Perhaps for the first time in history, issues relating to the security of the Internet and the protection of internal networks were discussed by and relevant to every sector of the economy as well as everyday life: from finance, manufacturing/industrial, automotive and aircraft to wearable devices, healthcare, dating services and more.
“Select any economic sector at random, and the chances are high that you’ll find something in the media about a cyber-security incident or problem. The same goes for all aspects of everyday life. This year’s cyber-events have resulted in a sharp increase in interest, not only in the world’s media but also in the entertainment industry,” said Aleks Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab.
“Movies and television programs featuring cyber-security issues sometimes resulted in experts appearing as themselves. But, in addition to the positive changes of increased public awareness of risk and how to avoid it, 2015 also resulted in some negative outcomes. Unfortunately, for many cyber-security has become inextricably linked to terrorism. Today, attacking and defending internal and external networks, such as the Internet, are subjects of considerable interest to various illegal groups,” he added.
2015 saw near-exponential growth in all areas related to cyber-security. For Kaspersky Lab, the overriding trend has been increased complexity in cyber-attacks.
The growing number of attacks, the numbers of both attackers and their victims, together with a greater focus on cyber-security in defense budgets, new or enhanced cyber-laws, international agreements and new standards: 2015 redefined the rules of the game.
This year, agreements on cyber-security were signed between Russia and China, China and the United States, and between China and the United Kingdom. These agreements include not just a commitment to mutual cooperation but an assurance that both sides will seek to prevent attacks on each other.
Cyber-activity during 2015 is described by Kaspersky Lab’s Global Research and Analysis Team (GReAT) as “elusive”: full of cyber-criminals that are proving hard to catch, cyber-espionage actors that are even harder to attribute, and with privacy often the most elusive of all.
Cyber-attacks have achieved the impossible: they have thinned the walls of bedrooms and offices around the world.
Kaspersky Lab: predicting the future
A year ago, the director of Kaspersky Lab’s GReAT team, Costin Raiu predicted a few trends for advanced, persistent cyber-threats in 2015. As the year was to show, his forecast was accurate:
• The evolution of malware techniques. In 2015, GReAT discovered previously unseen methods used by the Equationgroup, whose malware can modify the firmware of hard drives, and by Duqu 2.0, whose infections make no changes to the disk or system settings, leaving almost no traces in the system. These two cyber-espionage campaigns surpassed anything known to date in terms of complexity and the sophistication of techniques.
• Targeting executives through hotel networks. This prediction was later modified to include any venue where a high-profile target could be targeted outside the protected corporate perimeter. For example, the Duqu 2.0 malware infections were linked to the P5+1 events and venues for high-level meetings between world leaders.
• Precise attacks merged with mass surveillance. Animal Farm’s targeted cyber-attacks merged with DDoS attacks from the same threat actor, which is rare for advanced targeted cyber-campaigns.
