This season is the time to consider the year in review and the year to come. Nick will review the biggest malware attacks and breaches of the year, including OPM breach, Apple App store malware, Ashley Madison and Hacking Team. Then it’s on to the future as Nick unveils his security predictions for 2016.

2. 2015 Year-in-Review and
Predictions for 2016
NICK BILOGORSKIY
@belogor

3. Your speakers today
Nick Bilogorskiy
@belogor
Director of Security Research
Shel Sharma
Product Marketing Director

4. Agenda
o Trends
o Most Wanted of 2015
o Predictions for 2016
o Wrap-up and Q&A
CyphortLabsT-shirt

5. Threat Monitoring &
Research team
________
24X7 monitoring for
malware events
________
Assist customers with
their Forensics and
Incident Response
We enhance malware
detection accuracy
________
False positives/negatives
________
Deep-dive research
We work with the
security ecosystem
________
Contribute to and learn
from malware KB
________
Best of 3rd Party threat
data

6. $445 Billion – Cybercrime cost
Allianz Global Corporate & Specialty

7. Decline in malware samples

8. Paradigm shift

9. Impact of breaches on loyalty
Two-thirds of consumers surveyed
are unlikely to shop or do business
again with a company that had
experienced a breach where
financial information was stole​n.
*Gemalto

10. Most Wanted of 2015
Jan 27 Feb 10 May 13 June 4 Jul 5 Jul 21 July 30 October Nov Dec
Chrysler
hack
OPM
breach
Hotel
breaches
VENOM
Dridex
Anthem
breach
Ransomware
Ashley
Madison
Hacking
Team
Carbanak
MalDrone

11. Maldrone
o First malware for drones
o Can drop drones mid-flight
o January 27, 2015
o Rahul Sasi

12. o First seen: February 2015
o Target: Russia, followed by the United
States, Germany, China and Ukraine
o Distribution: targeted phishing emails
o Value Stolen: $1 Billion dollars
o Infected Users: only a thousand
private customers
o Actors: China or Russia
Carbanak malware

13. o Attack started in April 2014
o Disclosed February 10, 2015
o 80 million people affected
Anthem breach

14. o Discovered in May 2015
o Virtualized Environment Neglected
Operations Manipulation
o Flaw in virtual floppy drive code Controller
(FDC) in QEMU, an open source
hypervisor.
VENOM zero-day vulnerability

15. o Disclosed June 4, 2015
o 19.7 million people affected
o 5.6 million fingerprints stolen
o Hacked in March 2014
o Suspected Origin: China
OPM breach

16. • January 2015: US central command twitter hack
• April 2015: FAA virus
• May 2015: IRS 330,000 accounts
• November 2015: FBI Law Enforcement Enterprise Portal
Government breaches in 2015

17. o Presented at Blackhat 2015 in July 2015
o 1.4m cars recalled
o Full remote hack of Jeep Chrysler cars
Chrysler hack

18. Chrysler hack

19. o Made commercial Trojan software
for governments
o Hacked on July 5, 2015
o Suspected origin: Phineas Fisher
o 400 gigabytes of data released,
including internal e-mails,
invoices, and source code.
o Several zero-day exploits were in
the leaked archive
HackingTeam

20. Ashley Madison hack
o July 2015
o The Impact Team
o 32m accounts stolen
o 10GB on BitTorrent
o Caused suicides
o $567m class-action lawsuit
o $500k CAD bounty

21. o First seen: Nov 2014, new versions
through 2015
o Target: North American and European
Banks
o Distribution: Spam mails with Word
Documents
o Some version use p2p over http for
carrying out botnet communication
o Uses web injects to carry out man-in-
browser attack
o Uses VNC
Dridex malware

22. Hotel breaches
Hilton Hotels
• August 2015
• Hacked twice
• Nov-Dec 2014 and
April 21 to July 27, 2015
• Customer names, card numbers,
security codes and expiration dates
Starwood Hotels
• November 2015
• 54 hotels affected, including
Sheraton, Westin, and the W
• Just before acquisition by Mariott
Trump Hotels
• Disclosed in October 2015
• Breached for over a year.
• May 2014 to June 2015
• 7 hotels affected, in New York,
Miami, Chicago, Hawaii

23. o More IOT (Internet Of Things) security incidents
Prediction #4

25. Prediction #1 – Malvertising growth
0 500 1000 1500 2000 2500 3000 3500 4000
2014
2015
Cyphort Labs: Malvertising incidents on the rise

26. o More attacks on Open Source
o Servers and critical
infrastructure based on
Unix distributions
o Webservers as entry point
to corporate network
o Major flaws in legacy open
source software show
vulnerability of Linux
systems
Prediction #2 – Linux and Open Source attacks
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00%100.00%
On desktop systems
Public servers
Mainframes
Embedded systems
5.00%
36.00%
96.00%
30.00%
Linux use

27. o Android becomes a serious vector
Prediction #3 - Android

28. Prediction #4 – IOT threats
http://greendisc.dacya.ucm.es/wp-content/uploads/2014/10/Internet_of_Things.jpg
IOT
security attacks

29. o More IOT (Internet Of Things) security incidents
Prediction #4

30. Prediction #5 - More attacks on API

31. Prediction #6 - Political malware attacks

32. o APT increase, APT TTP adopted by Financial Crimes
Prediction #7 – More APT-style financial crimes
0
20
40
60
80
100
120
2010 2011 2012 2013 2014
9
17
25
56
109
APT Notes
APT Notes
Source: APTNotes, repository of public Cyber Security APT Reports

33. Conclusions
1. 2015 was an exceptional year for security breaches with attacks on OPM,
Anthem, Ashley Madison and many others.
2. Next year we predict more IOT threats, Malvertising, Linux malware,
Android malware, APT and politically motivated attacks.
3. The best defense is an approach that continuously monitors network
activities and file movements, detects threat activities across threat kill
chain, and correlates observations across the enterprise network

34. Thank You!
Twitter: @belogor
Previous MMW slides at
http://cyphort.com/labs/
malwares-wanted/