As 2015 draws to a close, ARN chased down a host of security experts to give us a rundown on the year it was.
It has been a record year for IT security on both sides of the legal divide. From record breaking breaches and international cybersecurity treaties to vigilante hackers taking on ISIS. We also saw breaches in healthcare, the US office of personnel management, banks, educational institutions and security firms.
In Australia, we saw breaches at Kmart Online, and saw Xero customer data end up in the hands of cybercriminals, with an increase in the sophistication of ransomware. ARN has compiled analysis of the year that was from the top IT security firms to see what we have learned from the year that was.
Kaspersky principal research analyst, Vicente Diaz, took a look at the Australian security landscape and analysed the trends from 2015 purely from a data perspective.
Australia was 47th out of 200 countries in total malware detections for 2015.
“When Australians are browsing, they get a lot of malware, 47th place in the world, that’s bad, but it doesn’t translate to infections,” he said.
Australia placed 130 out of 200 countries when it came to total infections detected on individual PCs, showing that while exposure to malware was high in Australia, the rate of infection was comparatively low.
Banking malware was one of the big trends Diaz observed in his research. In Kaspersky’s analysis attacks targeting banking users in the third quarter of 2015 Australia was seventh in the world.
Diaz also pointed to the continued rise in the amount of ransomware affecting Australian businesses and consumers.
“There is now a new form of ransomware not trying to encrypt the computer but asking for ransom to avoid a distributed denial of service [DDoS] attack,” he explained.
He explained that this was just another way cybercriminals had developed to extort money from victims and demonstrated an evolution in ransomware as a tactic.
While ransomware is an issue that has plagued Australian businesses for some time, there is one security expert that has cautioned putting too much emphasis on these sort of attacks.
Trend Micro chief technical officer, Raimund Genes, described ransomware and other cybercrime phenomena as noise and said companies in particular should be concerned with targeted attacks as they were the greater threat to business.
He was unsympathetic to companies that fall victim to these sort of attacks as he believes they are relatively easy to mitigate.
“Ransomware is total noise for me, in Australia there is a lot of concern about it, My reply is, why didn’t you backup?
“Do you really need more awareness? People should have known about it for the last five to ten years, that it is bad and without proper anti-malware you are really in trouble. We now have the opposite effect where people are getting tired of the claims of IT security companies.
I was giving a keynote at RSA conference in Singapore, and my keynote was don’t believe the nonsense IT security companies are telling you, because to be honest I am really getting tired of being on the show floor, no matter if its RSA or somewhere else, and everybody says ‘I have the next silver bullet’.
“People want knights in shining armour, but I am sorry but they do not exist anymore. So any security vendor that tells you they have a perfect cybersecurity solution is lying and you should not use them,” he added.
Mobile malware was yet another trend on the rise in 2015. FireEye senior manager for Mandiant consulting, Jackson McKinley, told ARN the firm had seen an increase in the number of cybercriminals specifically targeting Apple devices.
“Our mobile security researchers discovered what we called a ‘Masque Attack’ in 2014 – a threat that could allow an authentic app to be replaced with a malicious app. In 2015, we witnessed a rapid evolution of this Apple-specific attack with three new variations of Masque Attacks, which enabled attackers to demolish apps, break the app data container, and hijack VPN traffic,” he explained.
McKinley said the landscape was not all doom and gloom. He explained that 2015 was a year of unprecedented cooperation between security companies and nation states.
“In 2015 we saw cyber treaties established in an attempt to call a truce of sorts between nations and affirm global norms for cyber activities,” he said.
“This increased international cooperation also led to a greater level of threat intelligence and information sharing between global players, but it also raises concerns about the issue of privacy.
“The rationale behind more fluid information sharing is clear: to reduce attacks and breaches, and potentially aid in attribution. We must be careful however not to throw the baby out with the bathwater and clear standards must be established to ensure responsible business practices that align with those goals,” he concluded.
For RSA general manager A/NZ, Shaun McLagan, it was the commoditisation of threats that was one of the big security issues of 2015.
“Every year, or every month, we hear the warnings that attacks are becoming more sophisticated,” he told ARN.
“We've all heard the term advanced persistent threat floating around the grounds for several years already, but 2015 was really the year that many companies and vendors alike began to question what was truly considered "advanced".
“We saw many threats that just a few years ago would have been considered advanced, but these days they have become commoditised. To put things in perspective, there are now tailor-made pieces of malware and zero-day exploits that can be purchased online for the price of a movie ticket and just as easy to deploy.”