2015 was a very interesting year. As you likely recall, 2014 was considered by many to be the year of the data breach. 2015 saw plenty of action, but nothing like the huge retail point-of-sale (POS) breaches we saw in late 2013 and early 2014. This past year, by contrast, we witnessed the health care industry — formerly on the sidelines of the cyber war — become a prime target. In fact, five of the eight largest health care security breaches of the last five years happened during the first six months of 2015.

Breaches of Note in 2015

There were also some breaches of significance not due to the number of users affected, but for their ongoing ramifications. One example is the breach of the U.S. Office of Personnel Management (OPM). Over time, the number of people who might have been affected by the breach grew to more than 22 million, The Washington Post reported. It is not just the number of users but the depth of the information the attackers obtained through the breach that is of concern. The compromised information may have included detailed data from security clearance and background checks, even fingerprints.

Then there was the breach of the company Hacking Team, which creates and sells surveillance software. This not only provided information on the company and its customers (which included governments), but also unleashed multiple zero-day exploits for Adobe Flash Player on the world, Trend Micro reported. They appear to have been created by the company for use in its offensive software products.

Then there’s the infamous Ashley Madison breach, which was of great public interest simply due to the site’s purpose. The details of more than 30 million users were obtained by the attackers and then published online, creating more than a little discomfort for many users who would probably have preferred their information remained private.

Due to the nature of the Ashley Madison site and the information, there were also attempts to extort money from victims of the data breach by claiming the details could be removed for a fee or threatening to forward the user information to third parties unless the extortionist was paid.

Ransomware and Other Attack Vectors Grow

Speaking of extortion, 2015 also saw significant extortion-related activity. Ransomware such as Cryptowall had a big year, possibly due to exploit kits that reduced the level of skill required by an attacker to carry out such an attack. There was also an increase in the use of threats such as distributed denial-of-service (DDoS) attacks to extort money from victims. At the beginning of 2015, the name DD4BC was perhaps most commonly connected with these attacks.

But as the year progressed, a new name — Armada Collective — emerged as the one most associated with DDoS attacks. The basic attack methodology remains the same, but there is a variance in the delivery mechanisms and content of the threatening messages that use the Armada Collective name. The attacks have been targeting financial institutions and are not limited to a single geography. This suggests that there may be multiple entities operating under a single moniker.

Vulnerabilities Led to Attacks

Last year, when we looked at vulnerabilities through 2014, it was easy to pick two as the year’s most significant: Heartbleed and Shellshock. While there was no shortage of vulnerabilities in 2015, we didn’t see any on that level. However, one product stood out this year: the ubiquitous Adobe Flash Player.

In December alone, Adobe patched almost 100 vulnerabilities in Flash. While Adobe is responsive and provides fixes promptly for vulnerabilities brought to its attention, it is not uncommon for flaws to be discovered only when they’re being exploited in the wild.

Of course, vulnerabilities can lead to malware, and 2015 had a lot of activity from malware used to commit financial crimes. We shouldn’t forget the age-old spam and scam issues. What changed through 2015 with these threats? Well, not a lot, really — there was more evolution and refinement. Attachments and links in emails are still utilized by attackers to infect systems or direct victims to malicious URLs. Spear phishing remains one of the more successful vectors used to breach companies.

Advice for 2016

You’ve probably read plenty of articles providing predictions for the cybersecurity landscape in 2016. Rather than attempt to predict the future, I’d prefer to offer some simple advice to help protect you from current and future threats:

  • As Adobe Flash demonstrated, patching is of utmost importance to stay secure. Yes, there will often be lag time between the discovery of a vulnerability and its being fixed in an update, but keeping operating systems and applications (including on mobile devices) up to date will go a long, long way toward keeping you safe from exploitation.
  • Keeping antivirus software and signatures updated is a must.
  • User training in the dangers of emails and links can help prevent a spear phishing attack from being successful.

Sounds easy, doesn’t it? But these simple steps truly can be the difference between investigating an alert versus investigating a breach.

Read the latest threat reports from the IBM Managed Security Services Threat Research Group

More from Threat Research

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read