Use the timeline below to journey through the years of public-private partnerships in the fight against cybercrime.
DOWNLOAD FULL REPORT
The cybercriminal underground could have started with Russian carding forums and marketplaces where criminals offered stolen payment card details to anyone who wished to carry out identity theft and phishing attacks. Payment card owners were usually subjected to phishing attacks that gave cybercriminals unrestricted access to their personally identifiable information (PII). Stolen details were sold to other criminals who then produced fake payment cards. Probably the biggest of such sites was CarderPlanet, which was founded in 2001 by Dmitry Ivanovich Golubov, along with Roman Vega and Vladislav Anatolievich Horohorin.
2011 was dubbed the "Year of Data Breaches," as the world witnessed organizations succumb to targeted breach attacks and lose what we call the new digital currency—information. The year was particularly challenging for the security industry, as several breached organizations soiled their reputations by losing confidential information and spending huge sums of money to fix damages. Victims like RSA and Sony PlayStation were left with no other choice but to publicly disclose facts about the attacks against their infrastructure so their customers could ensure proper mitigation.
We declared 2012 the “post-PC era,” as cybercriminals started moving away from previously favored targets to focus instead on attacking Android™, social media platforms, and even Macs. It took Android devices less than three years to reach the volume of threats (led by premium service abusers and data stealers) that it took 14 years for PCs to reach. The question was no longer if a system would be breached, but when, as data breach and targeted attacks became the new norms.
2013 was a challenging year for users worldwide, as refined online threats posed serious risks to their digital lives. Daily online banking and other financial transactions put users’ private information and wallets at great risk. Online banking malware like ZeuS/ZBOT took center stage in terms of scale. 2013 was also marred by threats like the Black Hole Exploit Kit, mobile malware, and the beginnings of ransomware like CryptoLocker.
2014 showed just how destructive cyberattacks could be to individuals and companies alike. Substantive financial losses and irreparable reputation damage ran rampant. The severity of attacks and their effects revealed one thing—the risk of becoming the next cyberattack victim has intensified. Massive data breaches were aided by point-of-sale (PoS) RAM scrapers. Vulnerability exploit attacks targeting Heartbleed and Shellshock prominently figured as well. Much to the world’s detriment, established processes like two-factor authentication (2FA) also proved susceptible to threats, as evidenced by Operation Emmental.
2015 was a great year for the good guys, as it was marked by several successful global takedown and cybercriminal arrest activities. The takedown of long-standing botnets—Beebone/AAEH, SIMDA, Bugat/Cridex/Dridex—and criminal enterprises—Esthost/Rove Digital and reFUD.me—proved that cybercriminals were not above the law. Though tried-and-tested threats (zero-day exploits and malvertising tools like Superfish) continued to attack the simplest of blind spots that left individuals and organizations exposed, public-private partnerships (PPPs) between law enforcement agencies and security practitioners remained steadfast in keeping the world cybersecure.
2016 was an unprecedented year for cybersecurity in the enterprise space. It was indeed the year of online extortion, with ransomware leading the charge. Business email compromise (BEC) likewise raked in huge profits for cybercriminals while proving that social engineering was still very effective. Vulnerabilities in widely used platforms, including Supervisory Control and Data Acquisition (SCADA) systems, also surpassed volume records. 2016 was also marred by the biggest reported data breach in history while other organizations felt the effects of poor Internet of Things (IoT) security ushered in by the Mirai botnet attack.
2017 saw massive ransomware outbreaks turn into global events that cost enterprises billions of dollars. Familiar threats like BEC scams continued to be a consistent danger for enterprises as well. In addition, volatile cryptocurrencies disrupted the threat landscape, as their value steeply and quickly rose. To function, cybercriminals reworked old techniques to take advantage of the cryptotrends and tried to exploit known vulnerabilities in new ways.
In 2018, digital extortion will be at the core of most cybercriminals’ business model. IoT device vulnerabilities will expand the attack surface along with smart environments. BEC scams will ensnare more organizations into forking over their money. The age of fake news and cyberpropaganda will persist with tried-and-tested cybercriminal techniques. Machine learning and blockchain applications will pose both promises and pitfalls. Companies will face the challenge of keeping up with General Data Protection Regulation (GDPR) directives. Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.