Hacking Highlights of 2016

Featured article by Maya Nix, Marketing Director, Deep Instinct

Reports on data breaches and hacks hit the headlines on an almost daily basis this past year. We compiled a list of themes that characterized this past year’s hacks:

1. Ransomware everywhere: Ransomware attacks dominated headlines, reaching an epidemic level. In February, the Hollywood Presbyterian Hospital  paid $17,000 in ransom money to regain access to files that had been encrypted. In the same month, Hospitals in Germany also fell victim to ransomware. In March, the Methodist Hospital in Henderson, Kentucky, declared an “internal state of emergency” after a ransomware attack encrypted all its files. Since then, banks, school districts, state and local governments, and law enforcement agencies have all suffered ransomware attacks.

2. Widespread cyber-attacks on global banking: The $81 million theft that happened in early February via a fraudulent transfer from Bangladesh Bank using the SWIFT international financial messaging service provider sent shockwaves throughout the global banking community. The methods deployed were highly complex, involving a combination of technical expertise and in-depth knowledge of how the Bangladesh Bank interfaced with SWIFT. Later, in June, hackers reportedly stole $10 Million from an unnamed bank in Ukraine by exploiting a loophole in the SWIFT system.

3. Attacks on Supervisory Control and Data Acquisition (SCADA) systems: 2016 started with a deeper look into attacks that occurred in late 2015 on two power distribution companies in Ukraine. The attack caused a power outage that affected over 80,000 people and sabotaged operator workstations and management systems. In July, security researchers discovered a sophisticated malware, probably by a nation state, targeting energy companies in Western Europe.

4. “Safer” operating systems are no longer so: This past year has shown a spike in vulnerabilities of iOS, Mac OS and Linux environments that were previously considered to be much more secure than Windows. The Linux kernel is now facing unprecedented vulnerabilities that cannot necessarily be fixed by patches due to the long time it takes to discover the bugs and apply fixes on all the vulnerable devices. A new OS X Trojan was discovered, as well as Zero-day vulnerabilities on iOS that, when exploited, form an attack chain that undermines even Apple’s strong security environment.

5. Ghosts of breaches past came back to haunt companies: May 2016 marked the return of a data breach nightmare for LinkedIn. The 117 million email and password combinations that were stolen in 2012 came back to haunt LinkedIn by becoming publicly available online again. At the time the breach occurred, LinkedIn notified the members who had been affected. In May, LinkedIn acted quickly to invalidate passwords of all LinkedIn accounts that were created prior to the 2012 breach and had not undergone a reset since the breach. In September, Dropbox discovered that 68 million users had their usernames and passwords compromised in a breach from 2012. This caused Dropbox to prompt all of its users who haven’t reset their passwords since 2012 to do so. In September, Yahoo disclosed that at least 500 million user accounts had been compromised.The data stolen back in 2014 included users’ names, email addresses, telephone numbers, dates of birth and encrypted passwords. The two year delay raised questions, although a company spokesperson said Yahoo was “aware” a hacker was selling login details for 200 million Yahoo accounts in an online black market.

6. Political hacks and continued hacktivism: In July, WikiLeaks published a collection of emails leaked from the Democratic National Committee (DNC). The collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States’ Democratic Party. The leak included emails from seven key DNC staff members, and date from January 2015 to May 2016. This prompted the resignation of DNC chair Debbie Wasserman Schultz before the Democratic National Convention. After the convention, other key members: DNC CEO Amy Dacey, CFO Brad Marshall, and Communications Director Luis Miranda also resigned. WikiLeaks did not reveal its source. Guccifer 2.0, an unaffiliated hacker, claimed responsibility for the attack, however cybersecurity firms and American intelligence officials believe that the Russian government was behind the leak, despite the denial of the Russians and WikiLeaks founder Julian Assange. In terms of hacktivism, research has shown that motivation towards hacktivism has declined although it can cause enough damage to attract the attention from mainstream media. Anonymous remains the most influential hacktivist group, topping the charts of the hacktivist DDOS attacks on websites.

7. DDOS attacks should not be underestimated:In October, a DDOS attack against domain name server provider Dyn resulted in disruptions for internet users attempting to access many major sites, including Netflix, Twitter, Spotify, Amazon, GitHub, Reddit, SoundCloud, Spotify, Tumblr and Etsy. The service outage throughout the North American east coast eased after two hours but returned midday, affecting areas across the US and parts of Europe. The attack used an IoT botnet army largely driven by Mirai malware. Singaporean ISP StarHub’s DNS services were also attacked causing service disruptions over the following days. Investigations into these attacks are still underway.

This past year has shown that data breaches and cyber-attacks have continued to grow in rate and severity. The clear takeaway is that no one is immune. Economic and political gain continue to motivate hackers to attack new victims, and past victims continue to suffer from the consequences of hacks. The introduction and growing implementation of new solutions that leverage new technologies to block cyber-attacks before they can cause damage will hopefully curb the number and scope of cyber-attacks in 2017 and beyond.