{"id":10992,"date":"2016-01-06T09:00:19","date_gmt":"2016-01-06T14:00:19","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=10992"},"modified":"2017-09-24T11:22:42","modified_gmt":"2017-09-24T15:22:42","slug":"security-year-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/security-year-2015\/10992\/","title":{"rendered":"The unconventional list of top security events in 2015"},"content":{"rendered":"<p>There were many security stories in 2015. Narrowing down the list to 10 is quite a daunting task. However in order to stay neutral I decided to chose 10 most popular stories on Threatpost. Surely anyone in the IT or security space will have their own top 10, but I tried my best to be unbiased \u2013 it\u2019s not me who chose the stories but the readers. Still if you disagree or feel that I have missed a story or two, please drop a note in the comments below. So now without further adieu, here is the list of Top 10 security stories in 2015. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Kaspersky Lab cybersecurity <a href=\"https:\/\/twitter.com\/hashtag\/predictions?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#predictions<\/a> for 2016 \u2013 <a href=\"https:\/\/t.co\/1JFA8qRBm9\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/1JFA8qRBm9<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/KL2016Prediction?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#KL2016Prediction<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/netsec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#netsec<\/a> <a href=\"https:\/\/t.co\/LjGxVMG7xV\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/LjGxVMG7xV<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/674628086281994240?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This year\u2019s list will be broken into five key categories:<\/p>\n<ul>\n<li>Low-profile end-user threats;<\/li>\n<li>\u2018Least expected\u2019 vulnerabilities: IoT, home appliances and industrial networking applicances security;<\/li>\n<li>Encryption issues;<\/li>\n<li>Well-publicized vulnerabilities in major platforms and high-end cyberthreats, and examples of most advanced attacks;<\/li>\n<li>Routine yet dangerous bugs in commodity software.<\/li>\n<\/ul>\n<p><b> Let\u2019s get started!<\/b><\/p>\n<h3>End-user threats<\/h3>\n<p><b>#10<\/b> A Trojan in Facebook, spotted back in January (<a href=\"https:\/\/threatpost.com\/facebook-malware-poses-as-flash-update-infects-110k-users\/110775\/\" target=\"_blank\" rel=\"noopener nofollow\">story<\/a>). Over 110,000 Facebook users infected their devices with this Trojan by clicking on a malicious link on the social network! No way!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/01\/06023311\/se-2.gif\" alt=\"The unconventional list of top security events in 2015\" width=\"245\" height=\"150\" class=\"alignright size-full wp-image-10998\"><\/p>\n<p>Unfortunately for the majority of users on the Internet, they are often collateral damage when it comes to the cyberwar between cybercriminals and the good guys. For example, a Trojan masking as an Adobe Flash update and installing a keylogger on the victim\u2019s machine. We constantly track these types of incidents, but they rarely get shortlisted for any kind of rating, as security experts are typically not overly excited about them.<\/p>\n<p>However, these \u2018traditional\u2019 security threats will continue to remain the a major pain, for both consumers and corporate users. The counter measures are pretty straightforward and obvious, the security and protection methods have long caught up with such cyberattacks. At the same time, the attacks like the one with the Facebook Trojan in January still affect tens of thousands of users, so it\u2019s worth an effort to increase public awareness of protection methods and techniques. There\u2019s clearly room for improvement across the board.<\/p>\n<h3>Attacks on IoT, home routers and industrial networking appliances <\/h3>\n<p>What do garage door remote controllers and Cisco\u2019s networking software have in common? Well, they have equally loose protection.<br>\nWhile users and vendors see protection as vital for traditional computers and devices, they pay less attention to their connected \u201csmart\u201d devices. You see, what is often overlooked with the Internet of Things is that these devices are powerful computers that left unsecured, and that can lead to breaches or worse. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How will the Internet of Things affect cybersecurity? \u2013 <a href=\"http:\/\/t.co\/fWScmf4QfQ\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/fWScmf4QfQ<\/a> <a href=\"http:\/\/t.co\/sAk1mcZPg5\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/sAk1mcZPg5<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/586174972156108800?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>When it comes to the attacks on these types of devices, there were a few stories that stood out on Threatpost. <b>#9<\/b> Back in 2014 Check Point\u2019s security researchers discovered a vulnerability which affected 12 million home routers (<a href=\"https:\/\/threatpost.com\/12-million-home-routers-vulnerable-to-takeover\/109970\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a> ).A specially crafted packet was used to expose the router\u2019s web interface. <b>#8<\/b> Later in June 2015, hard-coded default SSH keys were found in Cisco\u2019s security appliances (<a href=\"https:\/\/threatpost.com\/default-ssh-key-found-in-many-cisco-security-appliances\/113480\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>). It was just one of the many cases when such bugs were found in network appliances and software.