Security roundup: Top 10 hacks of 2015, new malware falls by 15,000 a day, iOS threats more than double

This week we take a look at the top 10 hacks of 2015, why the number of new malware is falling, and more.

2015’s top 10 global hacks
SMS Passcode has revealed it’s annual “Top Ten Global Hack Attacks”, showcases some of the most high profile hacks this year.

Top of the list was the US Office of Personnel Management. This breach was one of the biggest ever of US government systems believed – although not proved – to be perpetrated by Chinese hackers. The data theft consisted of stealing addresses, health and financial details of 19.7 million people who had been subjected to government background checks as well as 1.8 million others.

Here’s the full list:
1. US Office of Personnel Management:
2. FBI portal breach
3. Ashley Madison
4. Talk Talk
5. Health insurer Anthem
6. Carphone Warehouse
7. Multiple US financial institutions and media companies
8. Vodafone
9. Samsung Electronics
10. Hilton Worldwide

The number of new malware files detected every day falls by 15,000
According to Kaspersky Lab, 2015 marked the moment when demand for new malicious programs reached saturation point.

This year saw the number of new malware files detected every day by Kaspersky Lab products fall by 15,000, from 325,000 in 2014 to 310,000. Kaspersky Lab’s experts believe this is mainly due to the fact that coding new malware is expensive and cybercriminals have realised that they can get equally good results using intrusive advertising programs or legitimate digital signatures in their attacks.

This approach appears to be working, as results show that despite the cost-cutting in malware creation, in 2015 the number of users attacked by cybercriminals increased by 5 per cent.

The number of iOS threats discovered this year has more than doubled
Symantec has released research finding that the number of iOS threats discovered this year has more than doubled, while Mac OS X threats specifically rose by 15 percent in 2014.

These threats stem from cybercrime gangs branching out to Apple platforms, as well as high-level attack groups like the Butterfly corporate espionage team that infected OS X computers in targeted organisations.

New weapon against cyber crime unveiled
Amsterdam based startup EclecticIQ has developed a tool kit for threat analysts that allows companies to not only improve their intelligence gathering, but to also share it with trusted colleagues in- and outside the organisation, helping each other to become more proactive.

For the past year, EclecticIQ has been working with financial institutions and security organisations like NATO NCIA to fine-tune this software. Now it is being made available globally.

easyJet, Aer Lingus and Chiltern Railways exposing customers’ credit card details
Customers’ credit card information, passport data, purchase data and other Personally Identifiable Information (PII) is being sent unencrypted from smartphones when users are purchasing items from major brands’ mobile websites and apps.

Companies identified include easyJet, Chiltern Railways, Aer Lingus, AirAsia, Air Canada and 11 other companies, ranging from taxi firms (KV Cars in the UK and American Taxi in the US) to giftcard and event ticket providers (Sistic in Singapore).

Dubbed ‘CardCrypt’ by Wandera, the flaw in all of the vulnerable websites and mobile apps is that they have not used a secure protocol (HTTPS) to secure and encrypt data connections between the browser or app on the user’s smartphone, and the company’s website, mobile website or backend web services.

In other news
– Nearly two-thirds (64 per cent) of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, revealed Gemalto in a recent survey.
Bromium has announced the availability of vSentry 3.0, which features behavioural executable analysis to protect corporate networks from file-based and file-less targeted attacks and phishing campaigns.

Image source: Shutterstock

Check Also

Kyndryl and Elastic Partner on Data Observability, Search and Insights

Kyndryl and Elastic have expanded their global partnership to provide customers full-stack observability, enabling them …