This year in cybercrime was… epic! Every prediction made last year has not only materialized, but exceeded expectations. Increases in attacks, technical sophistication and higher losses than ever imagined painted a new cyber reality in the past 12 months.

What was so different in 2015? Wasn’t it just more of the same? Well, not quite. As the year draws to an end, we can look back at some unprecedented cases that redefined risk and loss resulting from cyberattacks. There is a common denominator that groups them as one: The mob has fully moved into the Web. Even CSO Online has said, “There is no such thing as ‘disorganized cybercrime’ anymore.”

learn more about Cybercrime’s Relentless Progress in 2015

The Year in Cybercrime

Let’s look at some of the cybercrime headlines that made 2015 so unique:

  • The Carbanak case was a $1 billion heist that combined the elements of an APT attack, malware-facilitated fraud, ATM malware and high street crime. What’s most striking about Carbanak may be the combination of the words Carberp and Anunak (two malware gangs), which means that it was not the first time this attack was carried out. The Anunak gang actually rehearsed this attack type in 2013 and again in 2014. Since it never got caught, it orchestrated its biggest heist yet in 2015. If we do not learn enough from the billion-dollar case, we stand to see an even more brazen and extravagant attack in 2016.
  • The emergence of the Dyre gang and Dyre Wolf attacks also stuck out in 2015. Stealing big money from companies is not new, and other crime gangs have done it before, but no other gang was as methodical and bold as the Dyre group. Its criminal operators appear to have been behind the theft of $5.5 million from Irish budget airline Ryanair.
  • Evil Corp’s Dridex attacks escalated to multimillion-dollar heists, robbing Penneco Oil of $3.5 million in one day. After gaining deserved attention from international law enforcement, Dridex’s infrastructure was scheduled for a takedown attempt. But alas, the gang was evidently ready and survived the takedown only to continue and enhance its attacks on consumers and businesses.

Nowadays, security teams are not dealing with cybercriminals, thieves or a couple of black-hats who are after their customers or assets. We are dealing with full-blown evil organizations that operate in the shadows. They create advanced threats using a mix of deep technological savvy, top-notch reconnaissance and old-fashioned street crime. This results in monetary losses so grand that they are causing a shift in the economy, siphoning cash from bank accounts in Western countries, laundering money and using it to fund other criminal operations across the globe.

Learn More

To learn more about the state of organized cybercrime and the threat landscape, watch our on-demand webinar, “Cybercrime Reloaded – A Look Back and a Look Ahead” for a retrospective view of 2015 and predictions about what we can expect to see in 2016.

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today