CYREN 2015 Cyber Threats Yearbook: Stats, Cyber Analysis and Prediction for 2015

by Email SecuritymalwareSecurity Research & AnalysisWeb Security

Our 2015 Cyber Threats Yearbook has just been released!  Introduced by CTO Lior Kohavi, the comprehensive report analyzes many of last year's most notable cybercrime trends as collected by CYREN’s GlobalView Cloud which monitors 17 billion transactions each day to protect more than 600 million users.  

In addition to highlighting the impact that cyberattacks have on businesses of all sizes, we have included in-depth analyses of individual threats captured in 2014 to illustrate how cybercriminals engage in the business of crime, how they target the business enterprise, and what CYREN is doing to help.

159% increase in malware URLs

Top statistics for 2014 include:

  • 159% increase in malware URLs
  • 233% increase in phishing URLs
  • 50% increase in average daily number of emails containing malware - from 1.69 to 2.5 billion
  • 30% decline in the average daily amount of spam from 78.2 billion to 54.6 billion

The report covers specific attacks as well as trends related to malware, phishing, mobile malware, and spam, as well as looking at the new threats that the Internet of Things promises to unleash.  In the malware section we highlight the return of the macro-virus.  Long ignored by malware creators, these made a significant return at the end of 2014.  The malware was common banking Trojan related – but the social engineering – getting users to enable macros in MS-Word and Excel was very clever. 

In 2014 CYREN tracked multiple large-scale phishing attacks – most notably the Apple phishing outbreaks following the celebrity phishing/photo scandal in mid-year.  In the report we look at one such attack, on Postbank.de, with an estimated 6.5 billion emails sent during the 1st day of the attack, and 78,000 unique URLs distributed over a few days.  Read the report for a summary of the most popular brand names that are targeted in phishing attacks. 

Whether you’re using your smart phone to login to corporate webmail or to check your bank balance, mobile business app use is here to stay. And, with increasing mobile device use comes malware designed to steal personal and corporate data, and infiltrate corporate systems. Mobile malware is now extremely attractive to cybercriminals. The report describes a 61% increase in the amount of mobile malware targeting Android devices.  We explore one of our bigger predictions for 2015 malware – using NFC (Near Field Communications).  Check out page 22 for more info. 

While spam decreased (again) – that didn’t mean that spammers simply used the same old techniques.  The report describes high-speed attacks using multiple methods to outwit spam filters. And while it is tempting to dismiss spam as a nuisance, we continually see spam bots abused for far more dangerous cybercrimes. 


Internet of things cybercriminal

In the coming year, the enterprise—from its people, to its devices, to its physical infrastructure— will become more
connected than ever before. In examining the risks associated with the Internet of Things, CYREN decided to evaluate what IoT really means to the enterprise from a cybersecurity perspective.  As more and more corporations move to sustainable, smart, energy efficient buildings, industrial control systems (ICS) are just one of the many avenues that CYREN believes cybercriminals will begin to employ in the coming months. Corporate systems, such as building access swipe card systems or video surveillance systems, if not properly secured will present an ideal threat vector for the ambitious cybercriminal looking to make a few million dollars over the course of a day or two. 

Finally, possibly the most alarming statistic turned up in our year end analysis:  CYREN detects 60% more zero-hour malware than other leading anti-virus solutions. During 2014, in comparing our rates to the top 46 AV engines on the market we found that these other AV solutions only detected 40% of the same zero-hour malware.  So, super-fresh malware that is attached to an incoming email is likely to be missed by most AV solutions (but not ours).  Thought provoking... 

The report may be downloaded here – and you can also listen to a recorded version of our Webinar review of the report here.  

Go back