2016 a year in Review

Goodbye 2016

A year in security is a considerable amount of time, the amount of breaches, attacks and disclosures have been almost non stop and we're not finished yet. I have listed below some of the most notable 'cyber' incidents which caught my eye for a number of reasons.

  • HSBC Bank attacks - January 
  • Operation Dust Storm - Feburary
  • DROWN vulnerability - March
  • Panama Papers - April
  • RDP Bruteforcing - May
  • Democratic Party Hack - June and of course the disappearance of Angler around the same time and NATO recognises Cyber as a '5th domain of warfare' 
  • xDedic forum - July
  • ShadowBrokers 'dump' - August
  • Brian Krebs DDOS attack - September and the Congressional oversight releases the report on the OPM breach 
  • Trickbot - October
  • Three data 'breach' - November
  • Avalanche takedown - December Bonus video footage of the arrest here  

No real surprises for those in the trenches of security, I've missed out some of the more 'media' friendly stories as cyber became front page news this year, with every DDOS and breach impacting those who have zero idea how the incident will have occurred.  Typically cloudy responses from the organisations affected do not help the affected, or more importantly the victims.  

What are companies doing to ensure this doesn't happen to them? The basics, the advanced intelligence led security endeavours to look for the potential attack vectors and methods being used elsewhere, and deriving the intelligence from them, but the fact is most attacks are NOT sophisticated. This phrase is only tagged onto those incidents that make front page news, or as i call them the BBC factor. I am a big fan of @thegruqg for one his clarity in tone for security along with his razor wit is good to see in security, he is a poster boy for security snark and backs it up with proof.

The ultimate being this tweet

New rule: if you are hacked via OWASP Top 10, you’re not allowed to call it “advanced” or “sophisticated.”
— https://twitter.com/thegrugq/status/658991205816995840


And he is so right, Tesco may have been hacked by a vulnerability in the back office system, or an insider threat offering access to his terminal for transactional access, but the fact remains few of the breaches above where ' sophisticated'

  1. xDedic - bruteforcing RDP sessions
  2. Three Data incident - insider
  3. Panama Papers - SQL Injection
  4. Brian Krebs DOS attacks - hardcoded passwords and insecure protocols in CCTV, and DVR systems
  5. OPM breach - ignorance of the clear threats and lack of understanding from top to bottom, which resulted in the Oversight report and the person at the top losing her job.


2017 predictions are here, and i'm totally serious

Security predictions for 2̶0̶1̶7̶ 1998
1. Macro malware
2.MD5 passwords
3.Companies threatening security researchers for disclosures.
— https://twitter.com/Bry_Campbell/status/810091303417610240