Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies

Dissecting Data Breaches

Data breaches do not just end with scandal. If 2015’s incidents are to go by, we can expect more potent attacks resulting from compromised data. The users affected by the Ashley Madison breach, for example, not only had to endure embarrassment, they also experienced rounds of online extortion after their personal data was was publicly leaked. Milan-based IT-company, Hacking Team also had a rough year after their data, which included a database of vulnerabilities and exploits, was used in cyberattack campaigns in Japan and Korea.

[Read: Hacking Team Flash Zero-Day Tied To Attacks In Korea and Japan… on July 1]

The previous year's top reported incidents were consistent with the analysis we did on data breaches. Healthcare remained the most affected industry, with the Anthem and Premera Blue Cross breaches as the most notable incidents. Combined, over 90 million patient records were exposed. This included social security numbers, clinical data, and even some financial details.

On a federal level, the U.S. Office of Personnel Management (OPM) breach—one of the largest government-related breaches in US history—exposed the personal information of around 21.5 million federal employees, including retirees.

[Read: Follow the Data: Dissecting Data Breaches and Debunking the Myths]

Pawn Storm Zero-Days and Other Vulnerabilities

The Hacking Team breach resulted in the discovery of several zero-day vulnerabilities in Adobe, Windows, and Java. These same vulnerable platforms were also targeted using other zero-days in Pawn Storm—a long-running cyberespionage campaign we’ve been monitoring since 2014.

Pawn Storm is known to use zero-days in credential phishing attacks. The targets of this ongoing campaign include high-profile personalities in the United States and Ukraine, and even political figures in Russia.

[Read: Operation Pawn Storm: Fast Facts and the Latest Developments]

Although not zero-days, other notable vulnerabilities discovered this year exposed weaknesses in mobile platforms. The Android MediaServer vulnerability, for instance, allowed attackers to either render devices silent or force them into an endless reboot.

Deep Web and Underground Explorations

The regional cybercrime trends of 2015 paint a picture of a thriving global underground economy, which should be a concern not only for the security industry but for international law enforcement. The Russian and Chinese markets remain global leaders in the development of crimeware. Forays into the Chinese underground reveal technological advancements in credit card skimming and the querying of stolen data.

[Read: Prototype Nation: Innovations in the Chinese Cybercriminal Underground]

Newer marketplaces like that of Brazil and Japan are slowly building communities of would-be cyber crooks. Due to looser penalties for cybercrime in Brazil, underground players in that country brazenly operate through public channels and social media. In the case of Japan, it is the opposite. Strong law enforcement efforts directed against organized criminal groups may start driving young tech-savvy recruits to migrate their operations underground.

[Read: Think, Learn, Act — Training for Aspiring Cyber Criminals in the Brazilian Underground]

Should both these marketplaces move deeper into darknets, it will be crucial for law enforcement to partner with security researchers so they can keep tabs on illegal activities that may become detrimental to the well-being and safety of their citizens.

Smart Technology Nightmares

The contention regarding the safety of IoT devices (Internet of Things) may have been settled in 2015 as hacks on smart technology were brought to the fore. Our homegrown GasPot research on automated pump systems resulted in actual attacks, 20 in six months. If attackers from across the globe were able to tamper with these IoT devices, what else could they do to fully automated systems?

[READ: The GasPot Experiment: Hackers Target Gas Tanks]

We also conducted research on Škoda Auto’s SmartGate System and found that it is possible to tamper with a smart car’s data from a certain range. Other researchers were able to simulate successful hacking attempts, like the Jeep Cherokee hack that showed that it was possible to kill a vehicle’s engine in the middle of a highway. These incidents put pressure on device manufacturers to consider user safety and security while making their devices ready for connectivity.

[READ: Is Your Car Broadcasting Too Much Information?]

Given their susceptibly to attacks, IoT devices within the enterprise ecosystem can become liabilities. Unlike Android devices, which already have fragmentation problems of their own, IoT devices run on several different platforms, making device and system updates as well as data protection more complex than ever

[READ: 2016 Trend Micro Security Predictions: The Fine Line]

The Trend Micro Smart Protection Network™ blocked over 52 billion threats in 2015, a 25% decrease from 2014. This decrease is consistent with the downward trend of system infections since 2012, caused by attackers who have become more selective of their targets as well as the shift in technologies they use.

Despite takedown efforts at the beginning of the fourth quarter of 2015, DRIDEX, the online banking malware, still emerged the top malware we detected by the end of the year. This is partly due to bulletproof servers hosting DRIDEX C&C infrastructure. It is crucial to not only block these said servers, but to also identify and take them down.

Angler dominated as the king of exploit kits throughout 2015. The reason behind this is Angler’s design, which makes it easier to integrate the kit into cybercriminal operations and campaigns like Pawn Storm.

Rounding up the prominent malware threats of the previous year is ransomware. In a span of twelve months, it has evolved not only in functionality but also in its modus operandi and targets.