<\/p>\n<p><b>#7<\/b> Around the same time, renowned security researcher Samy Kamkar, discovered that remote garage door controllers, quite popular in the US, also suffer from weak security (<a href=\"https:\/\/threatpost.com\/using-a-toy-to-open-a-fixed-code-garage-door-in-10-seconds\/113146\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>). It takes 30 minutes of bruteforce to crack the keys, but a series of software bugs allowed Kamkar to cut this time down to 10 seconds.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Using a Toy to Open a Fixed-Code Garage Door in 10 Seconds \u2013 <a href=\"http:\/\/t.co\/NvNR1vhOnG\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/NvNR1vhOnG<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/606473243051106304?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 4, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Lest we forget serious vulnerabilities in automotive systems. This summer, following a groundbreaking research by Charlie Miller and Chris Valasek, Fiat Chrysler issued the first ever security patch for a car: The vulnerability <a href=\"https:\/\/threatpost.com\/car-hacking-gets-the-attention-of-detroit-and-washington\/113878\/\" target=\"_blank\" rel=\"noopener nofollow\">could be used<\/a> to remotely hack the vehicle management system via the multimedia dashboard, ultimately opening an opportunity to even hijack the steering system. Seriously, if there are bugs in software and computing appliances, why shouldn\u2019t there be bugs in the car itself? Can\u2019t help but recite a famous but now deleted Tweet:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/01\/06023317\/security-year-tweet.png\" alt=\"The unconventional list of top security events in 2015\" width=\"892\" height=\"516\" class=\"alignright size-full wp-image-10993\"><\/p>\n<p>When computers are entrusted with a task, they tend to make less mistakes and bloopers that humans. But it is people who program them, and computing systems are becoming increasingly essential to perform mission-critical tasks, from managing nuclear power plants to controlling city traffic. Welcome to the brave new world!<\/p>\n<h3>Encryption<\/h3>\n<p>Well, that\u2019s getting complex. Only a serious scientific researcher can help to assess efficiency of any encryption method. There\u2019s a good example to prove this point: SHA-1, a popular hashing algorithm, was considered perfectly reliable some five years ago, but in 2015 <a href=\"https:\/\/threatpost.com\/practical-sha-1-collision-months-not-years-away\/114979\/\" target=\"_blank\" rel=\"noopener nofollow\">it was rendered<\/a> \u2018theoretically vulnerable.\u2019<br>\nThe NSA has already questioned the resilience of elliptic curve encryption algorithms and is <a href=\"https:\/\/threatpost.com\/nsas-divorce-from-ecc-causing-crypto-hand-wringing\/115150\/\" target=\"_blank\" rel=\"noopener nofollow\">considering<\/a> (or pretending to consider) encryption techniques, which would be uncrackable even for quantum computers.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Quantum computers: what does it mean for you today? <a href=\"https:\/\/t.co\/E3Fwee3j2W\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/E3Fwee3j2W<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/futuretech?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#futuretech<\/a> <a href=\"https:\/\/t.co\/mBSnlpoVtV\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/mBSnlpoVtV<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/674253247528501248?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><b>#6<\/b> But that\u2019s not the only problem with encryption. Weak encryption posed a serious threat to Open Smart Grid protocol (<a href=\"https:\/\/threatpost.com\/weak-homegrown-crypto-dooms-open-smart-grid-protocol\/112680\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>). OSGP is an IoT deployment of the electrical grid, an attempt to unite all meters and management systems into a single network. That means, potential security issues would compromise the electric supply. The network complexity is the reason why the key criterium to assess encryption resilience is trust.<br>\nIn 2014 TrueCrypt developers decided to shut down their project, a rather popular utility used for the on-the-fly encryption. <b>#4<\/b>Following the sequence of events, we have witnessed several independent source code audits and the emergence of inherently curious spin-offs: VeraCrypt and CipherShed (<a href=\"https:\/\/threatpost.com\/post-cryptanalysis-truecrypt-alternatives-step-forward\/112033\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>).  Recently a backdoor in Juniper routers <a href=\"https:\/\/threatpost.com\/juniper-finds-backdoor-that-decrypts-vpn-traffic\/115663\/\" target=\"_blank\" rel=\"noopener nofollow\">was discovered<\/a>, and the encryption issue was also of paramount importance in that incident.<\/p>\n<h3>Serious vulnerabilities &amp; serious attacks<\/h3>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1 Billion <a href=\"https:\/\/twitter.com\/hashtag\/Android?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Android<\/a> devices vulnerable to <a href=\"https:\/\/twitter.com\/hashtag\/NEW?