Remember when spam was the biggest problem an IT shop had to deal with?
Today, hackers seem to grow more savvy, sophisticated and numerous each year. As we’ve grown to rely on more advanced, data-rich systems, hackers seem to have their pick of which businesses, systems or networks they want to bring down.
The following are our picks for the five biggest hacks of 2016, notable not only for their size and scope, but for the perpetrators’ ability to use new approaches or twists to reach their end goal, disrupting networks and systems we’ve all come to rely on.
1. The DDoS attack on Dyn
In October, DNS provider Dyn was hit with a sophisticated, highly distributed attack involving "10s of millions of IP addresses." The attack, which came in three waves, disrupted service for many users trying to reach Twitter, Etsy, Github, Spotify, Reddit, Netflix and SoundCloud, among others.
"While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different," said Kyle York, Dyn’s Chief Strategy Officer, in a statement following the attack.
The Dyn attack was notable because it used the Mirai botnet to harness "zombie" Internet of Things devices to work on its behalf. A DDoS attack stemming from compromised IoT devices showed the advanced capabilities malicious actors have when targeting networks, and quickly prompted several IoT device makers to recall or reevaluate the security of their devices.
It also shed light on IoT device security concerns overall, inspiring the House Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing and Trade to hold a joint hearing to consider whether federal regulation is needed to ensure Internet of Things device security.
"If you're able to takeout the DNS provider, you're actually taking down a lot more than just your target. It shows an evolutionary shift in the mindset of the attackers."
Daniel Smith
Security Researcher at Radware
But the Dyn attack and subsequent (and a few prior) attacks were also notable for their size. According to Akamai’s Third Quarter, 2016 State of the Internet Security Report, the two largest DDoS attacks in the third quarter, both leveraging the Mirai botnet, were the biggest the company has ever seen, recorded at 623 Gbps and 555 Gbps.
"A few of our clients saw Mirai attacks that were well over the one terabit mark," said Daniel Smith, security researcher at Radware. "It was also notable that the attackers hit a DNS provider. This is something that a lot of attackers are starting to learn right now, that instead of hitting a target directly, hit upstream."
"If you're able to takeout the DNS provider, you're actually taking down a lot more than just your target. It shows an evolutionary shift in the mindset of the attackers," he said.
2. The DNC hack
Breaches of the Democratic National Committee and the Democratic Congressional Campaign Committee revealed over the summer were blamed on Russian hackers targeting compromised personal email accounts. But the hacks raised significant concerns over potential election hacking.
"The DNC hacks were used to try and manipulate and influence the elections," said Smith. "And this isn't the first time that anyone has ever seen this. There is a great report about a hacker in South America that was able to influence eight different elections just based off data dumps and misinformation."
While it hasn’t been proven that the DNC hackers had any intention of impacting the election, the fact that the hack occurred was reason enough to put voters on edge.
3. Op Icarus
In May, Anonymous started launching cyberattacks on banks across the globe. Among the victims: The Central Bank of the Dominican Republic, the Central Bank of Maldives, the National Bank of Panama, the Central Bank of Kenya and the Central Bank of Mexico. Anonymous took down the bank’s websites but did not attempt to steal money, stating instead that the point of the attacks was to highlight financial corruption.
"The tools they use are more difficult to mitigate due to the fact that the traffic looks semi-legitimate, and it's very difficult to block."
Daniel Smith
Security researcher at Radware
Op Icarus started out as a standard application layer attack, but was notable because it was a persistent attack that lasted all year long, and moved through multiple phases.
"It was pretty amazing to watch how [the hackers] evolved from using simple LOIC and basic BPM, all the way up to using Tor and botnets," said Smith. "I think they're on phase five now. The tools they use are more difficult to mitigate due to the fact that the traffic looks semi-legitimate, and it's very difficult to block."
4. Tesco and SWIFT
Not surprisingly, the lure of easy money made the banking industry an appealing target this year.
In February, criminals used SWIFT messages to help steal a record-breaking $81 million from the Bangladesh central bank. Following the attack, additional banks in Southeast Asia and other parts of the world began checking for possible security breaches related to the SWIFT global financial messaging network.
Cyberattackers targeted the SWIFT messaging network because they could derail or create fraudulent transfers, thereby accessing funds.
Then in November, officials from United Kingdom-based Tesco Bank reported a total of $3.1 million was stolen from 9,000 customer accounts. Banks commonly face cybersecurity threats, but the Bangledesh and Tesco heists appear to be the first times cybercriminals have succeeded in removing money from accounts, which put the financial sector on edge.
Britain's interior minister, Amber Rudd, told a Financial Conduct Authority conference the Tesco theft was a "threat to national security and undermines public trust in financial firms."
5. San Francisco Transit
In November, San Francisco transit riders got a free ride after the city's mass transit system suffered a cyberattack.
Ticket machines had a message pop up that said, "You hacked. ALL data encrypted," in addition to a email address to contact. The San Francisco Municipal Transportation System shut down its ticketing machines and point of sale systems. As a result, the transit agency opened the gates and allowed passengers to ride of free.
Ransomware became a trendy attack tool in 2016. Earlier this year, cyberattackers also hit hospitals with ransomware, demanding payment to unlock systems. Kaspersky’s quarterly IT threat evolution report reported 821,865 victims of ransomware in Q3. While ransomware is now extremely common, a coordinated attack targeting multiple transit systems, hospitals or other critical infrastructure appears plausible.
"Crypto ransomware continues to be one of the most dangerous threats, both to private users and to businesses," said Fedor Sinitsyn, ransomware expert at Kaspersky Lab.
Because security companies have increased the speed at which they detect intrusions, criminals are creating new modifications of malware more quickly, Sinitsyn added.
More to come?
So what can we look forward to in terms of hacks in 2017?
"If growth of attack surface, techniques and means continues into 2017, then the best years of security of our systems may be behind us," said Carl Herberger, Radware’s VP of Security Solutions.
Meanwhile, Smith expects a continued move away from reflective and amplification attacks, which are fairly easy to block, predicting TCP and IoT devices will become the main vector of attack.
"If growth of attack surface, techniques and means continues into 2017, then the best years of security of our systems may be behind us."
Carl Herberger
VP of Security Solutions at Radware
"I also see attackers exploring several different protocols. I'm sure next year we'll see one or two new vectors of attack in which we haven't seen before," Smith said. "After all, these attackers have all day to discover new things while we're trying to play catch up and determine what they're doing."
Smith stressed that each organization has a responsibility to be aware and prepared and to devise appropriate strategies and controls for mitigating cyber risks, both new and old.
