Let’s face it, when it comes to cybersecurity, 2016 was quite a fascinating year. And while we experienced the traditional breaches this year—data theft for fraud, identity theft, and financial gain—many of the most significant breaches this year were not financially motivated, but political or activist in nature.
In this list, I’ve assembled five of the most noteworthy breaches of the past year.
The hack of the Democratic National Committee
Perhaps the biggest cybersecurity story of 2016 is the alleged involvement of Russian state actors in the hacking of the Democratic National Committee (DNC) and Democratic party officials and the potential release of that stolen information to the website WikiLeaks in an attempt to sway public opinion heading into the 2016 election. WikiLeaks published about 20,000 DNC emails, including many attachments.
While there was no evidence that actual voting machines, voting efforts, or the counting of votes was manipulated, or the impact, if any, the theft and disclosure had on public opinion, this hack will reverberate for years through the hearts and minds of politicians and policymakers.
We covered the importance of understanding nation-state threats in the post The big cybersecurity trends that will likely continue through 2017.
The DYN DDoS Attacks
In the fall we learned that when it comes to the health of the broader Internet the security of our IoT devices matters significantly. In October, a massive botnet knocked off household name websites such as Amazon services, Tumblr, Twitter, Reddit, Spotify, Netflix and others.
The botnet, dubbed Mirai, scans for IoT connected devices and will compromise those devices when possible. After successfully commandeering an IoT device, the devices will fire traffic at a targeted resource, such as an online service, website, or application. Reportedly, the attackers didn’t aim their botnet at domain name services provider Dyn DNS, but that’s who took the brunt of the attack. This botnet was the same botnet that famously knocked security blogger’s Brian Kreb’s site, KrebsOnSecurity’s, offline just prior to the Dyn DNS attack.
In total, the botnet compromised more than 100,000 IoT devices. We’ve looked at IoT security here, here, and here.
NSA hacking Tools Released
In one of the more interesting breaches of the year, a hacker group called Shadow Brokers claimed to have obtained software exploit tools from the NSA’s Tailored Access Operations (TAO) team. The toolsets and exploits are reportedly capable of infecting systems to the extent that system refreshes and operating re-installations wouldn’t clean away the malware. ARS Technica reporter Sean Gallagher reported in Hints suggest an insider helped the NSA “Equation Group” hacking tools leak that an insider may have been involved in the breach.
A story from The Guardian, FBI investigation of leaked NSA hacking tools examines operative's 'mistake', identifies the careless handling of a cache of exploits on an unsecured and remote computer as what likely made the breach possible. It wasn’t clear, according to interviews in that story, whether the NSA staffer, or contractor, acted intentionally in leaving the hacking tools susceptible to theft.
Not so SWIFT banking hack continues
What initially broke as news about an $81 million cyberattack that successfully targeted the SWIFT messaging network of banks around the world grew as the list of compromises expanded to include more and more affected banks. In each incident, the pattern appeared the same—the attackers were able to infect a bank system with advanced malware and gain access to the SWIFT network. The attackers were then able to create cash transfers by sending fraudulent messages across the network. More than a dozen banks were likely affected.
As of November 2016, the threat was still expanding, and according to this Reuters story Exclusive: SWIFT confirms new cyber thefts, hacking tactics, “The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter.” The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters.”
With attacks persisting about a year after the initial bank heist was identified, this is a story that is likely to continue into 2017.
Linux Mint gets an extra entry
In February 2016, Linux Mint, one of the most successful distributions of Linux , became the target of an attacker who managed to plant a backdoor in the popular operating system. According to news reports the attacker compromised the project’s home website and replaced it with a compromised version.
Clement Lefebvre, Linux Mint project lead, confirmed the breach. "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," he wrote. Hundreds of Linus Mint users reportedly downloaded the operating system.
Few would say that 2016 wasn’t a tumultuous year when it came to cybersecurity. In many ways the increase in nation-state and politically motivated attacks, as well as the use of hundreds of thousands and widely distributed compromised IoT devices, shows just how much data security is changing. No one knows for sure what 2017 has in store, but if 2016 is any indication, it’s a good idea for everyone to tighten their firewalls, update the patches and security signatures, and buckle-up.