2015 was a very interesting year. As you likely recall, 2014 was considered by many to be the year of the data breach. 2015 saw plenty of action, but nothing like the huge retail point-of-sale (POS) breaches we saw in late 2013 and early 2014. This past year, by contrast, we witnessed the health care industry — formerly on the sidelines of the cyber war — become a prime target. In fact, five of the eight largest health care security breaches of the last five years happened during the first six months of 2015.

Breaches of Note in 2015

There were also some breaches of significance not due to the number of users affected, but for their ongoing ramifications. One example is the breach of the U.S. Office of Personnel Management (OPM). Over time, the number of people who might have been affected by the breach grew to more than 22 million, The Washington Post reported. It is not just the number of users but the depth of the information the attackers obtained through the breach that is of concern. The compromised information may have included detailed data from security clearance and background checks, even fingerprints.

Then there was the breach of the company Hacking Team, which creates and sells surveillance software. This not only provided information on the company and its customers (which included governments), but also unleashed multiple zero-day exploits for Adobe Flash Player on the world, Trend Micro reported. They appear to have been created by the company for use in its offensive software products.

Then there’s the infamous Ashley Madison breach, which was of great public interest simply due to the site’s purpose. The details of more than 30 million users were obtained by the attackers and then published online, creating more than a little discomfort for many users who would probably have preferred their information remained private.

Due to the nature of the Ashley Madison site and the information, there were also attempts to extort money from victims of the data breach by claiming the details could be removed for a fee or threatening to forward the user information to third parties unless the extortionist was paid.

Ransomware and Other Attack Vectors Grow

Speaking of extortion, 2015 also saw significant extortion-related activity. Ransomware such as Cryptowall had a big year, possibly due to exploit kits that reduced the level of skill required by an attacker to carry out such an attack. There was also an increase in the use of threats such as distributed denial-of-service (DDoS) attacks to extort money from victims. At the beginning of 2015, the name DD4BC was perhaps most commonly connected with these attacks.

But as the year progressed, a new name — Armada Collective — emerged as the one most associated with DDoS attacks. The basic attack methodology remains the same, but there is a variance in the delivery mechanisms and content of the threatening messages that use the Armada Collective name. The attacks have been targeting financial institutions and are not limited to a single geography. This suggests that there may be multiple entities operating under a single moniker.

Vulnerabilities Led to Attacks

Last year, when we looked at vulnerabilities through 2014, it was easy to pick two as the year’s most significant: Heartbleed and Shellshock. While there was no shortage of vulnerabilities in 2015, we didn’t see any on that level. However, one product stood out this year: the ubiquitous Adobe Flash Player.

In December alone, Adobe patched almost 100 vulnerabilities in Flash. While Adobe is responsive and provides fixes promptly for vulnerabilities brought to its attention, it is not uncommon for flaws to be discovered only when they’re being exploited in the wild.

Of course, vulnerabilities can lead to malware, and 2015 had a lot of activity from malware used to commit financial crimes. We shouldn’t forget the age-old spam and scam issues. What changed through 2015 with these threats? Well, not a lot, really — there was more evolution and refinement. Attachments and links in emails are still utilized by attackers to infect systems or direct victims to malicious URLs. Spear phishing remains one of the more successful vectors used to breach companies.

Advice for 2016

You’ve probably read plenty of articles providing predictions for the cybersecurity landscape in 2016. Rather than attempt to predict the future, I’d prefer to offer some simple advice to help protect you from current and future threats:

  • As Adobe Flash demonstrated, patching is of utmost importance to stay secure. Yes, there will often be lag time between the discovery of a vulnerability and its being fixed in an update, but keeping operating systems and applications (including on mobile devices) up to date will go a long, long way toward keeping you safe from exploitation.
  • Keeping antivirus software and signatures updated is a must.
  • User training in the dangers of emails and links can help prevent a spear phishing attack from being successful.

Sounds easy, doesn’t it? But these simple steps truly can be the difference between investigating an alert versus investigating a breach.

Read the latest threat reports from the IBM Managed Security Services Threat Research Group

More from Threat Research

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Defending Education from Cyber Threat Attackers

Threat actors — and particularly ransomware attackers — have education institutions in their crosshairs. From Vice Society’s September attack on schools in California to Snach’s late October assault on schools in Wisconsin, threat actors are not holding back when it comes to preying on schools. K-12 schools are the most vulnerable within the education industry, with many having only small staffs and even smaller budgets for defending against attacks. In addition, attacks have trickle-down effects on school staff, students and…

What Hurricane Preparedness Can Teach Us About Ransomware

Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face. While we can’t equate the…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…