These hacks and data breaches broke records in 2016

cybersecurity data breach hack

We’ve been saying this for many years: This year’s cyberattacks dwarfed last year’s. And in this regard, 2016 was no exception. From online fraud to account takeovers and data breaches, and everything else, attacks were dished out in bigger sizes and higher frequencies than before.

Some trends such as ransomware and DDoS attacks dominated the headlines, but that was not all 2016 had in stock. While experts might differ on which were the biggest hacks of the year, there’s no denying that the following four cases were really unprecedented in their own kind. Continue reading

Advertisements

How blockchain can improve cybersecurity

blockchain-security

Our increasingly connected and digital lives are making us more vulnerable to cyberattacks than ever. As was the case in previous years, 2016 saw a spate of cyberattacks of unprecedented proportions. Some of these incidents were a reminder that the internet is no longer fun and games.

What we also learned was that the current infrastructure that powers our current local and global networks might no longer be able to sustain the new generation of attacks and threats.

Enter the blockchain, the distributed ledger that underlies the popular and controversial Bitcoin cryptocurrency, the technology that is the result of decades of research in cybersecurity and cryptography. Continue reading

What Bruce Schneier teaches us about IoT and cybersecurity

Bruce Schneier, cybersecurity expert, cryptologist

As if I haven’t said it a million times, IoT security is critical.

But just when I thought I had it all figured out, somebody comes along and sheds new light on this very important topic in a different way.

At a November 16 hearing held by the Congress Committee on Energy and Commerce in light of the devastating October 21 Dyn DDoS attack, famous cryptologist and computer security expert Bruce Schneier offered a new perspective on IoT security, which makes it easier for everyone to understand the criticality of the issue. Continue reading

How the IoT industry will self-regulate its security

iot security

Following last week’s DDoS attack against Dyn, which was carried out through a huge IoT botnet, there’s a general sense of worry about IoT security—or rather insecurity—destabilizing the internet or bringing it to a total collapse.

All sorts of apocalyptic and dystopian scenarios are being spinned out by different writers (including myself) about how IoT security is running out of hand and turning into an uncontrollable problem. There are fears that DDoS attacks will continue to rise in number and magnitude; large portions of internet-connected devices will fall within the control of APT and hacker groups, and they will censor what suits them and bring down sites that are against their interests. The internet will lose its fundamental value. We will recede to the dark ages of pre-internet. Continue reading

How insecurity is damaging the IoT industry

internet of things

The Internet of Things (IoT) is often hyped as the next industrial revolution—and it’s not an overstatement. Its use cases are still being discovered and it has the potential to change life and business as we know it today. But as much as IoT is disruptive, it can also be destructive, and never has this reality been felt as we’re feeling it today. Continue reading

What else is hidden behind DDoS attacks?

15226344703_255d45c825_k

This week, ProtonMail made headlines for being targeted by a massive DDoS attack after having caved-in to $6,000 ransom demand made by the group that was behind the attack. The two-stage attack, which eventually took down the ISP, and the hype that surrounded it seemed to confirm a theory that I read about not long ago: DDoS attacks are the perfect smoke screen for APTs and silent data breaches.

The new attack against ProtonMail seems to fit-in with the trend of growing DDoS attacks, both in diversity, complexity and quantity. DDoS attacks and are becoming a serious source of income for hackers, as time-critical businesses such as banks and financing companies usually prefer to pay the attackers rather than to risk the more heavy losses that the possible down-time of the attack can incur. Continue reading