Clavister Blog Staff

2016: a year of cybersecurity incidents

In Blog post by Clavister Blog Staff

As we approach the end of 2016, major media outlets have been quick to name it as one the worst years ever, in terms of bad news.  While the discussion about exactly how bad it is compared with previous years continues, it’s certainly been a significant year in terms of major cybersecurity stories.  Let’s look back at some of the most significant security stories from the past 12 months, and the lessons that can be drawn from them.

Businesses being held to ransom

Ransomware was the most prominent attack trend of 2016, with organizations from hospitals to the San Francisco Muni Metro falling victim to it. Cybercriminals have learnt that businesses will pay significant sums of money to regain access to critical systems and data – and, unfortunately, that it is straightforward and cost-effective for them to ‘tweak’ existing ransomware just enough to bypass signature-based antivirus.

Fortunately, sophisticated ransomware protection can be simpler to implement than you might expect, as we blogged back in March – and as the ransomware trend continues to grow, these protections are an absolute necessity. Three simple steps can deliver enterprise-level ransomware readiness. First, ensure that your network is properly segmented, to prevent ransomware infections from propagating. Second, take regular backups of your data, and store these at a separate location, so that should your data be encrypted, you can recover it yourself rather than paying the criminals. Third, invest in a comprehensive user education program; since most ransomware attacks are launched via spear phishing, it is vital to train your staff in recognizing the signs of such techniques.

DDoS isn’t dying

In October, a massive DDoS attack was launched against one of the biggest DNS providers in the US, called Dyn. As we wrote at the time, this wasn’t the first DDoS attack powered by the massive proliferation in connected Internet of Things (IoT) devices – and it won’t be the last. As the IoT continues to grow, malicious cybercriminals have millions upon millions of devices to recruit into their botnets – and the relative simplicity of many of these devices means they can be easier for criminals to hijack than laptops and desktops. In the case of this particular attack – and many others – the devices were compromised using malicious Mirai software, a code written specifically to enslave IoT devices. Organizations in all sectors should be worried about this growing trend, and implementing security solutions that examine where on the internet network traffic originates, not just the content of that traffic. In this way, traffic originating from known compromised IP addresses can be filtered out, even when the content of that traffic looks benign.

Whaling returns tidy profits

How do you make 40 million euros (USD 44.6 million) with just one email? It’s a question we answered in this blog, exploring the worrying rise of so-called ‘whaling’ attacks – high-level spear phishing that targets senior officials, in this case finance staff at a major manufacturer.

Humans are always the weakest link in the security chain, but when those humans are senior executives with access to truly critical systems or the ability, as in this case, to authorize huge financial transfers, then that weak link can be a truly astronomical security risk. User education around spear phishing is still urgently needed in too many organizations. Staff – of all levels – need to understand that sophisticated, targeted attacks can look unsettlingly genuine – in this case, the attackers took the trouble to learn about the company’s internal authorization procedures.

Security lessons from a $70 million heist

Nearly 1% of all the bitcoins in circulation were estimated to have been stolen this year, thanks to a hack of the Hong Kong-based Bitfinex exchange. As we blogged, Bitfinex claimed that the heist was not due to the cybercriminals tampering with its encryption procedures or affecting the security of the currency blockchain – which suggests, in turn, that the currency was likely stolen from a vault, by breaching traditional IT security measures.

In other words, even as cybercriminals launch new and insidious forms of attack – as we’ve shown, 2016 has been the year of ransomware, and IoT-powered DDoS attacks – basic principles of network architecture and visibility still have a key role to play in corporate cybersecurity. The Bitfinex attack highlights that it is crucial for organizations of all shapes and sizes to keep their attack surfaces as small as possible, and to deploy solutions that enable them to see into every corner of their networks – particularly as those networks are increasingly virtualized. Cybercriminals are still seeking ways to breach traditional IT security – and they can carry out audacious thefts in doing so.

A SWIFT lesson in security

Another headline-hitting cyberattack this year – with incredibly rich rewards for the perpetrators – was the $81 million theft from Bangladesh Bank, launched via the SWIFT global financial messaging network. We blogged about how this was just one in a whole series of attacks on the SWIFT system, in turn exposing how, if your organization is connected to a complex global network then it is only as secure as the weakest link in that chain. Large networks equal large attack surfaces, so it’s critical to try and reduce the number of vulnerable points that can be exploited.

The attacks on the SWIFT system were collectively high sophisticated, involving purpose-built malware placed on SWIFT terminals – and yet they also took advantage of really basic cybersecurity errors, such as Bangladesh Bank using second-hand routers with default passwords, and in some sites, not having any network firewalls in place at all.

Above all, then, the SWIFT attacks illustrate how comprehensive cybersecurity needs to involve multiple layers of defence, from the sophisticated right through to the most basic.  It is no longer enough to deploy a basic firewall and antivirus system – but nor is it enough to deploy highly sophisticated network segmentation and next-generation threat prevention, but ignore those firewalls and antivirus altogether.

In 2017 more than ever before, enterprises need a holistic approach to cybersecurity, with full and intelligent network visibility, a range of tools and processes, and an ongoing program of user education.  From everyone at Clavister, we wish you a peaceful Christmas and a prosperous, secure New Year.