{"id":4938,"date":"2015-12-15T21:09:14","date_gmt":"2015-12-15T21:09:14","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4938"},"modified":"2019-11-15T07:00:12","modified_gmt":"2019-11-15T12:00:12","slug":"year-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/year-2015\/4938\/","title":{"rendered":"Year 2015: And so what was it like?"},"content":{"rendered":"

2015 is fading away and Christmas is now just ten days away. Securelist shared its Top Security Stories<\/a> rating last week, and we have our own list to share, though it\u2019s a bit different. Instead of picking a handful of top stories, we took a look at cybersecurity in 2015 in general. So, 2015 was the year when\u2026<\/p>\n

\u2026APTs threw the Jolly Roger<\/strong><\/p>\n

Early this year, Carbanak was announced, the first ever purely criminal APT campaign which cost banks worldwide a formidable sum \u2013 around $1 billion, according to early estimates.<\/p>\n

The full story is available here<\/a>.<\/p>\n

This was a rather sophisticated campaign targeting banks. Attackers used an array of tools, including the manual recon. Spearphishing letters were used to deploy Carberp-based backdoors into the victims\u2019 systems, then attackers started looking for relevant PCs they could use to get to the points where money could be actually extracted. ATMs were then instructed remotely to dispense cash without any interaction with the ATM itself, with the cash then collected by \u201cmules\u201d. Otherwise the SWIFT network was used to transfer money out of the organization and into criminals\u2019 accounts.<\/p>\n

The campaign is apparently still active as of the end of 2015: new versions of Carbanak-associated malware were detected as late as in September<\/a>.
\nAPTs were mostly associated with nation states previously, so that Securelist\u2019s own Targeted Cyberattacks Logbook pictures them as battleships. With Carbanak proving to be just about thievery with nothing but cash-loving criminals behind it, it\u2019s really like a ship under the black flag.<\/p>\n

\u2026Spies went after smaller players<\/strong><\/p>\n

Grabit was another head-turner this year: the first cyberespionage campaign targeting SMBs. Attackers were predicted to switch to \u201csofter targets\u201d previously. On the surface: every large enterprise has a large array of lesser suppliers, and while mainstay has possibly impenetrable cyberdefenses, satellites are not necessarily that well-protected. So the strategically-important data may be extracted indirectly, possibly with even less effort than in a case of a direct attack.<\/p>\n

\"wide\"<\/p>\n

More details are available here<\/a>.<\/p>\n

\u2026Two APT actors vampired each other<\/strong><\/p>\n

A pretty story publicized mainly by Securelist: While studying Naikon, one of the most active APT groups in Asia, Kaspersky Lab researchers stumbled upon yet another threat actor. Its codename \u2013 Hellsing \u2013 is derived from the famous Japanese manga about vampire-battling organization employing a (somewhat) redeemed vampire.<\/p>\n

The funny thing is that Hellsing has been attacking Naikon. That\u2019s, however, where the fun ends, as both APT campaigns are serious business. Read more about them here<\/a>.<\/p>\n

\"vampire\"<\/p>\n

A Russian-speaking APT group, Turla, was\u00a0discovered hiding its C&C servers in space. Or, to be more specific, it used satellite communications to hide tracks and infect its victims.<\/p>\n

They\u2019d been hiding well, but not well enough not to be discovered. The original stories are available here<\/a>\u00a0and here<\/a>, both are really worth reading.<\/p>\n

Years ago it seemed that Stuxnet was the first real cyberweapon that opened Pandora\u2019s box. Now it\u2019s clear it wasn\u2019t the first.<\/p>\n

In February, Kaspersky Lab announced discovery of Equation APT, a massive, decades-long cyberespionage framework. Some of its C&Cs have been registered as early as 1996, although the main one dates back to August 2001.<\/p>\n

Its main weapon \u2013 Fanny worm \u2013 was first reported in 2008; it used the same zeroday exploits Stuxnet used\u00a0two years later. Kaspersky Lab experts stated that Equation had been interacting with other powerful groups such as Flame and Stuxnet. It is possible that Equation is actually the \u201cmothership\u201d of multiple APTs \u2013 if not a direct ancestor of theirs<\/a>.<\/p>\n

\u2026Windows 10 arrived<\/strong><\/p>\n

While still trying to get rid of antique Windows XP, Microsoft served out its new OS, giving it away for free to the users of Windows 7 and 8.1.<\/p>\n

Arriving in late July, Windows 10 brought in a number of security improvements<\/a>\u00a0as well as (the quite usual) controversy, especially regarding its users\u2019 data and control over it. There is a thing or two to be worried about \u2013 Windows 10 really needs a thoughtful approach to\u00a0retain control over sensitive data<\/a>.<\/p>\n

\"An

An apparition from Windows<\/p><\/div>\n

On the brighter (perhaps) side, Microsoft adopted a more rigorous than ever approach to delivering the updates: the Home and Pro editions are automatically receiving all non-critical updates as they are released without the possibility of declining them, in addition to automatic driver updates. Pro versions are able to defer updates for a limited time, but not ignore them completely<\/a>.<\/p>\n

