Cybersecurity is always top of mind for businesses, but that's especially been the case in 2017.
From ransomware to botnets, this year's tech news has been dominated by a regular flow of security crises.
Here are some of the top cybersecurity incidents of 2017 that we don't want to see repeated in 2018.
Unsecured clouds and databases
Probably the trend that can most easily be prevented by users is databases facing the public internet that should have been secured, but weren't.
Two of the biggest bungles in this area relate to Amazon Web Services' (AWS) S3 cloud storage service and MongoDB's NoSQL database.
A spate of data leaks across 2017 came about because of unencrypted S3 buckets, affecting organisations including Accenture, WWE, the AA and Dow Jones.
These companies had apparently failed to read the small print of their contracts with AWS and hadn't realised this particular storage service wasn't encrypted by default.Thus, customer data was left exposed on the open web for anyone to see, leading to major security crises.
The issue was finally resolved in November when AWS decided it would add default encryption to S3 buckets, taking the onus off customers.
In the case of MongoDB, the situation was much the same. Users failed to encrypt their databases, which led to several waves of ransomware attacks rather than data leaks, with the cybercriminals encrypting the exposed servers and demanding Bitcoin for their release.
Unfortunately for the victims, there is no central resolution as with AWS S3, as MongoDB offers database software, rather than a cloud storage service, that can be installed on pretty much any server. The general advice, from both the company and the security community, is to turn on encryption, or at the very least password protection, at the point of installation sage advice for any IT administrator, irrespective of the service or software they are using.
Ransomware attacks
While ransomware has been a popular tool for cybercriminals for many years, 2017 saw an uptick in large-scale attacks.
Two of the most notable global ransomware attacks were WannaCry, which hit in May, and NotPetya, which landed in June.
WannaCry made global news after it spread rapidly around the world, with theNHS in England and Wales being particularly badly hit. The attack was notable for several reasons. First, the speed of the spread; within hours of the first incidents being reported in Asia on 12 May, it had started to spread internationally. By the end of the day, over 230,000 computers in 150 countries were infected.
Second is the systems affected. WannaCry exclusively infected Windows operating systems, both server and desktop. Although Microsoft had issued a patch for the vulnerability in March 2017, many large organisations' systems hadn't been updated for one reason or another (sometimes due to staffing, sometimes due to dependent software or other technical reasons).
Many were quick to point to the continued use of Windows XP despite it no longer being supported by Microsoft for several years. However, research from Kaspersky Lab demonstrated that, in fact, most of the infected computers were running Windows 7, which was still covered by Microsoft support at the time.
The third interesting thing about WannaCry is its alleged provenance. While there's no indication the US National Security Agency (NSA) created the ransomware itself, it has been suggested that EternalBlue, the Windows vulnerability that allowed the malware to spread and infect numerous systems at such high speed, was discovered by the agency some years ago but not reported to Microsoft. Instead, the organisation allegedly used it as an offensive tool in cyber warfare and defence. The existence of EternalBlue and other similar tools were revealed by Shadow Brokers in 2016.
While WannaCry was fast and effective, it was short-lived British independent security researcher Marcus Hutchins discovered a so-called "kill switch" embedded in the ransomware's code and was able to disable the initial attack in one fell swoop.
The same can't be said for NotPetya. According to WebRoot, this malware strain was the most damaging and dangerous to emerge in 2017. Despite using the same EternalBlue exploit as WannaCry, NotPetya was less widespread, but it was more persistent: first emerging in June 2017, it continued to infect systems all the way through to the autumn.
The creator's MO was also different: although it looked like a traditional ransomware attack, including displaying a ransom message, it didn't simply encrypt the system it created utter havoc. Once affected, the files were irrevocably scrambled, meaning that even if victims did pay the ransom they still wouldn't get their files back. Indeed, it has been speculated by various researchers that havoc and infamy were the main objectives of these criminals, rather than generating money.
Botnets
Like the other tactics on this list, botnets aren't new. What is new, however, is how they're powered.
Continuing a trend started by the Mirai botnet in 2016, 2017 saw outbreaks of DDoS and other attacks from botnets powered by Internet of Things (IoT) devices.
As such devices aren't typically thought of as computers, consumers in particular have failed to change default passwords before connecting them to the internet. To make the situation worse, some of these so-called "headless" devices don't give users any control over security settings anyway, meaning there's no way to protect them once they're exposed online.
While Mirai continued to cause disruption through 2017, with a 54-hour DDoS attack on an American university in March being the most notable of these.
Later in the year, a new IoT botnet dubbed Reaper emerged, which security researchers claimed will be worse than Mirai. This is because rather than cracking default or weak passwords, as Mirai did, Reaper infiltrates IoT devices via unpatched vulnerabilities. Once again, this is something that is largely in the hands of vendors, rather than consumers, to secure.
Reaper is only partially mobilised, according to a report released in late 2017 by Arbor Networks,with several thousand infected devices lying dormant. This raises concerns of a potential wide-scale DDoS attack in 2018.
Cybersecurity is a constant game of cat and mouse and true total security is unattainable but that doesn't mean businesses, consumers and vendors can't do their best to mitigate vulnerabilities and build up protection. Let's hope that in 2018 we see greater use of basic security precautions to defend against these potential monster attacks.
Pictures: Bigstock
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Blackpoint Cyber and NinjaOne partner to bolster MSP cybersecurityNews The collaboration combines Blackpoint Cyber’s MDR expertise with NinjaOne’s automated endpoint management platform
