• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   2014 Annual Security Roundup: Magnified Losses, Amplified Need for Cyber-Attack Preparedness

2014 Annual Security Roundup: Magnified Losses, Amplified Need for Cyber-Attack Preparedness

  • Posted on:February 24, 2015 at 5:00 am
  • Posted in:Bad Sites, Botnets, Exploits, Malware, Targeted Attacks, Vulnerabilities
  • Author:
    Trend Micro
0

2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats.

Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that has failed to secure its network.

Point-of-sale (PoS) RAM scrapers were almost a cybercrime staple in 2014, as several high-profile targets lost millions of customer data to attackers. The Ponemon Institute reports a significant increase in the cost of stolen records in 2014 from the previous year, which shows that using PoS RAM scrapers to target retailers is a thriving business. For the entire 2014 we observed that most PoS malware hit retailers in the United States, followed by Canada and the United Kingdom.

Software and platforms previously considered secure proved otherwise in 2014- this was made evident by high-profile vulnerabilities Heartbleed and Shellshock that affected Linux systems. Security holes were also found in various commercial software like Windows®, Adobe®, and Java™ all throughout the year.

Figure 1. Timeline of Major Zero-Day Vulnerabilities in 2014

Online banking was still a major problem for last year. Operation Emmental added to this growing problem and proved that two-factor authentication was no longer enough to secure sensitive transactions. According to data from the Trend Micro™ Smart Protection Network™, we observed around 145,000 computers infected by online banking malware by the tail end of 2014. Mobile users were also hit by online banking threats with as much as 2,069 mobile banking/financial malware seen in 3Q alone.

2014 Annual Security Roundup Cover

Ransomware made the headlines early in the year with CTB-locker infections, but we’ve been seeing ransomware victimize users all throughout 2014. Traditional ransomware like REVETON and RANSOM dominated 2013 with a 97% share, crypto-ransomware took the stage in 2014, as their share increased 27.35%.

Threat actors and cybercriminal economies continued to thrive last year. With Operation Pawn Storm. threat actors used next-level spear-phishing tactics to obtain the email credentials of primarily military, embassy, and defense contractor personnel from the United States and its allies.

2014 also saw campaigns like Regin target victims in Belgium and Plead in Taiwan.

As cybercrime becomes more attractive to the unscrupulous and as targeted attack campaigns become much easier to mount, the pressure to reassess the breadth and quality of cybersecurity investments must only intensify.

For more details about these and other security threats in 2014, check our security roundup titled Magnified Losses, Amplified Need for Cyber-Attack Preparedness.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: 2014 roundupdata breachExploitsPOSransomwaretargeted attacksVulnerabilities

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.