By: Anthony Gil

10 Biggest Security Stories of 2016

2016 had its ups and its downs, but as the year comes to an end, here are the stories that made it to the top.

Dyn/Krebs DDoS and the Mirai BotNet

“As the denial of service (DDOS) attack against Dyn shook the internet a little over a week ago, it brought to the public forefront the changing dynamics of power in the online world. In the kinetic world of the past, the nation state equivalent was all-powerful, since it alone could raise the funds necessary to support the massive military and police forces necessary to command societies. In the online world, however, the “armies” being commanded are increasingly used against their will, massive networks of infected drone machines formed into botnets. The cost of acquiring, powering, cooling, connecting and operating these virtual soldiers are borne by private individuals and corporations, with criminal enterprises able to co-opt them into massive attack botnets.”

Forbes - The Dyn DDOS Attack And The Changing Balance Of Online Cyber Power- Oct. 31, 2016

 

Yahoo’s Breaches

“Yahoo confirmed on Thursday data "associated with at least 500 million user accounts" have been stolen in what may be one of the largest cybersecurity breaches ever. The company said it believes a "state-sponsored actor" was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014. "The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," Yahoo said in a statement.”

CNNMoney - Yahoo says 500 million accounts stolen- Sept. 23, 2016

 

LinkedIn Breach

“A hacker stole 6.5 million encrypted passwords from the site and posted them to a Russian crime forum. Now it appears that data theft was just the tip of the iceberg. A Russian hacker, who goes by "Peace," is selling 117 million email and password combinations on a dark web marketplace, Vice Motherboard reports. The going rate for the loot is five Bitcoins, or about $2,300.”

Fortune - LinkedIn Lost 167 Million Account Credentials in Data Breach- May. 18, 2016

 

Shadow Brokers

“The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.”

New York Times - ‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?- Aug. 16, 2016

 

SWIFT Bank Heists

“Swift has insisted that its core messaging service is secure and that the vulnerabilities are on the machines that interface with the network. Those computers are its members’ responsibility, the bank-owned cooperative says. Swift says its data center’s “golden copies” of transactions remained intact and could have been used to verify what had gone missing from the Bangladesh central bank.”

Bloomberg - Could Blockchain Have Prevented Bangladesh’s Central Bank Hack?- June 6, 2016

 

DNC Hacks/Guccifer

“Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts. The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.”

Washington Post - Russian government hackers penetrated DNC, stole opposition research on Trump- Jun. 14, 2016

 

Russian Election interference

“When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk. His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.”

New York Times - The Perfect Weapon: How Russian Cyberpower Invaded the U.S.- Dec. 13, 2016
 

Hilary Email Server

“The FBI told a federal court it needed a search warrant to look at thousands of Hillary Clinton's emails on the laptop of former U.S. Rep. Anthony Weiner because they had the potential to cause "grave damage to national security" if disclosed, according to court documents made public Tuesday. The wording was contained in a redacted search warrant and other court papers that were previously under seal in the investigation of an online relationship between Weiner, the estranged husband of top Clinton aide Huma Abedin, and a teenage girl in North Carolina. The papers offered no new revelations about Clinton's emails or the scope of a case that factored into the presidential election.”

Fortune - Court Releases FBI’s Search Warrant for Hillary Clinton’s Email Server- Dec. 20, 2016

 

Apple/FBI Court case

“The F.B.I. tried to force Apple to help investigators gain access to an iPhone used by Syed Rizwan Farook in the December mass shooting in San Bernardino, Calif. The company fought a federal court order requiring it to provide access to the F.B.I., on the grounds that it violates its right to due process. However, on Monday March 21st, the governrment granted a rerquest to postpone the hearing, saying that it might no longer need Apple’s assistance to extract data from the phone used in the attack.”

New York Times- Breaking Down Apple’s iPhone Fight With the U.S. Government- March 21, 2016

 

The Rise of Ransomware

“So-called “ransomware” attacks have become so ubiquitous in the last two years: they’re relatively low-budget, low stakes, and don’t require much skill to pull off. Instead of going after high-value, heavily fortified systems, like banks or corporations, that require complex technological skills to hack, cybercriminals use ransomware to go straight for easy targets: small businesses, schools, hospitals, and Joe Blow computer users like us, who are likely to pay a few hundred—or a few thousand—bucks to get our digital lives back.”

Time - A Devastating Type of Hack Is Costing People Big Money- April 21, 2016

 

Learn more about Zscaler.