Microsoft was also quick to drop a behemoth patch<\/a> for the flaws discovered by early adopters. The patch arrived just a day after the official Windows 10 release date, which certainly generated lots of buzz\u2026 but would it be better without this update?<\/p>\n

\u2026The cars finally got hacked remotely<\/strong><\/p>\n

It was much feared before, and finally became a grim reality: car\u2019s onboard systems were hacked so badly that the brakes, transmission, steering and dashboard functions could be \u201cedited\u201d from across the country \u2013 via WiFi.<\/p>\n

As shown by two seasoned car-hackers \u2013 Charlie Miller and Chris Valasek \u2013 Chrysler\u2019s Jeep Cherokee onboard infotainment system is _not_ isolated from the critical dashboard functions, so that attackers can get a hold on the latter. It is an elementary sort of mistake, which shows that the venerable automaker seems to have saved big on very basic information security expertise.<\/p>\n

Here\u2019s the story in full<\/a>.<\/p>\n

\"jeep\"
\n\u2026Major ransomware campaigns and botnets were taken down (mostly)<\/strong><\/p>\n

While new threats get discovered all the time, law enforcement agencies together with private sector cybersecurity companies are tracking the perpetrators, and from time to time taking down the botnets and getting the crooks jailed.<\/p>\n

In the first half of 2015, Simda botnet was taken off the board, with 14 C&C servers in the Netherlands, USA, Luxembourg, Poland, and Russia taken down at once. Preliminary analysis of some of the sinkholed server logs revealed a list of 190 countries affected by the Simda botnet<\/a>.<\/p>\n

It stayed below the radar for a disturbingly long period<\/a>, too long for a large botnet \u2013 an invisible elephant, as it is.<\/p>\n

\"elephant\"<\/p>\n

It also has been a \u201cdistribution platform\u201d for other malware, which made it even more dangerous.<\/p>\n

In September, a couple of young Dutch individuals were arrested on suspicion of involvement in CoinVault ransomware attacks. The same individuals had been developing yet another ransomware \u2013 BitCryptor. Both ransomware campaigns have now,\u00a0essentially, stopped.<\/p>\n

In Autumn, a botnet behind Dridex \u2013 a sophisticated banking malware stealing credentials of online bank accounts worldwide \u2013 mostly went dark after police in Cyprus apprehended a Moldovan individual suspected in creation of this botnet.<\/p>\n

The full story<\/a> is available here.<\/p>\n

A large ransomware campaign linked to a notorious Angler exploit kit had been dismantled, bringing the kit\u2019s activity down 50%. Unfortunately, not entirely, as it seems to be alive as of now, serving CryptoWall to its victims<\/a>.<\/p>\n

Criminals go to great lengths to keep their tools of the trade afloat, so it will take time to bring Angler down completely.<\/p>\n

\u2026FBI told to pay the ransom<\/strong><\/p>\n

It was a not-so-mild scandal when a high-ranking FBI representative acknowledged his agency often recommended that ransomware victims pay the ransom if the data was critically important and there were no backups.<\/p>\n

As \u201cdisquieting\u201d as it was, this message was actually very fair: some strains of ransomware are uncrackable as of now, since they use strong encryption algorithms. So, unless the FBI or some other LEA apprehend the Crypto-something authors and pry the decryption keys from them, there\u2019s no way to decrypt the affected files. Even a supercomputer will take eons to crack RSA 2048 bit key of CryptoWall 3, for instance.<\/p>\n

\"main\"<\/p>\n

The only way here is to have all appropriate precautions in place \u2013 mainly backing up files regularly in the unpowered data storage.<\/p>\n

The full story is available here<\/a>.<\/p>\n

\u2026Many predictions came true<\/strong><\/p>\n

In late 2014, Securelist published predictions for how the world of cyber threats may evolve in 2015. Four of the nine predictions we made were directly connected with threats to businesses, and most of the predictions proved accurate \u2013 three of the four business-related threats have already been fulfilled.<\/p>\n

\"ball\"<\/p>\n

Cybercriminals embraced APT tactics for targeted attacks;\u00a0APT groups fragmented and diversified attacks; ATM and PoS attacks escalated indeed. The only miss is \u201cattacks against virtual payment systems\u201d \u2013 and it\u2019s good when the bad predictions don\u2019t come true. But most of them, again, did.<\/p>\n

Will the cybersecurity situation in the world improve next year, with all of the ongoing turmoil? It\u2019s hard to say, but what 2015 has definitely proved is that cybersecurity is the thing that\u2019s relatable to everyone, from housekeepers and self-employed individuals to large enterprises and governments. It\u2019s up to everyone to make the cyberworld a better place.<\/p>\n

And Kaspersky Lab is here to help ;)<\/p>\n","protected":false},"excerpt":{"rendered":"

We take a look at what happened in cybersecurity throughout 2015. <\/p>\n","protected":false},"author":209,"featured_media":15501,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2367,282,2368],"class_list":{"0":"post-4938","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-2367","10":"tag-cybersecurity","11":"tag-top-stories"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/year-2015\/4938\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/year-2015\/4938\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/year-2015\/4938\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/2015\/","name":"2015"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4938"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4938\/revisions"}],"predecessor-version":[{"id":30355,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4938\/revisions\/30355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15501"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}