2016_-what-can-we-learn

2016 will go down as yet another banner year – unfortunately – for hackers and data thieves globally. This article looks at some of the successful attacks while probing for patterns and trends in cybercrime.

Big target on the IoT: The Dyn DDoS attack. Our blog on cybercrime predictions for 2017 forecasted increasing efforts of hackers exploiting fundamental weaknesses in the fast-growing Internet of Things (IoT) environment. For the first time in a major attack, hackers in the Dyn DDoS attack didn’t go directly at the servers of their target. Instead, they compromised some 100,000 IoT devices possessing weak default passwords, creating an enormous botnet, which then slammed the real target. Some evidence suggests the attackers were just firing a warning shot with this attack, as they could have compromised 500,000 devices just as easily. The obvious lesson here: Use the same password best practices on IoT devices as you would for any other digital device or endpoint. That means changing the default password to a strong, complex password.

Passwords, get your stolen passwords right here! Literally millions of stolen passwords went up for sale on the dark web this year, some of which were stolen in previous years. In May more than 400 million passwords stolen previously from MySpace went up for sale to the highest bidder. What’s more, the same hacker who listed the MySpace passwords put another 100 million passwords up for sale that were previously stolen from LinkedIn. There is every reason to expect that stolen information will increasingly be put up for sale. These incidents highlight the great importance of frequently changing passwords and not reusing the same passwords for various accounts. Warnings to do so are coming from all over the globe. As one major cybercrime study showed in 2016, 63% of successful data breaches involved weak, default or stolen passwords.

Life of the Party: The DNC hack. Considerable questions remain as to exactly who was behind the epic successful attack on the servers belonging to the Democratic National Committee. What is not in question is the damage done to the Democratic Party and to the reputations of a lot of political higher-ups. It is entirely possible the success of this attack and the apparent ease with which it was pulled off will only encourage more such geopolitical cybercrime. In fact, a couple of months after the DNC break-in, the FBI alerted officials in two states that hackers were targeting their election systems. The hackers were into the DNC computers for an entire year before they were discovered. Sophisticated phishing techniques were likely used to pry open the doors. The rest is history.

Simply shocking! Electrical grids in hackers’ crosshairs. As devastating as the attack on the Ukrainian power grid was, it may have been just the canary in the coal mine in terms of what is to come. The simple fact is that power grids around the world are extraordinarily ripe for cyber assaults, such as those in most all of Southeast Asia, where much of the computerized instrument control infrastructure is extremely vulnerable. The attack in the Ukraine was as sophisticated as it was brilliantly planned and executed. But a not-so-sophisticated phishing campaign using infected Word documents was all it took to put the whole mess in motion.

Yahoo times 500 million. The devastating attack on Yahoo happened two years ago, but the extent of the damage and actual revelation of the attack didn’t happen until 2016. It isn’t that Yahoo wasn’t aware that more than 500 million records were compromised in the attack. The company just chose not to tell anyone about it, despite having been for sale for the last year. The important takeaway here is that it is likely governments in general and regulators too are going to double down on requirements of just what must be disclosed when a breach is detected, and when. Shareholders, consumers, suppliers and others feel they need protection when some of their data may have been compromised in a breach. The year ahead may well bring them some much-needed relief in this regard.

Hospitals: Pay up or else. Starting early in 2016 and continuing throughout the year, hackers conducted a series of successful ransomware attacks on hospitals throughout the world. The attacks typically began on a single server but then quickly infected the entire network, eventually affecting multiple systems. Demands at times were modest, as low as $1,600 for system restoration. Hospitals are relatively easy targets, often lacking layered security-centric protocols, according to some experts. Expect regulators to take a hard look at hospital security practices.