Cyber incidents like the powerful Mirai botnet and the attack on DNS provider Dyn defined some of the biggest (cyber) moments back in 2016. The Dyn attack, for instance, disrupted internet services all over the world and is now considered the largest attack of its kind in history. But 2017 also set some new precedents when it came to cyber breaches and the magnitudes of damage. Here is our countdown of the most controversial headlines this year. Do you agree with our picks?
1. Kaspersky Lab’s alleged ties with Russia
Cybersecurity can often get political. Antivirus giant Kaspersky made headlines all throughout 2017 for its controversial involvement with Russian intelligence officials who may have introduced spyware into Kaspersky software. It all began in 2015 when Kaspersky Lab employers reportedly fired high-level managers and filled the positions with people who may have close ties to Russia’s military or intelligence services. The rumor escalated during the latter months of 2017 when Israeli intelligence discovered that Russian hackers used the company’s antivirus software to search computer systems for information on US intelligence programs. This prompted the Department of Homeland Security to issue an order banning Kaspersky products from use within the U.S. federal government and later encouraged corporations to follow their lead. Even Britain’s cybersecurity agency followed suit in encouraging government bodies to not use the software due to concerns about Russian snooping.
2. Cloudflare’s memory-leaking bug, Cloudbleed
Named after the infamous security bug Heartbleed (which had affected nearly 70% of the Internet), Cloudbleed was a bug in Cloudflare’s system that haphazardly leaked potentially sensitive user information, including cookies, login credentials, API keys, and more to thousands of websites over the course of six months. The leak ignited widespread concern about the safety of personal information on affected sites. Because the service operates on shared infrastructure, when an HTTP request was made to a website protected by Cloudflare, the bug could potentially have revealed information to even websites not protected by Cloudflare. The company issued a statement acknowledging the memory leak caused by the bug but not much could have been done to undo the data exposure that had taken place. Users utilizing Cloudflare were simply encouraged to change their passwords, including those users utilizing 2FA.
3. Leaked CIA hacking tools
Around March of this year, WikiLeaks leaked 8,761 classified CIA documents to the public. The documents revealed details about covert hacking “tools” that can break into computers, mobile phones, TVs, and even social media applications. They reported on zero-day vulnerabilities in iPhone and Android devices and how these flaws could be used to “weaponize” such devices — in other words, turn them into espionage tools. Other documents detailed ways to bypass encryption for popular messaging apps like WhatsApp and Telegram. Though WikiLeaks did not actually release the source codes necessary to carry out these exploits, security experts who were able to inspect the documents believe the reports contained enough detail to “recreate” the source codes. It seems like this may have been the case as it was reported by Symantec that at least 40 cyberattacks in 16 different countries could be associated with the CIA exploits published on WikiLeaks.
4. Leaked NSA exploits
In addition to the CIA, another governing body, the NSA,also fell victim to a massive data leak but this time, by a group of hackers called The Shadow Brokers, which first emerged in 2016. The price to pay for the leak has been rather devastating. Since April of this year, The Shadow Brokers has continuously released hacking tools obtained from the NSA via an expensive subscription-based “monthly dump service.” Since the exposure of ExternalBlue and ExternalRomance, we have seen a great deal of its consequences like Petya, WannaCry, NotPetya, and others, all which used exploits from the leaked NSA toolkit. The Bad Rabbit ransomware, too, used the EternalRomance NSA exploit to spread ransomware across computer systems primarily in Russia and Ukraine.
5. WannaCry ransomware cyberattack went global
The WannaCry ransomware infected more than 200,000 computers in 150 countries when it was unleashed to the world in May. The ransomware specifically targeted computers running on Microsoft Windows and primarily used zero-day exploits obtained from the pool of leaked NSA hacking tools to infect computers worldwide. And the impact was huge. Like other ransomware, it works by encrypting data on an infected computer until a ransom is paid. However in this case, hackers demanded their payment in Bitcoin. Although a “killswitch” was introduced shortly after, which slowed down the spread of the ransomware, serious damage had already been done. The attack severely crippled important computer systems including airlines, banks, hospitals, and more in countries across Europe, the US, Russia, and China.
