2015 CrowdStrike Global Threat Report Preview

2015 Global Threat Report

With every year that passes, the stakes for connecting a business to the Internet dramatically increase. In 2013, the use of Point of Sale (PoS) malware at a major retailer resulted in a massive data breach; in 2014, SONY pictures entertainment was decimated by a retaliatory destructive attack by North Korean actors; and in 2015, reports of attacks against Ukrainian infrastructure resulting in power failure showed the fragility of the systems we rely on for light and heat.

These events are not isolated; they are triggered by legal, political, economic, and diplomatic influences. The events of the real world have concise connections to occurrences in the digital realm. By understanding the world around us and the way in which events there manifest in changes to the behavior of threat actors who use the interconnected world to steal, disrupt, and destroy, businesses can have the advantage.  

The threats posed by adversaries using the Internet impact not only the information technology component of a business, it affects the ability of the business to operate. Information security is not about defending the enterprise, it is about defending the business. By understanding the events that have transpired, businesses can model what threat actors are doing and prepare to make decisions to protect the business. Every year, CrowdStrike releases a Global Threat Report. It is released publicly with the intention of giving businesses a glimpse at how they can apply threat intelligence to protect the business, and to understand the adversary.

In this year’s report, we provide detailed analysis of the effect geopolitical events had on threat actors, the technology they relied on, and the tradecraft they used, as well as an outlook for what businesses can expect in 2016. Pre-order a copy of the  2015 Global Threat Report, and in the meantime, here’s a preview of what you can expect to see in the full report:

Targeted Intrusions

  • China: In 2015, China-based adversaries topped headlines as numerous breaches of Personally Identifiable Information (PII) impacted tens of millions. These actors faced increasing pressure from western governments both in threats of economic sanctions and increasingly tense diplomatic relations. What does the impending 13th Five-Year Plan mean for your business in the new year and beyond? Who is Turbine Panda?
  • Russia: International conflict, balance of power, energy issues, and the economy were the common themes observed within active intrusion campaigns conducted by Russian actors in 2015. The crisis in Ukraine and the Russian military involvement in Syria were major focal points for conflict-related intrusion activity. Plunging energy prices have drastically impacted the Russian economy and diplomacy. How did the events of 2015 influence the efforts of Russia-based intrusion groups against different business verticals? What can businesses do to protect their interests in the new year?
  • North Korea: 2015 proved to be a tumultuous year on the Korean Peninsula. In January, President Obama issued Executive Order 13687, which imposed further economic sanctions on the “hermit kingdom”. Numerous high-ranking officials were executed in 2015 as Kim Jong Un sought to solidify his control of the regime. Weapons tests and continued development of the missile and space programs further illustrated the intentions of the Democratic People’s Republic of Korea (DPRK) to continue agitating the international community. What steps did the DPRK take in 2015 using cyber intrusion to collect critical intelligence against their foes? 
  • Iran: Several notable geopolitical events occurred in Iran during 2015; they shaped cyber activity, and will continue to do so into 2016. The suspension of sanctions following the implementation of the Joint Comprehensive Plan of Action (JCPOA) promises to transform the Iranian economy, but it also threatens to bring the influence of western culture. What actions did Iranian law enforcement take in 2015 to combat the influx of democracy? What impact does the proxy war in Yemen have on Iranian cyber actors? 

Criminal Activity

  • Commodity malware such as Dridex and Dyre have seen steady development in 2015, both in terms of distribution mechanisms and code modifications supporting enhanced cryptography. What changes were observed in the markets where this malware is bought and sold? Who is benefiting from these tools? What will these attackers do next?
  • Social engineering schemes using intelligence-driven phishing flourished in 2015. These scams may be responsible for the largest heists in 2015. Attackers spoofing corporate executives convinced employees to transfer millions to adversary bank accounts. These attacks may go unnoticed for months until it’s too late. Who is perpetrating these attacks? What can be done to protect the finances of businesses across the globe?

Hacktivist Campaigns

  • Geopolitical issues have increasingly served as drivers for hacktivist activity in 2015. CrowdStrike observed a significant increase in attack activity actors for and against ISIS. This is augmented by regional conflicts in Yemen and Syria, as well as more localized political issues such as the current governmental gridlock in Lebanon.
  • Sustained and disruptive hacktivist DDoS campaigns have been observed targeting organizations across multiple sectors in Saudi Arabia including government, financial, telecommunications, and energy. Threat actors have targeted online video games, conducted attacks in the name of social activism, and targeted businesses just to get a few laughs. What observations can be made about hacktivist actors? What can businesses do to prepare for hacktivist threats, which can pop up anywhere, at any time, for any reason? 

Pre-order your copy of the  2015 Global Threat Report now.

Adam Meyers

Adam Meyers has authored numerous papers for peer-reviewed industry venues and has received awards for his dedication to the information security industry. As Vice President of Intelligence for Crowdstrike, Meyers oversees all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Previously, Meyers was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International where he provided technical expertise at the tactical level and strategic guidance on overall security program objectives.

 

Stop Breaches with CrowdStrike Falcon request a live demo