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#NEW<\/a> Stagefright flaws\u2026 <a href=\"https:\/\/twitter.com\/hashtag\/nopatches?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#nopatches<\/a> <a href=\"https:\/\/t.co\/1Wt8iqOY2b\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/1Wt8iqOY2b<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"http:\/\/t.co\/LJUuODPDra\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/LJUuODPDra<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/649575239999950848?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 1, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><b>#5<\/b> While last year\u2019s superstars among the vulnerabilities were, without doubt, <a href=\"https:\/\/threatpost.com\/major-bash-vulnerability-affects-linux-unix-mac-os-x\/108521\/\" target=\"_blank\" rel=\"noopener nofollow\">Shellshock<\/a> and <a href=\"https:\/\/threatpost.com\/openssl-fixes-tls-vulnerability\/105300\/\" target=\"_blank\" rel=\"noopener nofollow\">Heartbleed<\/a>, this year the Stagefright vulnerability (<a href=\"https:\/\/threatpost.com\/android-stagefright-flaws-put-950-million-devices-at-risk\/113960\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>) in Android and <b>#3<\/b>the bug in a standard GLIBC library function in Linux (<a href=\"https:\/\/threatpost.com\/ghost-glibc-remote-code-execution-vulnerability-affects-all-linux-systems\/110679\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>) took center stage.<\/p>\n<div id=\"attachment_10996\" style=\"width: 1290px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-10996\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/01\/06023313\/security-year-2015-2.jpg\" alt=\"The unconventional list of top security events in 2015\" width=\"1280\" height=\"853\" class=\"size-full wp-image-10996\"><p id=\"caption-attachment-10996\" class=\"wp-caption-text\">Linux bug hunter. An artistic interpretation<\/p><\/div>\n<p>Each known vulnerability could be found through either \u2018theoretical\u2019 or \u2018practical\u2019 discovery. In some cases, researchers provided a proof-of-concept attack first, but at times a new bug is found only after attacks happened in-the-wild. <\/p>\n<p>As far as practical attacks are concerned, two of the major campaigns discovered by Kaspersky Lab were <a href=\"https:\/\/threatpost.com\/carbanak-ring-steals-1-billion-from-banks\/111054\/\" target=\"_blank\" rel=\"noopener nofollow\">Carbanak<\/a> and <a href=\"https:\/\/securelist.com\/blog\/research\/68750\/equation-the-death-star-of-malware-galaxy\/\" target=\"_blank\" rel=\"noopener\">The Equation<\/a>. While the first impressive in terms of sustained loss ($1B, in case you were wondering), the latter is stunning because of its advanced and sophisticated toolset, including the means of restoring control over the victim\u2019s PC by using a modified HDD firmware, as well as the duration of the campaign, measured in decades. <\/p>\n<h3>Routine vulnerabilities in commodity software<\/h3>\n<p>Adobe Flash, serves as a perfect example for this category: <a href=\"https:\/\/threatpost.com\/adobe-patches-nine-vulnerabilities-in-flash\/110386\/\" target=\"_blank\" rel=\"noopener nofollow\">14<\/a>, <a href=\"https:\/\/threatpost.com\/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability\/110586\/\" target=\"_blank\" rel=\"noopener nofollow\">24<\/a> and <a href=\"https:\/\/threatpost.com\/adobe-begins-auto-update-patching-of-second-flash-player-zero-day\/110640\/\" target=\"_blank\" rel=\"noopener nofollow\">28<\/a>January, <a href=\"https:\/\/threatpost.com\/adobe-patches-11-critical-vulnerabilities-in-flash-player\/111619\/\" target=\"_blank\" rel=\"noopener nofollow\">March<\/a>, <a href=\"https:\/\/threatpost.com\/emergency-adobe-flash-patch-fixes-zero-day-under-attack\/113434\/\" target=\"_blank\" rel=\"noopener nofollow\">June<\/a>, <a href=\"https:\/\/threatpost.com\/adobe-to-patch-hacking-team-zero-day-in-flash\/113658\/\" target=\"_blank\" rel=\"noopener nofollow\">July<\/a>, <a href=\"https:\/\/threatpost.com\/adobe-patches-23-critical-vulnerabilities-in-flash-player\/114740\/\" target=\"_blank\" rel=\"noopener nofollow\">September<\/a>, <a href=\"https:\/\/threatpost.com\/massive-adobe-flash-update-patches-79-vulnerabilities\/115598\/\" target=\"_blank\" rel=\"noopener nofollow\">December<\/a>. The bad news is Adobe Flash is still an unbelievably vulnerable piece of software. Good news is patches (at least those of Adobe\u2019s) are issued en masse, and a handful of bugs are fixed in one update. It does not mean the software became more secure, yet the overall trend over the year is positive: developers have started to take security very seriously.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Massive <a href=\"https:\/\/twitter.com\/hashtag\/Adobe?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Adobe<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Flash?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Flash<\/a> Update Patches 79 <a href=\"https:\/\/twitter.com\/hashtag\/Vulnerabilities?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Vulnerabilities<\/a>: <a href=\"https:\/\/t.co\/oU8R0QSm1l\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/oU8R0QSm1l<\/a> <a href=\"https:\/\/t.co\/2iLqfcKWpJ\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/2iLqfcKWpJ<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/674315442845036544?