Story image

Cyber attackers are bolder, smarter and more daring

15 Mar 16

Cyber attackers are bolder, smarter and more daring, according to a new report from Trend Micro. 

In its annual security roundup, Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies, the security firm investigates what the most significant security incidents were for 2015. 

The research reveals attackers have stepped up their game when it comes to attack vectors, cyberespionage efforts and cyber underground activity on a global basis. 

“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” says Raimund Genes, CTO, Trend Micro.

“The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organisational security strategies must be prepared to defend against a potentially greater onslaught in 2016,” Genes says.

“This realisation can help the security community better anticipate and respond to what attackers are trying to accomplish.”

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organizations being victimised. 

Ashley Madison, Hacking Team, the Office of Personnel Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed. 

According to the report, the healthcare industry witnessed its share of data breaches. Between Anthem and Premera Blue Cross, more than 90 million customers’ personal and sensitive data was exposed.

Additional report highlights include:
•    Pawn Storm and Zero-Days – In 2015 there were 11 zero-days discovered by Trend Micro researchers in addition to the long-running cyberespionage campaign Pawn Storm, which utilized several zero-day exploits to target high-profile organizations, including a U.S. defense organization, the armed forces of a NATO country and several foreign affairs ministries.
•    Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
•    Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
•    Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57.3 percent of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
•    Data Held Hostage – Crypto-ransomware rose to 83 percent of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
•    Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the U.S. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”