2016 was quite the year for cybersecurity and the assorted issues, threats, and concerns associated with it. As 2017 rolls along, we may be able to anticipate what this year might bring by reflecting on the events of the last.
Governing Bodies Can Be Hacked Two breaches in the United States proved that nobody is impervious to hacking attacks. The first, directed towards the Internal Revenue Service, resulted in the theft of over 101,000 PIN numbers through the e-file PIN reset function. The next, in which the Democratic National Committee had its email system breached and the resulting data dumped on Wikileaks, is thought by some to have altered the course of the 2016 U.S. Presidential election. Other attacks, targeting Illinois and Arizona voting systems, only contributed to the growing question: Could a hacking attack change the course of history by interfering with an election?
These events contribute a few major takeaways from 2016, but the most important is that if this is possible, then any business is also at definite risk of being digitally infiltrated.
Ransomware is Only Getting Smarter Speaking of known threats, it seemed that there was another ransomware attack every time you turned around. With targets spanning across all industries, various forms of ransomware dominated many of 2016’s headlines. What’s worse, these ransomwares were steadily improving, adopting smarter and more effective tactics.
A standout example was the Petya ransomware, which deviated from the typical approach of encrypting a victim’s files to encrypting a victim’s master boot record. There was even a rise in “Ransomware-as-a-Service” offerings, allowing more users of varying experience to extort money from targets. Nobody seemed to be safe; targets including private users, businesses, even hospitals. Since businesses are a popular target of ransomware attacks, often distributed through phishing campaigns, workforces need to be educated to identify the warning signs that something is off.
The Internet of Things is Vulnerable While it might be fun to stream a zombie movie, it’s not so much fun to get hit by a botnet made of zombified streaming devices. Yet, with the release of the Mirai code, it is now possible for anyone with a bit of know-how to create a botnet out of infected IoT (Internet of Things) devices. Most notably, an IoT botnet managed to take several major websites out of commission for a brief period of time by attacking Dyn, a DNS (domain name server) service provider, taking out dozens of the most popular websites for a while in October in the largest scale cyber attack in history.
However, it’s clear that the IoT is here to stay, so there must be cognizance of the IoT’s security shortcomings as 2017 progresses.
Yahoo and User Accounts If 2016 was a rough year for any company, however, that company would have to be Yahoo. It was revealed that Yahoo had been breached not just once, but twice. The first breach to come to light had occurred in 2014, with the account credentials of more than 500 million user accounts being compromised. If that wasn’t already bad enough, Yahoo then had to announce that one billion accounts were compromised in a separate attack in August of 2013. This gave Yahoo the distinction of being the source of the largest-ever hack of user data. Pairing this with the fact that the estimated total of Internet users is just 3 billion, this news is monstrous.