Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources.
Here is a look at the topics and findings covered in this year’s report:
The Verisign iDefense 2016 Cyberthreats and Trends Report provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve over the coming year.
• Financial motives – Even though international law enforcement agencies saw some success against cybercriminal groups and campaigns, the practice of leveraging cyber-attacks for financial gain itself grew and evolved in 2015.
• Darknet and extortion use grows – As cybercriminals moved away from once-reliable communications and coordination channels to others offering more secrecy, some groups found new success using an old criminal method — extortion — to achieve their goals.
• Adobe Flash exploitation – The Verisign iDefense team observed that Adobe Flash largely replaced Java as the vector of choice for attackers, and these attackers also proved capable at using these vulnerabilities to power new and more effective automated exploit kits.
• Shift to criminal and notoriety hacktivism – Ideological motivations largely took a back seat to more criminal- and notoriety-focused hacktivist attacks. Simultaneously, hacktivists seemingly learned from law enforcement successes and made secrecy and security of their operations a higher priority, which will no doubt make future attacks less predictable and more difficult to combat.
• Distributed denial of service (DDoS) attacks on the rise – DDoS attacks also grew in size, duration, complexity and frequency in 2015, likely due to the availability and affordability of DDoS-for-hire (or “booter”) services.
Our growing reliance on the digital world for business tasks has forced security practitioners to accept an increasingly stark reality: Attackers are no longer interested solely in taking down large enterprise networks or just stealing data, nor are they limited by their own ingenuity and skill. Security teams in 2016 and beyond must now also guard against purely destructive and punitive threats, and not just to themselves, but also to their supply chains, social media channels and other elements of the business ecosystem, both online and off.
Understanding the complexity of the cyberthreat landscape is critical to keeping pace with today’s cybercriminals, hacktivists and thrill seekers, who have proved to be very adept at leveraging security weaknesses and standardized technologies and practices for profit, notoriety, ideology or combinations of the three.