Over the past several years an increasing number of organizations have turned to threat intelligence to counter the aggressions of various adversaries they face everyday on the Internet. The manner in which organizations employ this intelligence differs greatly; some use it in a purely reactionary manner seeking indicators of compromise, which can alert them to the presence of an attack. Others rely on intelligence to provide warning to identify when attackers are posturing for an attack by looking at various underground sites or hacker discussion forums for clues that an attack is imminent. A few organizations have embraced intelligence as a continuous process, which is meant to provide visibility and guidance to decision makers across the business. We at CrowdStrike believe that to truly benefit from threat intelligence it must be used holistically to protect the organization. By this we mean that intelligence should both fuel the technology and empower decision makers with timely and relevant information to enable them to make better decisions. To this end, it is our pleasure to provide the 2015 Global Threat Report.
This report explores activity across many different spectrums that make up the threat landscape, including cultural, geo-politcal, socio-economic, and diplomatic relations. By relating the observed activity to the cyber domain, a more complete view of the motivations and influences of the adversaries targeting your enterprise may be achieved. Through the understanding of how events of the last year shaped the world of the adversaries, we can better understand how events that unfold today may change the adversary’s behavior tomorrow. With this knowledge, organizations can better protect themselves from cyber threats, but more importantly, from threats that will impact the way the business operates, how it performs, and help guide the decisions made by the leadership.
This year the team has laid out the report differently than in previous years, with the goal of presenting the material in a more consumable format. To this end, the report is structured more like a magazine than a book. The report has four sections, three for the primary motivations of the adversaries we track: Targeted Intrusion, financially motivated eCrime, and Hacktivist. The fourth section contains a review of the predictions from the 2014 report, as well as what we believe 2016 will hold. Each section has a series of topics which are formulated as articles; some are feature length, while others are shorter articles that are focused on a specific topic. The articles in this report will explore the events that shaped the threat landscape in 2015, ranging from the targeted intrusions of various nation-states and what motivated those activities, to analysis of the schemes executed by criminally motivated actors, and a review of key hacktivist activity throughout the year. We publish this report with the hope that it will help organizations to consider how they use intelligence, and so that they may use the information provided here to better protect their businesses in 2016.