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The software is installed on a large number of systems including Web browsers and gets a lot of attention. Browser developers are forced to both supervise their own software and protect users from threats on websites (at times their only option is to restrict certain capabilities, which happened to <a href=\"https:\/\/nakedsecurity.sophos.com\/2015\/08\/31\/google-chrome-will-block-flash-from-tomorrow-well-sort-of\/\" target=\"_blank\" rel=\"noopener nofollow\">Flash in Chrome<\/a>). <b>#2<\/b> The participants of pwn2own hackathon in March managed to hack all the major browsers: first Firefox and IE, and then <a href=\"https:\/\/threatpost.com\/all-major-browsers-fall-at-pwn2own-day-2\/111731\/\" target=\"_blank\" rel=\"noopener nofollow\">Chrome and Safari<\/a> (<a href=\"https:\/\/threatpost.com\/flash-reader-firefox-and-ie-fall-on-pwn2own-day-1\/111720\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>).<\/p>\n<div id=\"attachment_10997\" style=\"width: 690px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-10997\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/01\/06023312\/se-5.jpg\" alt=\"The unconventional list of top security events in 2015\" width=\"680\" height=\"400\" class=\"size-full wp-image-10997\"><p id=\"caption-attachment-10997\" class=\"wp-caption-text\">White hats after a successful hack at pwn2own<\/p><\/div>\n<p><b>#1<\/b> Obsolete NPAPI extension blocked in Chrome (<a href=\"https:\/\/threatpost.com\/google-shuts-off-npapi-in-chrome\/112295\/\" target=\"_blank\" rel=\"noopener nofollow\">Story<\/a>). NPAPI blocking, which happened in April, resulted in malfuntion of a number of plugins, from Java to Silverlight, causing many problems on the developers\u2019 side. Phasing out legacy codes has become a key trend recently.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"in\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Google?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Google<\/a> Shuts Off NPAPI in <a href=\"https:\/\/twitter.com\/hashtag\/Chrome?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Chrome<\/a> \u2013 <a href=\"https:\/\/t.co\/Ii6aVP6cvu\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Ii6aVP6cvu<\/a><\/p>\n<p>\u2014 Threatpost (@threatpost) <a href=\"https:\/\/twitter.com\/threatpost\/status\/588725744014073856?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>I doubt security issues will be less prominent in 2016. I\u2019m sure the new methods to battle cyberthreats will eventually emerge. So we\u2019ll definitely have lots to talk about next year. As for background reading, I recommend to check out <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/72886\/kaspersky-security-bulletin-2015-top-security-stories\/\" target=\"_blank\" rel=\"noopener\">the 2015 recap<\/a> of threats by Kasperky Lab\u2019s experts, a dedicated <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/72969\/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector\/\" target=\"_blank\" rel=\"noopener\">analysis<\/a> of cyberthreats for businesses and 2016 <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/72771\/kaspersky-security-bulletin-2016-predictions\/\" target=\"_blank\" rel=\"noopener\">predictions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Konstantin Goncharov recaps the most significant security events of 2015. <\/p>\n","protected":false},"author":53,"featured_media":10994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2646],"tags":[389,111,1260,20,958,794,1357,97,268],"class_list":{"0":"post-10992","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-adobe","10":"tag-attacks","11":"tag-cisco","12":"tag-facebook","13":"tag-flash","14":"tag-iot","15":"tag-results","16":"tag-security-2","17":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/security-year-2015\/10992\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/security-year-2015\/6495\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/security-year-2015\/6575\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/security-year-2015\/6497\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/security-year-2015\/7441\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/security-year-2015\/7174\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/security-year-2015\/10328\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/security-year-2015\/10992\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/security-year-2015\/5857\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/security-year-2015\/6680\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/security-year-2015\/10012\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/security-year-2015\/10328\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/security-year-2015\/10992\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/adobe\/","name":"Adobe"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=10992"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10992\/revisions"}],"predecessor-version":[{"id":18106,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10992\/revisions\/18106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/10994"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=10992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=10992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=10992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}