With the conclusion of 2015, we have the opportunity to review one of the busiest years for cyber security in recent memory. IT security teams were on guard, working hard to defend against various attacks, from the Hacking Team’s data trove of zero-days and surveillance Trojans to an explosive surge in ransomware attacks and malvertising. Here are some of the key trends that we observed:
• Active underground zero-day exploitation ‘for hire’ came under public scrutiny with the Hacking Team data exfiltration.
• Adobe Flash was one of the most exploited user-initiated applications on the endpoint.
• Exploit kits continue to thrive as the most sought after means to deploy malware—now built with more capabilities to bypass traditional detection based technologies.
• Macro-based malware embedded in Word documents sent through phishing e-mails is on the rise.
• The lucrative underground crypto-ransomware business demonstrated significant sophistication and continuous growth.
• Malicious ads provide a great ROI for attackers and are difficult to block.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program