January 13, 2016 By Lyndon Sutherland 3 min read

2015 was a very interesting year. As you likely recall, 2014 was considered by many to be the year of the data breach. 2015 saw plenty of action, but nothing like the huge retail point-of-sale (POS) breaches we saw in late 2013 and early 2014. This past year, by contrast, we witnessed the health care industry — formerly on the sidelines of the cyber war — become a prime target. In fact, five of the eight largest health care security breaches of the last five years happened during the first six months of 2015.

Breaches of Note in 2015

There were also some breaches of significance not due to the number of users affected, but for their ongoing ramifications. One example is the breach of the U.S. Office of Personnel Management (OPM). Over time, the number of people who might have been affected by the breach grew to more than 22 million, The Washington Post reported. It is not just the number of users but the depth of the information the attackers obtained through the breach that is of concern. The compromised information may have included detailed data from security clearance and background checks, even fingerprints.

Then there was the breach of the company Hacking Team, which creates and sells surveillance software. This not only provided information on the company and its customers (which included governments), but also unleashed multiple zero-day exploits for Adobe Flash Player on the world, Trend Micro reported. They appear to have been created by the company for use in its offensive software products.

Then there’s the infamous Ashley Madison breach, which was of great public interest simply due to the site’s purpose. The details of more than 30 million users were obtained by the attackers and then published online, creating more than a little discomfort for many users who would probably have preferred their information remained private.

Due to the nature of the Ashley Madison site and the information, there were also attempts to extort money from victims of the data breach by claiming the details could be removed for a fee or threatening to forward the user information to third parties unless the extortionist was paid.

Ransomware and Other Attack Vectors Grow

Speaking of extortion, 2015 also saw significant extortion-related activity. Ransomware such as Cryptowall had a big year, possibly due to exploit kits that reduced the level of skill required by an attacker to carry out such an attack. There was also an increase in the use of threats such as distributed denial-of-service (DDoS) attacks to extort money from victims. At the beginning of 2015, the name DD4BC was perhaps most commonly connected with these attacks.

But as the year progressed, a new name — Armada Collective — emerged as the one most associated with DDoS attacks. The basic attack methodology remains the same, but there is a variance in the delivery mechanisms and content of the threatening messages that use the Armada Collective name. The attacks have been targeting financial institutions and are not limited to a single geography. This suggests that there may be multiple entities operating under a single moniker.

Vulnerabilities Led to Attacks

Last year, when we looked at vulnerabilities through 2014, it was easy to pick two as the year’s most significant: Heartbleed and Shellshock. While there was no shortage of vulnerabilities in 2015, we didn’t see any on that level. However, one product stood out this year: the ubiquitous Adobe Flash Player.

In December alone, Adobe patched almost 100 vulnerabilities in Flash. While Adobe is responsive and provides fixes promptly for vulnerabilities brought to its attention, it is not uncommon for flaws to be discovered only when they’re being exploited in the wild.

Of course, vulnerabilities can lead to malware, and 2015 had a lot of activity from malware used to commit financial crimes. We shouldn’t forget the age-old spam and scam issues. What changed through 2015 with these threats? Well, not a lot, really — there was more evolution and refinement. Attachments and links in emails are still utilized by attackers to infect systems or direct victims to malicious URLs. Spear phishing remains one of the more successful vectors used to breach companies.

Advice for 2016

You’ve probably read plenty of articles providing predictions for the cybersecurity landscape in 2016. Rather than attempt to predict the future, I’d prefer to offer some simple advice to help protect you from current and future threats:

  • As Adobe Flash demonstrated, patching is of utmost importance to stay secure. Yes, there will often be lag time between the discovery of a vulnerability and its being fixed in an update, but keeping operating systems and applications (including on mobile devices) up to date will go a long, long way toward keeping you safe from exploitation.
  • Keeping antivirus software and signatures updated is a must.
  • User training in the dangers of emails and links can help prevent a spear phishing attack from being successful.

Sounds easy, doesn’t it? But these simple steps truly can be the difference between investigating an alert versus investigating a breach.

Read the latest threat reports from the IBM Managed Security Services Threat Research Group

More from X-Force

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today