6. Petya/NotPetya wreaked havoc across worldwide computer systems
Following the WannaCry ransomware attack, another massive cyberattack called NotPetya arose just a month after, infecting computer systems first in Ukraine and eventually spreading to Europe and the US. The malware was named after the “Petya” ransomware, which was first spotted in 2016. Security experts say Petya and NotPetya share a resemblance but the two are different in substance. Both use modified versions of leaked NSA exploit tools, but strangely, NotPetya leaves victims with no opportunity to actually input decryption keys and restore their systems. Unlike its predecessor, NotPetya was not designed to make fast money but to cause structural damage and spread quickly.
7. The resignation of Trump’s cybersecurity advisors
It was announced that roughly a quarter of Trump’s National Infrastructure Advisory Council, a government body in charge of overseeing the security of the nation’s critical infrastructure, resigned in August. In their collective resignation letter, members of the council cited President Trump’s lackluster response to the violence in Charlottesville and the administration’s decision to withdraw from the Paris climate agreement as their top reasons for leaving the council. However, interestingly enough, the resignees also named the Trump administration’s inadequate attention to cybersecurity as another major reason for leaving. Trump had previously been slammed for showing minimal understanding of the word “cyber” and paying little to no attention to the gravity that cyberattacks pose to the country’s national security. He was also heavily criticized for suggesting a joint cybersecurity “task force” with Russia and for failing to meet the administration’s self-imposed deadline to propose a comprehensive cybersecurity plan.
8. Equifax leak that exposed sensitive information of 143 million Americans
One of the Big Three credit bureaus in the US, Equifax, suffered a massive data leak that left millions of Americans’ sensitive information exposed, including names, SSNs, birth dates, home addresses and for some, drivers’ license numbers as well as credit card information. In their official press release, Equifax did not delve into the details of how exactly hackers gained access to their database. Rather, the company only stated that hackers gained access by exploiting a website application vulnerability but with no specifications on which websites were hacked or what kind of web application attacks were used to cause the leak. The Equifax breach was such a big deal because it is the biggest data leak in modern times that exposed information of such high sensitivity. Additionally, the potential for damage was and remains huge. With the leaked information, hackers now have all they need to assume a victim’s identity and commit all sorts of fraud.
9. Wi-Fi security jeopardized by KRACK
It was mid-October when news of a major security flaw was discovered, made public by two security researchers. KRACK, short for Key Reinstallation Attack, relies on a flaw associated with the WPA2 protocol, permitting hackers to intercept the encryption between a router and a device. This allows them to eavesdrop on anyone that connects to Wi-Fi. All devices that use Wi-Fi are likely impacted by this vulnerability because WPA2 is used on a majority of internet-enabled devices to communicate securely. This explains the wide range of platforms for which wireless communications may be intercepted with KRACK, including Microsoft Windows, macOS, Linux, iOS, and Android. While it caused panic among users of the Web, there was some reassurance in knowing that the security flaw was not known to be currently exploited. Furthermore, the flaw could easily be fixed with a backwards-compatible patch, meaning a device can be protected against KRACK while still in communication with an “unpatched” hardware.
10. Uber under fire for masking massive data leak
While it’s becoming more of the norm for data breaches to come to light months after a cyber incident, in the case of global ride-sharing company Uber, a large data breach in 2016 had been carefully kept under wraps for over a year. Only November this year did the incident come to light with Uber officially admitting to a data breach that affected 57 million users after Bloomberg already made the news public. Uber was reported to have also paid hackers $100,000 to get rid of the data and essentially sweep the whole incident under the rug. So what exactly was leaked? The breach exposed names, email addresses, phone numbers, and some 600,000 drivers’ license numbers but luckily no SSNs. Uber has previously been under fire for other privacy concerns, and this incident only added fuel to the fire.
So there you have it! Our picks for the top ten headlines for 2017 that captivated our attention. Did we miss anything? If we did, send us a direct message on our Facebook or Twitter to get the conversation going. Also, be on the lookout for our infographic, 2017 Cybersecurity Recap, to get a visual review of all the cyber-happenings of the year.