A new report from cybersecurity firm Trend Micro has reaveled the key security threat takeaways from 2015 include the exponential rise in crypto ransomware, an increase in the use of exploit kits and an leap in attacks on smart connected devices, which could lead to serious injuries and even fatalities.
The report, entitled "Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies" reveals that the threat of crypto ransomware – a particularly nasty type of ransomware that employs strong cryptography to hold a large collection of data hostage – is only getting worse. It picked up momentum in the last quarter of 2015, where 83% of all data extortion attacks were performed using crypto ransomware.
Because crypto ransomware is so difficult to crack, it has become more popular than regular ransomware. Organisations are increasingly preferring to pay the bitcoin ransoms rather than lose sensitive data. The most popular crypto ransomware being used is Cryptowall, followed by Ransomnote, which leaves actual ransom note traces on infected machines, rather than performing a file-less install.
Injuries and fatalities could come from hacking IoT connected devices
But most worrying is the fact that apart from PCs and Android devices, hackers are also now turning their attention to smart devices connected to the Internet of Things (IoT), in particular hacking into smart car systems and critical infrastructure such as petrol stations or power plants.
"These incidents serve as proofs of concept, solidifying what we previously thought was only possible in fiction. The need for security and testing of IoT devices is much stronger now, and manufacturers are expected to step up to the plate to protect their customers' privacy and physical safety," the researchers wrote in their report.
"Smart devices have been security concerns for organisations since their conception, and with the number of successful hacks reported over the past months, it is only a matter of time before cybercriminals and attackers find ways to use these weak points for large-scale operations.
"These Internet-connected devices can still be avenues to data loss and compromise. Most of these devices were designed with functionality in mind; security, only secondary. In order to keep these devices protected from attacks, developers need to be able to push regular updates and patches to close off any holes attackers can exploit."
Angler exploit Kit and Dridex botnet
When it comes to tools designed by criminals to be sold to other criminals to conduct cyberattacks, Trend Micro found that the Angler exploit kit has now become the most popular around the world. It is easily integrated and can entice victims through a series of malvertisements, which infect users with ransomware and then demand payment to release their data.
There is also the Dridex botnet, the notorious banking malware that has stole at least £20m ($29m) from customers over the last few years. The malware works by spreading via bulk email phishing campaigns that secretly install malware on to victims' computers in order to steal sensitive online banking login credentials.
First spotted in November 2014, Trend Micro says that Dridex was the most frequently detected malware in 2015. In October 2015, it became international news when the FBI, Europol, GCHQ and the UK's National Crime Agency announced that they had formed a joint taskforce to disrupt the botnet, but despite the takedown attempts and the arrest of one of the ringleaders of a network that allowed the malware to securely communicate back with the cybercriminals, Dridex has resurged in malicious Microsoft Word and Excel documents disguised as invoices and financial statements.