The year 2016 will not only be remembered for Trump’s surprise victory in the US election, or for Brexit, or for saying goodbye to so many public figures like David Bowie, Alan Rickman, Prince, Muhammed Ali and Carrie Fisher, just to name a few. Last year was also one of the most challenging for cyber-security. Hackers were busier than ever stealing valuable data and credentials, finding flaws in security systems and sending phishing campaigns to an ever-increasing number of victims - both businesses and individuals.
What are some of the lessons we can take away from 2016 cyber-threats?
The critical importance of cyber-hygiene. Nowadays, it is more vital than ever that passwords are changed regularly, and not only when a data breach goes public. 2016 was host to the biggest data breach ever recorded, suffered by the industry giant Yahoo. 500 million user accounts were stolen back in 2013, meaning that for 3 years, the compromised credentials of the users were probably on sale on the Dark Web. Since the breach wasn’t made public for some time, it highlights the importance of regularly changing passwords as well as using strong passwords (a hard-to-guess combination of upper and lower case letters, numbers and symbols). The recommended time-frame to change ones’ passwords is every 3 months, however, research shows that most users don’t apply this rule: a lot of the time, users stick to one single password for all of their accounts, and hardly ever change it. That is like gold to hackers who rely on users’ sluggishness: if users never update their passwords, stolen credentials available on the Dark Web can remain accurate for months, even years; thus, the risk of users being hacked is sky rocking.
Hackers are now also meddling in political matters. The US Election hack is proof that the political landscape can evolve based on cyber-criminal hacks. The exposure of confidential and private emails have definitively cast a big shadow on Hillary Clinton’s campaign, and even though the actual origin of the hack is to this day still unknown (state hackers? Anonymous? WikiLeaks?), this new trend is a game changer and raises the following question for 2017: will hackers interfere in other elections, such as in Germany or France in the next few months?
Bigger targets mean bigger gains for criminals. In 2016, hackers focused on data breaches and targeted more large companies and organisations than ever before. Some of the (publicly disclosed) victims of massive data breaches were: Dropbox, LinkedIn, Verizon, Snapchat, Yahoo, Tumblr and Myspace; just to name a few. Millions of credentials were compromised.
Note: this trend doesn’t mean that small companies are less at risk. It’s true that hackers now tend to target more and more of the big fish, but cyber-attacks on the small fry continue to rise, because they are easier prey, and are still very profitable.
DDoS attacks proliferated. Distributed Denial of Service attacks continue to evolve rapidly, and are now used more than ever. In 2016, DDoS campaigns increased in frequency and size, with hackers making use of DNS and DNSSEC to intensify their offensive. The common link in almost all DDoS attacks is the widespread use of Internet of Things (IoT) botnets, created with malware to compromise insecure IoT devices. Mirai is the most frequently used malware in DDoS campaigns.
Ransomware remained highly popular amongst hackers, and highly profitable too. Research showed that new ransomware samples increased by 80% in 2016, with a 600% growth in new ransomware variants. The industries most targeted by ransomware attacks were the financial sector, the educational sector and the health sector (especially hospitals). Hackers worked hard to lock these institutions out of their critical data, making it hard not to pay the ransom straight away. New ransomware variants, incorporating substantial technical advances, made their debut in 2016. Some advances included: the use of partial and full hard disk encryption (instead of encrypting single files); and the exploit of new delivery systems. The number of ransomware attacks rose frighteningly high, as did their efficiency and the ransom prices. This resulted in three alarming consequences: first, cyber-criminals used their profits to finance even more advanced threats and highly-evolved ransomware samples; second, more hackers turned their attention to this cheap yet lucrative type of cyber-attack; third, hackers are now also offering ransomware as a "service" for non-tech-savvy criminals. It is no wonder the number one security-threat for businesses in 2017 is ransomware attacks.
2016’s cyber-threat landscape in a nutshell:
- 51% of Americans were affected by a security incident
- Cyber-attacks cost an estimated $400 billion globally
- Data breaches increased by 23%
- The global average total cost of a data breach was $3.8 million
- About 50% of American organisations underwent a ransomware attack
- $209 million were paid to ransomware hackers in Q1 alone
More than ever before, cyber-criminals in 2016 were focused on remaining one step ahead in the cyber game, by continuously improving their schemes and innovating with new threats. One thing is for sure: the only constant in cyber-criminality is the perpetual evolution of threats.