The Aftermath: 2015 Breaches and Other Threat Trends

Breaches do not just die. 2015’s biggest cases showed us that data breaches do not end with their respective public disclosures. Just because the causes of compromise have been spotted and acknowledged does not mean the damage is done. Data was stolen. Networks were infiltrated and monitored. That kind of information, in the wrong hands, could be disastrous for any organization seeking to protect their customers and prevent any form of monetary loss or legal repercussion. Ashley Madison and the Hacking Team learned this the hard way when attackers and cybercriminals were able to utilize their data in further attacks.

In the event of a data breach, organizations will always have to consider these post-breach scenarios:

Online Extortion, Identity Theft, and Monetary Losses

Customer data is valuable. Any organization wanting to defend their integrity knows that protecting their customer base is a must. Once their customers’ details—which can include their names, banking information, and the like—are out in the open, there is no stopping cybercriminals from using it for their own purposes.

Online extortion is one such scheme. The Ashley Madison dump produced a lengthy list of alleged customers of the online service. These supposed customers became targets of blackmail. Cybercriminals had threatened to disclose the users’ involvement with the infamous infidelity site if they did not pay a certain fee.

Cybercriminals can also steal customers’ identity to make fraudulent monetary transactions. This, of course, leads to customers losing money. Depending on how widespread these succeeding incidences of fraud become, organizations may have to prepare for damage claims or class-action lawsuits, potentially resulting in long-term costs for their business.

Compliance Problems

Lawsuits due to fraud would not be the last of a breached company’s concerns. If the investigation of the breach shows that a business failed to comply with industry requirements and regulations, the victim organization may be fined or may suffer other penalties. These regulations control what information an organization gathers and stores, how that data is stored and protected, and who has access to this information. These penalties may not only result in monetary losses, but they can also affect the ability of a business to operate.

Further Cyber Attacks

In some cases, even users not tied to an organization can become affected by a breach. When surveillance software provider Hacking Team was breached, the leaked data included several zero-day exploits in Adobe, Windows, and Java, which ended up being used by attackers. A Flash zero-day was added to both the Angler and Nuclear Exploit Kits and used to launch limited attacks targeting organizations in Korea and Japan. Another campaign compromised a number of sites in Taiwan and Hong Kong.

Pawn Storm—the long-running cyber-espionage campaign we’ve been consistently monitoring—also targeted these vulnerable platforms using other zero-days to compromise high-profile targets.

Trends Beyond Breaches

Although 2015 was painted quite vividly by the effects of these breaches, other noteworthy incidents completed last year’s threat landscape:

Well-developed underground economies continued innovating in terms of crimeware offerings; less-developed markets, on the other hand, exhibited cybercrime trends closely tied to their country’s culture.
Successful attacks on smart devices became proofs of concept (PoC), potentially showing the way for more serious hacks in the future.
Angler became the most frequently used exploit kit, with malvertisements frequently used to lead users to deliver many zero-days.

These are just some of the big stories that have shaped the threat landscape we know now. Our annual security roundup titled Setting the Stage: Landscape Shifts Dictate Future Threat Response Scenarios contains all the details you need to know.