This year in cybercrime was… epic! Every prediction made last year has not only materialized, but exceeded expectations. Increases in attacks, technical sophistication and higher losses than ever imagined painted a new cyber reality in the past 12 months.

What was so different in 2015? Wasn’t it just more of the same? Well, not quite. As the year draws to an end, we can look back at some unprecedented cases that redefined risk and loss resulting from cyberattacks. There is a common denominator that groups them as one: The mob has fully moved into the Web. Even CSO Online has said, “There is no such thing as ‘disorganized cybercrime’ anymore.”

learn more about Cybercrime’s Relentless Progress in 2015

The Year in Cybercrime

Let’s look at some of the cybercrime headlines that made 2015 so unique:

  • The Carbanak case was a $1 billion heist that combined the elements of an APT attack, malware-facilitated fraud, ATM malware and high street crime. What’s most striking about Carbanak may be the combination of the words Carberp and Anunak (two malware gangs), which means that it was not the first time this attack was carried out. The Anunak gang actually rehearsed this attack type in 2013 and again in 2014. Since it never got caught, it orchestrated its biggest heist yet in 2015. If we do not learn enough from the billion-dollar case, we stand to see an even more brazen and extravagant attack in 2016.
  • The emergence of the Dyre gang and Dyre Wolf attacks also stuck out in 2015. Stealing big money from companies is not new, and other crime gangs have done it before, but no other gang was as methodical and bold as the Dyre group. Its criminal operators appear to have been behind the theft of $5.5 million from Irish budget airline Ryanair.
  • Evil Corp’s Dridex attacks escalated to multimillion-dollar heists, robbing Penneco Oil of $3.5 million in one day. After gaining deserved attention from international law enforcement, Dridex’s infrastructure was scheduled for a takedown attempt. But alas, the gang was evidently ready and survived the takedown only to continue and enhance its attacks on consumers and businesses.

Nowadays, security teams are not dealing with cybercriminals, thieves or a couple of black-hats who are after their customers or assets. We are dealing with full-blown evil organizations that operate in the shadows. They create advanced threats using a mix of deep technological savvy, top-notch reconnaissance and old-fashioned street crime. This results in monetary losses so grand that they are causing a shift in the economy, siphoning cash from bank accounts in Western countries, laundering money and using it to fund other criminal operations across the globe.

Learn More

To learn more about the state of organized cybercrime and the threat landscape, watch our on-demand webinar, “Cybercrime Reloaded – A Look Back and a Look Ahead” for a retrospective view of 2015 and predictions about what we can expect to see in 2016.

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-ranking banking trojan Ramnit out to steal payment card data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today