We are nearing the end of 2016, a year of many landmarks in cyber security, with record-breaking cyber attacks almost on a monthly basis.

CBR sorts through the major attacks to tell you what happened and why it matters.

 

 1. Russia and the US election

Hacking goes political

2016 saw the widely unexpected election of business tycoon and reality television personality Donald Trump as the next President of the US.

The bitterly fought election campaign also raised important cyber security questions as a number of hacks on the candidates were publicised.

The Democratic National Committee saw its private emails stolen in a breach and released on the website Wikileaks. Democratic candidate Hillary Clinton’s campaign chair John Podesta was hacked by an apparent phishing attack and saw his emails released publicly, again by Wikileaks.

TrumpThe Democratic Party was also hit by a cyber attack on the Democratic Congressional Campaign Committee, which may have compromised the details of donors.

There were also believed to be hacks on the Republican Party, including into email accounts.

These hacks have remained talking points since the election, mainly because of suspicion that the Russian state was involved.

Security firms appeared to find evidence linking the hacks to Russian domain names. The US intelligence firm the CIA said that it believed the Russian state had been involved, and President Barack Obama has ordered a full review of possible Russian hacking of the election.

At the time of writing, there is no publicly available evidence that the Russian state was involved, but expect the attribution of these attacks to be a major theme in coming months.

2. Dyn

How big can a DDoS get?

The attack on Dyn was one of many major distributed denial of service (DDoS) attacks in the year, but it was of particular importance due to both the damage it did and its sheer magnitude.

Dyn is a hosting provider, relied upon by many popular websites including Twitter, Reddit and Spotify.

In a DDoS attack, the target web server is hit by an overwhelming amount of traffic, consuming the server’s resources and if successful, taking the server offline.

The 21 October attack on Dyn made the sites mentioned above unavailable for many users.

According to Dyn’s assessment, the attack on its Managed DNS infrastructure may have peaked at 1.2 Tbps, an extremely high and record-setting level.

DynPowering the attack was the malware Mirai, which Dyn confirmed as the source of the attack.

Mirai is encoded with a list of a few default passwords, including obvious words and phrases such as ‘password’ or ‘password123’. It trawls the net, looking for passive internet-connected devices such as routers and camera and inputting these passwords into the devices to try and take them over.

Mirai has featured in major attacks on OVH, KrebsOnSecurity, Deutsche Telekom, TalkTalk and the Post Office.

Over the next year or two we may see the full potential of the Mirai botnet and other similar botnets.

3. Central Bank of Bangladesh

The true cost of financial hacking

Attackers in February used the SWIFT network to steal $81m (£56m) from Bangladesh’s central bank.

The hack exploited vulnerabilities in banks funds’ transfer initiation environments before sending the messages over SWIFT.

Bangladesh
Mr. Fazle Kabir
Governor, Bangladesh Bank, took over after Atiur Rahman resigned in the wake of the hack.

SWIFT is the primary communications channel for financial institutions engaged in correspondent banking around the world, transmitting messages relating to payments, securities, treasury and trade between financial institutions.

It has since been confirmed that further attacks have taken place since the February one. With a letter sent to banks on 2 November, which was seen by Reuters, SWIFT cautioned over growing threats to its systems.

4 & 5. Yahoo

The second biggest data breach in history…and the biggest

Yahoo takes two slots on this list because twice in one year it set the biggest record for the biggest disclosed data breach.

In September Yahoo reported that 500 million user accounts had been stolen during a breach in 2014. The data included names, emails, telephone numbers, date of births and hashed passwords.

YahooUnfortunately, in an increasingly fraught year for the internet firm, Yahoo was forced to disclose another breach in mid-December.

Even more unfortunately for Yahoo, this new hack is believed to have affected a billion accounts.

This breach dated back to 2013, when what Yahoo called “an unauthorised third party” stole the data.

Once again, names, phone numbers, passwords and email addresses were stolen, although bank and payment data was unaffected.

Yahoo is currently in the process of being acquired by telecoms provider Verizon for a proposed $4.8 billion. Verizon has not confirmed or denied whether either data breach will cause it to seek a lower price for the acquisition or pull out altogether.

6. Sage

The danger of the insider threat

UK software company Sage was hit by a data breach in August, with ‘unauthorised access’ potentially compromising the personal information for employees at 280 UK businesses.

Insider attack looks likely as Sage warns UK customers of data breach

It is not clear whether the information was stolen or viewed by the hackers.

It was believed that the breach had been carried out by somebody using an internal company login. An employee of the firm was later arrested.

The criminal investigation is still ongoing.

7. MySpace

How many services still have your details without you realising?

MySpace has become almost a byword for a groundbreaking service that quickly became obsolete.

MySpaceHowever, the revelation of a huge amount of user information reveals that just because people stop using a service, doesn’t mean that their details disappear from it.

The hack took place in 2013, but the user information did not appear online until 2016.

According to hack database LeakedSource, 360,213,024 records were disclosed in the breach.

8. Tesco Bank

Is your bank taking your security seriously enough?

On 5 November, several customers complained that money had been withdrawn from their Tesco Bank accounts without permission. They also complained that cards had been blocked and there being long delays in being able to contact the bank on the phone.

Tesco Bank suspended online payments after it detected ‘suspicious activity’. Service had resumed by 10 PM on 8 November.

Around 9,000 customers were affected by the fraudulent transactions, according to Tesco. It cost £2.5 million. All customers affected had been fully reimbursed.

TescoThe bank also said that no customer personal data had been compromised.

The bank is working with the National Cyber Security Centre, a division of GCHQ on the investigation.

In addition, the Financial Conduct Authority is contacting British lenders to find out if they are doing the practice, according to the report in the Financial Times, which cited executives at two rival banks and someone briefed on Tesco’s security operations.

Normally, card numbers are assigned randomly. However, these claims suggest that Tesco Bank gave out account numbers in order, meaning that hackers could quickly move from one account to the next.

The practice may have made it much harder to detect the fraud as the hackers would have had a high success rate.

9. FBI and Department of Homeland Security

Even the intelligence agencies are vulnerable

A hacker threatened to, and subsequently did, dump the details of over 20,000 apparent FBI employees and 9000 Department of Homeland Security.

FBIThe data included names, job titles, email addresses and phone numbers. The details included employees in various departments of the agencies.

According to Motherboard, which first reported the hack, the anonymous hacker obtained the details by hacking the account of an employee at the Department of Justice. When first contacting Motherboard, the hacker used this account to email the Motherboard reporter.

10. Adult FriendFinder

Discreet websites once again fail to live up to promises

The attack on adult dating and entertainment company FriendFinder Networks reportedly exposed account details of its 412 million users.

It affected AdultFriendFinder, Cams.com, Penthouse, Stripshow and/or iCams.com, which are all owned by FriendFinder Networks.

Adult FriendFinder339 million accounts from AdultFriendFinder.com were exposed in the attack, 62 million from Cams.com and 7 million from Penthouse.com.

Also exposed were over 15 million “deleted” accounts that had not been removed from the databases.

LeakedSource, which obtained the data, the breach accounted for two decades’ of accumulated data from the company’s largest sites.