and cybersecurity trends to expect for 2018
2017 has been a year of the biggest online identity thefts known in internet history. A staggering 380 percent increase in exposed records can be attributed more or less to a nearly 50 percent increase in internet users in just 2 years, from 2 billion in 2015 to 3.8 billion in 2017 (51 percent of the world population), in addition to the Internet of Insecure Things and the race for acquiring a hungry and security-unaware consumer market.
Breaches like Equifax that exposed nearly half of US internet users and ransomware campaigns that cost companies millions of dollars have shown us more than ever how vulnerable our personal data and cloud-based services are.
But for old school cybersecurity experts like the guys at F-Secure, it’s “business as usual.”
Here’s a roundup of the major cybersecurity incidents of 2017.
September this year, Equifax, one of the three major consumer credit agencies, reported that sensitive information for 143 million US consumers, including social security and driver’s license numbers, had been compromised. According to the company, hackers gained access to certain files from May to July exploiting a web server vulnerability for which a patch had been released at least two months before the breach. Equifax discovered the hack at the end of July. Major security incidents such as Yahoo’s 3 billion–user account meltdown dwarf the amount of data Equifax gave away, but the severity of the data the hackers laid their hands on made the incident unprecedented in internet history.
In May 2017, a new form of ransomware showed up spreading like wildfire across 150 countries. Dubbed WannaCry, the worm implemented some of the leaked NSA tools by Shadow Brokers in unpatched Windows software. It demanded 300 USD worth of bitcoins from the victims to decrypt their files—in some cases unsuccessfully. More than 300,000 machines, mostly running old Windows 7, were infected, affecting different industries including healthcare and automakers.
The ransomware that wasn’t a ransomware started in early July this year and at first was dubbed Petya, a sequel to WannaCry. The worm quickly infected thousands of machines, mostly in Ukraine, but also in France, Britain, Denmark, and the United States. The attackers avoided the mistakes of WannaCry in terms of spreading and infecting mechanisms, but as much as resourceful the attackers have been in the original design of the worm, they fell short of a rigorous method for their payment and decryption system. In retrospect, many analysts came to the conclusion that “NotPetya” was a worm of political nature that aimed to destroy and damage in the guise of ransomware.
July 2017, WikiLeaks dropped a bombshell into the cybersecurity space. With a massive collection of classified documents, internet users were shown again how scarce a commodity privacy and security have become. According to the documents, the CIA has a stock of Android and iOS zero days on reserve which they use to hack, surveil and remotely control user devices. Vault 7 also highlighted the sorry security situation of IoT devices.
In 2016, ride-sharing giant Uber suffered a data breach that involved the information of 57 million users. hile the dimensions and impact of the hack were in no way comparable to other much bigger security incidents, it was how the company handled the situation that alarmed the Internet world and helped Uber to—once again—make it to the leaderboard of Silicon Valley’s bad guys. Uber had paid the hackers $100,000 to cover the breach and it wasn’t known until November this year when its new CEO, Dara Khosrowshahi, made it public. In the aftermath, three senators have proposed a bill that could make executives face legal consequences, including jail, for intentional coverups of data breaches. City attorneys in Chicago and Los Angeles and the state of Washington are currently suing Uber over the coverup.
The Yahoo! meltdown
Yahoo!, the uncontested leader in data breaches in terms of quantity, couldn’t suffer ceding the number one spot to another firm. In October, Verizon, the company that bought Yahoo! a few months ago, announced that back in 2013, all of Yahoo’s 3 billion accounts had been hacked. Yahoo had initially claimed that the hack had compromised 1 billion accounts. According to Yahoo’s former CEO, Marissa Mayer, the company just found out about the incident in 2016. So, if you still have a Yahoo account, take my advice: Get rid of it ASAP.
The third major ransomware wave of this year happened in October. A successor to NotPetya, Bad Rabbit inherited about 65 percent of its code and acted as a true ransomware in contrast to its parent. The campaign mostly hit Russia but was also seen in Germany, Turkey, and Ukraine. It started with fake Adobe Flash pop-ups on compromised websites and further spread through an infected network via a combination of an SMB component and brute-forcing weak passwords. According to specialists, Bad Rabbit was a targeted campaign against corporate networks.
In April, an anonymous group called the Shadow Brokers started to leak and sell hacking tools and techniques that later was used to stage some of the most notorious breaches of the year like WannaCry.
The tools enabled hackers to compromise different flavors of Windows operating systems, including Windows 7, Windows 8, and Windows servers.
Microsoft later announced that it had already released patches for the vulnerabilities in March.
2018 in cybersecurity, the way ahead
One thing is for sure, don’t install apps using pop-ups. No, seriously, the cybersecurity incidents and data breaches of 2018 won’t be less than 2017. According to a Cybersecurity Ventures prediction, by 2021, cybercrime will cost the world a staggering 6 trillion USD, up 50 percent from 3 trillion dollars in 2016.
As more and more individuals and businesses connect to the internet and vitally rely on it, a minimum of cybersecurity expertise will become a must for almost any employment opportunity. Like learning to type or learning to work with word processing software and spreadsheets in the old days, unless you want to be undervalued and underperform—if not to go unemployed altogether—you need to learn the basics of cybersecurity.
2017 has seen the rise of ransomware and with anonymous payment technologies based on the blockchain, no decrease is in sight.
According to F-Secure Labs Researcher Päivi Tynninen, the “Amount of new ransomware will decrease, but there’ll be more targeted ransomware attacks against companies.” We’ve already seen this trend at play with Bad Rabbit.
But on the bright sight, there has been an improvement in threat intelligence sharing among cybersecurity experts.
Recent advances in AI and machine learning have opened new avenues to cybersecurity experts for analyzing vast amounts of network traffic data, backlogs, and incident alarms. By partnering intelligent machines with human expertise, cybersecurity analysts have been able to filter away the noise and act faster in a focused way.
On the legislative side, governments are introducing new bills to force companies to disclose data breaches. U.K. data protection bill, the European Union’s General Data Protection Regulation, and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are some of the major steps forward.
And finally, there are fundamentally disrupting trends in the cybersecurity field to move away from traditional cloud-based solutions to the blockchain, distributed ledgers, and cryptographic algorithms. These scenarios where users literally own their data and don’t rely on third parties to protect them, are still in their infancy and it is far from clear how they will play out, but they are definitely worth following.
If there is anything that I’ve missed and you think should be included here feel free to comment. Love to hear your feedback.