Hacks, Leaks and Breaches: Our Top 6 Stories of 2016
2016 brought more hacks, leaks and breaches to light than any previous year. Many of these issues will persist into 2017, especially with all the claims around the Russians hacking the DNC, a rise of DDoS-for-Sale services and ransomware continuing to baffle its victims. We’ve told you our predictions of where hacking and cyber security are headed, now, here’s a round-up of our Top 6 Stories of 2016…
Back in March, Boston Methodist Hospital underwent a ransomware attack. The attack shut down all their systems and Locky Malware was revealed to the world. The malware was spread via phishing emails with a Trojan attachment directing users to enable macros in order to decrypt the attachment’s encoding. Once enabled, the user’s system is struck with the ransomware. Locky encrypts video, image, source code, Office and other files, only divulging the key after the user pays a ransom of 4 bitcoins (about $1,600). It even encrypted the users bit coins (if they have any) and directs them to a site on the dark web in order to purchase more and pay the ransom. Locky ransomware was a new malware this year and affected over a dozen industries, affecting the healthcare industry disproportionately. Virusresearch.org gives some direction about what to do in case of a Locky attack.
5. Adups Secret Feature
In November, Kryptowire discovered a firmware in the Shanghai Adups Technology Company’s mobile software which sent users’ personal information (such as text messages) to a server in China every 72 hours. Adups made and official statement as well as a few executives having made statements off their own. These statements all claim different uses of this information, raising all sorts of questions as to the real intentions behind this software. Adups’ software runs on more than 700 million smart devices, making this a large breach of privacy. No official statements (which I could find) have spoken of any resolve of the issue, meaning this could continue on into 2017…
4. Rule 41 Amendment
The Rule 41 Amendments will be implemented soon, allowing judges to award warrants for the hacking of multiple computers spanning across judicial districts. These amendments caused quite a stir by raising possible 4th amendment issues. However, despite critique, the amendments will go into play. In a blog post defending the changes, written by Assistant Attorney General Leslie R. Caldwell of the Criminal Division, her defense does not satiate concerns: “…where the crime involves criminals hacking computers located in five or more different judicial districts, the changes to Rule 41 would ensure that federal agents may identify one judge to review an application for a search warrant rather than be required to submit separate warrant applications in each district—up to 94—where a computer is affected.”
3. Madison County, Indiana
Kaspersky Lab deemed 2016 The Year of Ransomware, with hospitals, government entities and transit centers all being targets for large ransomware attacks. However, among all of these attacks, the case of Madison County, Indiana is the most interesting as it was largely the first of its kind. Back in November, the Madison County computer system was overrun with ransomware. A small town of 130,000 residents, this may not seem fitting for a Top Stories list, however, it’s the first recorded ransomware attack of an entire county. 911 calls had to be written down and manually handed to drivers, rather than dispatching via online, records couldn’t be accessed and many government employees took a couple days off as no work could be done by many. Despite the size of the county, this hack opened our eyes to the possibilities of larger scale damage hackers could do. Imagine a much larger county’s systems being taken over; this could be detrimental. If nothing else, this case illuminated the importance of cyber security efforts from our government entities and, we hope, encouraged everyone to back up their files!
2. Adult Friend Finder
In October/November, it was revealed that over 400 million accounts from various Adult Friend Finder sites (Adultfriendfinder.com, Cams.com, Stripshow.com, iCams.com) were compromised with user information being sold on the dark net. This hack not only included their own sites, but even Penthouse.com (whom they are no longer affiliated with) and even 15 million expired/deleted accounts. This was not Adult Friend Finder’s first breach, however it was by far their largest and possibly the largest breach of 2016. The most surprising detail to come out of this story (from a security standpoint) is that their passwords were stored in plain text format with 123456 being their most popular password. Between users’ lazy password choosing and Adult Friend Finder’s lazy (or lacking) security protocols, it was a recipe for disaster.
1. Mirai Botnet
On October 16, we got our first giant, cyber security wake-up call when the Domain Name System (DNS) Dyn was hit with the largest Distributed Denial of Services (DDoS) attack in history. The attack was by a botnet called Mirai on Dyn; temporarily shutting down Twitter, Netflix, Etsy, Github, BBC, The New York Times, Reddit, AWS and dozens of other popular sites. Not only did this attack awaken our societal senses towards the vast possibility of cyber-attacks, but the release of Mirai’s source code also spurred a surge in DDoS-for-hire services. Even further, the Mirai botnet was able to do all of this by hacking cameras, DVRs and other items included in the Internet of Things (IoT). Mirai created a wave of interest in hacking and cyber security from parts of the population who had known next to nothing of the subject previously. All of this contributed to the historical attack being recognized by many and makes it a likely candidate for the most memorable attack of 2016.
To help combat all that is to come in 2017 and beyond, take advantage of our New Year promotion, running the whole month of January. Click here to get your New Year deal!