabs
March 31, 2016

2015 Threat Trends and the New Status Quo in Cybersecurity


Attackers have upped their game. Recent incidents of breaches no longer ended with intrusion or data exfiltration alone. In 2015 we witnessed the prevalence of incidents wherein organizations’ troves of valuable data were at the mercy of cybercriminals and attackers.

The Ashley Madison breach, for instance, didn’t just subject its users to embarrassment, but also to extortion when users were coerced to pay in exchange for anonymity. A surveillance company, called the Hacking Team, also suffered from a breach that included several vulnerabilities and exploits that were used in other cyber attacks. Should breaches of this magnitude continue, we can expect to see more destructive attacks– with greater implications on companies and customers as well.

"These paradigms reveal how organizations should adopt a more comprehensive approach to security as more potent attacks lie ahead."
Vulnerable platforms, such as Adobe®, Windows®, and Java™, also continued to be targeted using zero-day exploits. The long-running cyber espionage campaign Pawn Storm is known to utilize Adobe and Java zero-days in its spear-phishing attacks among several foreign affairs ministries.

For cybercrime, underground markets have evolved to match the most profitable products and services per region. Established Chinese and Russian marketplaces remained to be leaders in terms of technological advancements. These underground economies quickly adopted improvements in payment systems and sales automation. Less-developed markets were able to slowly make headway with cybercrime trends. Transactions within the Brazilian cybercriminal underground, for example, are blatantly advertised through social media sites because of lax regulations. Meanwhile, the Japanese underground thrived on exclusivity and the taboo in spite of the nation’s strict laws. Trends in the cybercriminal underground are important for local law enforcement agencies to consider so they can ensure the safety of their citizens.

Developments in 2015 have also fostered the expansion of interconnectivity. Together with these developments are the growing risks in the Internet of Things (IoT). Successful hacks on smart cars, gas pump monitoring systems, among others, serve as proofs of concept (POCs) for the potentially serious and even fatal damages of unsecure connected devices. In addition, devices running on different operating systems also make security updates more complex and open for compromise.

Other topics highlighted in the report:

Angler, the King of Exploit Kits: The Angler Exploit Kit was heavily incorporated into malvertisements and vulnerabilities throughout 2015, making it the most used exploit due to its easy integration.
Data Held Hostage: Ransomware, led by the crypto-ransomware variant called Cryptowall, has evolved with its modus operandi and targets.
Takedowns versus DRIDEX: Despite the takedown of the banking malware DRIDEX in 2015, the previous year also saw its resurgence through command-and-control (C&C) servers hosted on bulletproof hosting services (BPHS).

Traditional strategies are no longer sufficient to protect an organization’s assets. These paradigms reveal how organizations should adopt a more comprehensive approach to security as more potent attacks lie ahead. Read our annual security roundup, Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies, to learn about the developments in the security landscape and how you can protect your organization from these threats.


Security Spotlight
KeRanger: First Ransomware to Target Mac Users

Ransomware has made the jump to Mac. Learn more about KeRanger, the first known ransomware to infect OS X machines, in our article.

Security for Home Users
Internet of Things: Connected Life Security

Trend Micro and Ponemon Institute conducted a study on how IoT affects the privacy and security of users. How much of the IoT will consumers embrace to experience the benefits of a more “connected” life?

Security for Business
Seagate Employees Face Possible Tax Fraud in a Phishing Attack

A Seagate employee discloses thousands of employees’ tax information after falling victim to a phishing attack. Read more in our article.

© 2016 Trend Micro Incorporated




Deel deze nieuwsbrief op

© 2019