2017's biggest security horror stories
The year's worst security incidents we'd hate to see again in 2018


Cybersecurity is always top of mind for businesses, but that's especially been the case in 2017.
From ransomware to botnets, this year's tech news has been dominated by a regular flow of security crises.
Here are some of the top cybersecurity incidents of 2017 that we don't want to see repeated in 2018.
Unsecured clouds and databases
Probably the trend that can most easily be prevented by users is databases facing the public internet that should have been secured, but weren't.
Two of the biggest bungles in this area relate to Amazon Web Services' (AWS) S3 cloud storage service and MongoDB's NoSQL database.
A spate of data leaks across 2017 came about because of unencrypted S3 buckets, affecting organisations including Accenture, WWE, the AA and Dow Jones.
These companies had apparently failed to read the small print of their contracts with AWS and hadn't realised this particular storage service wasn't encrypted by default.Thus, customer data was left exposed on the open web for anyone to see, leading to major security crises.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The issue was finally resolved in November when AWS decided it would add default encryption to S3 buckets, taking the onus off customers.
In the case of MongoDB, the situation was much the same. Users failed to encrypt their databases, which led to several waves of ransomware attacks rather than data leaks, with the cybercriminals encrypting the exposed servers and demanding Bitcoin for their release.
Unfortunately for the victims, there is no central resolution as with AWS S3, as MongoDB offers database software, rather than a cloud storage service, that can be installed on pretty much any server. The general advice, from both the company and the security community, is to turn on encryption, or at the very least password protection, at the point of installation sage advice for any IT administrator, irrespective of the service or software they are using.
Ransomware attacks
While ransomware has been a popular tool for cybercriminals for many years, 2017 saw an uptick in large-scale attacks.
Two of the most notable global ransomware attacks were WannaCry, which hit in May, and NotPetya, which landed in June.
WannaCry made global news after it spread rapidly around the world, with theNHS in England and Wales being particularly badly hit. The attack was notable for several reasons. First, the speed of the spread; within hours of the first incidents being reported in Asia on 12 May, it had started to spread internationally. By the end of the day, over 230,000 computers in 150 countries were infected.
Second is the systems affected. WannaCry exclusively infected Windows operating systems, both server and desktop. Although Microsoft had issued a patch for the vulnerability in March 2017, many large organisations' systems hadn't been updated for one reason or another (sometimes due to staffing, sometimes due to dependent software or other technical reasons).
Many were quick to point to the continued use of Windows XP despite it no longer being supported by Microsoft for several years. However, research from Kaspersky Lab demonstrated that, in fact, most of the infected computers were running Windows 7, which was still covered by Microsoft support at the time.
The third interesting thing about WannaCry is its alleged provenance. While there's no indication the US National Security Agency (NSA) created the ransomware itself, it has been suggested that EternalBlue, the Windows vulnerability that allowed the malware to spread and infect numerous systems at such high speed, was discovered by the agency some years ago but not reported to Microsoft. Instead, the organisation allegedly used it as an offensive tool in cyber warfare and defence. The existence of EternalBlue and other similar tools were revealed by Shadow Brokers in 2016.
While WannaCry was fast and effective, it was short-lived British independent security researcher Marcus Hutchins discovered a so-called "kill switch" embedded in the ransomware's code and was able to disable the initial attack in one fell swoop.
The same can't be said for NotPetya. According to WebRoot, this malware strain was the most damaging and dangerous to emerge in 2017. Despite using the same EternalBlue exploit as WannaCry, NotPetya was less widespread, but it was more persistent: first emerging in June 2017, it continued to infect systems all the way through to the autumn.
The creator's MO was also different: although it looked like a traditional ransomware attack, including displaying a ransom message, it didn't simply encrypt the system it created utter havoc. Once affected, the files were irrevocably scrambled, meaning that even if victims did pay the ransom they still wouldn't get their files back. Indeed, it has been speculated by various researchers that havoc and infamy were the main objectives of these criminals, rather than generating money.
Botnets
Like the other tactics on this list, botnets aren't new. What is new, however, is how they're powered.
Continuing a trend started by the Mirai botnet in 2016, 2017 saw outbreaks of DDoS and other attacks from botnets powered by Internet of Things (IoT) devices.
As such devices aren't typically thought of as computers, consumers in particular have failed to change default passwords before connecting them to the internet. To make the situation worse, some of these so-called "headless" devices don't give users any control over security settings anyway, meaning there's no way to protect them once they're exposed online.
While Mirai continued to cause disruption through 2017, with a 54-hour DDoS attack on an American university in March being the most notable of these.
Later in the year, a new IoT botnet dubbed Reaper emerged, which security researchers claimed will be worse than Mirai. This is because rather than cracking default or weak passwords, as Mirai did, Reaper infiltrates IoT devices via unpatched vulnerabilities. Once again, this is something that is largely in the hands of vendors, rather than consumers, to secure.
Reaper is only partially mobilised, according to a report released in late 2017 by Arbor Networks,with several thousand infected devices lying dormant. This raises concerns of a potential wide-scale DDoS attack in 2018.
Cybersecurity is a constant game of cat and mouse and true total security is unattainable but that doesn't mean businesses, consumers and vendors can't do their best to mitigate vulnerabilities and build up protection. Let's hope that in 2018 we see greater use of basic security precautions to defend against these potential monster attacks.
Pictures: Bigstock

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Acer’s laptop made from oyster shells is now available in the UK
News The Acer Aspire Vero 16 aims to combine performance and sustainability, the company said
-
UK cybersecurity workers are overworked and burning out faster than global counterparts
News Gaps in visibility, poor board communication, and a lack of cyber maturity are leading to high levels of burnout
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making