March 30, 2021
2016 in Review – The 10dot Cyber Security Round-up
So, here’s what you didn’t want to be in 2016: Famous. It was fraught with danger last year. As 1st January 2017 rolled on in, there was an audible collective sigh of relief as surviving Hollywood A-listers gave 2016 the finger. They were safe.
As business owners, we don’t get to breathe the same sigh unfortunately, as the threat of breach remains ever constant.
The world of cyber security also had a cracking 2016, with records being set, and spans of rhetoric being flung about the world press every month.
Here is a summary of some of the headline grabbing cyber attacks for 2016, along with our take on them:
January: DDOS – HSBC
HSBC Internet banking site taken down for the second consecutive month, negatively impacting customer service experience. There was some speculation around this attack being misdirection, or a probing exercise for peripheral weakness in the bank’s defences.
February: Social Engineering – US DHS
American Department of Homeland Security (DHS) hacked. 9000+ employees had their personal details shared online by the hacker, who accessed the DHS primary server using social engineering and through a compromised email account. This again highlights that people remain the weakest link in any cyber security strategy.
March: Ransomware – MedStar
MedStar Healthcare network suffers ransomware attack. This confirms the move to digital currency, such as Bitcoin, as the preferred medium of exchange for cyber crime due to its anonymity and inability to trace.
April: Server Hack – Spotify
Hundreds of Spotify accounts hacked and personal details shared online through dark web forums. This highlights some inadequacy of some shared cloud server security measures. Cloud hosting service providers need to place more emphasis on native security controls and the correct leverage of those tools in setups and platform design.
May: Bank Hack – Standard Bank
Over ¥1 Billion Yen stolen from Japanese bank ATM’s in under 3 hours, via 14000 individual transactions. This hack was as a result of credit card detail hacked from Standard Bank in South Africa. It highlights the global nature of cyber crime syndicates, peripheral risks inherent in partner network security strategies, and the importance of ecosystem thinking when designing cyber security “working” strategy.
June: Cyber-Espionage – North vs. South Korea
North Korea hacks 140 000 South Korean computer networks in a cyber espionage effort, to obtain critical national defence information. Vulnerabilities in shared network management software opened the door for the Northern hackers. This hack highlights the importance of proactive auditing, and tailored configuration of critical network elements such as firewalls.
July: Political Hacking (AKA: Hacktivism) – Hillary Clinton
Hillary Clinton’s democratic party reports email intrusions and other hacking activity, and claims foul play. This points to the increased use of cyber-related means to influence socio-political outcomes, and inflame biased rhetoric in the media.
August: Platform Hack – Oracle Micros
Go to just about any restaurant, and the Point of Sale (POS) system you will interact with is Micros. During August, it was uncovered that the Oracle Micros server/s had been communicating with a known cybercrime syndicate server, potentially impacting over 330 000 client portals worldwide. This hack highlights the need for effective perimeter security measures and network segmentation.
September: Website Hack – ClixSense
The ClixSense web server was hacked, exposing personal information and passwords for over 2 million users. This hack begs the question: Why are we not incorporating basic security thinking into the design phase? Password encryption is 101.
October: IoT Hack – Dyn DNS Server/s
The Dyn DNS server DDOS attack broke records with 20 000 IoT devices being turned into “Botnets”. The Dyn server/s were smashed with up to 1TBps of illegitimate network traffic, eventually crashing them. Famous hosted sites impacted include Twitter, Spotify, and Wired.com.
November: Bank Hack – Tesco Bank
Tesco Bank gets hacked and leaves 9000 customers out of pocket by an average of £600 each. All banks are at risk of fraud and cyber attacks for obvious reasons. Most bank systems and processes are legacy-riddled, and could also have open windows due to the flawed security setups of peer networks.
December: Platform Hack – Yahoo!
Yahoo! gets hacked…again. Over 1 billion user accounts were compromised due to ineffective spam control. Yet again, anybody is at risk. Even the big boys who seem to have it all figured out.
Bottom-line:
Don’t trust anybody, or any service provider, to practice good cyber security prevention and maintenance on your behalf.
With 2016 now in “Review” phase, and if we have learned anything from our celebrity counterparts, here’s what you do want to be in 2017: Protected.
Don’t join the celebrity short-list. Stick with us. We’ll tighten you up, one-time-shoe-shine.
Lock up and grow your business this year with 10dot Cloud Security.