2016 had a lot of notable headlines. Whether it was the UK voting to Brexit, the popularity of "Pokémon GO," or the summer Olympics in Brazil, last year left no shortage of water cooler material. However, what isn't often talked about is the impact that cybercrime had on the world in 2016. As far as the tech space is concerned, last year was like nothing we have ever seen before. So, while the aforementioned headlines may have dominated the mainstream news cycles, 2016 was, by all measures, the year of ransomware.
Recently, we held a webinar with Webroot titled, "2016: The Year of Ransomware - Encryption by Any Means Possible." In the webinar, Tyler Moffitt, Senior Threat Research Analyst with Webroot, reviewed the top IT security headlines of 2016. Additionally, Moffit reviewed attack vectors, detailed current top ransomware, made predictions for 2017 and even outlined five quick tips for stopping ransomware. But, for the purposes of this post, let's take a look at Tyler's top headlines of 2016.
Hackers Access SWIFT to Steal $81 Million and Erase Evidence
A hack discovered by BAE Systems revealed that SWIFT, a global financial messaging service that banks use to move millions of dollars and documents across the boarders, had been compromised. Hackers were able to install malware that allowed them to delete records of transfers and steal millions without being detected. How did they get caught? After successfully pulling off transfers of $1-2 million at a time, a single $81 million transfer raised a red flag. Had the hackers continued to withdraw smaller amounts, they may have gone on a lot longer without being detected.
Mirai Source Code Released
Another 2016 eye-opener came when Mirai, the same malware that was used in the October DDoS attack on KrebsOnSecurity.com, was released to the public on Hack Forums. Essentially, Mirai continuously scans the internet for IoT devices and logs into them using factory default pass codes. Once access is gained, large amounts of network traffic – spoofed to look legitimate – is sent to the target's servers, shutting down the site. This type of malware is especially tough to detect because the devices still perform as they are supposed to. Infected systems can be cleaned by rebooting, but since the scanning is happening at such a rapid rate, devices can become compromised again very quickly. In fact, a test run using a honeypot with a factory default pass code showed that devices are being hacked at an average of 90 seconds after reboot!
Ukranian Power Grid DDoS Attack
Rounding out the list of 2016 headlines is the DDoS attack that successfully took down a Ukrainian power grid. More than 250,000 residents were left in the dark after being hit twice in one calendar year. Additionally, the Mirai Botnet bricked nearly 1 million routers from a German ISP. This left the routers inoperable and needing to have the firmware reset or replaced. This attack proved just how large-scale the fallout from DDoS attacks can be.
In reviewing the top cybersecurity stories of 2016, it's plain to see that ransomware left a lasting impression. In fact, there were plenty of victims that wish they could have stayed out of the headlines. Check out the image below for a view of the corporate data breaches from 2016.
This post covers just a portion of what Tyler Moffitt discussed in his webinar.
By Lily Teplow
By Brian Downey
By Dave LeClair