WeLiveSecurity, an editorial outlet covering the latest threats and security trends from the ESET security community, published its 10 biggest security incidents of 2016 post on Dec. 30, 2016. As the post highlights, 2016 has “not been easy.” The post highlights the top security incidents of the year, starting with the major DDoS attacks against a slew of well-known websites like Twitter, PayPal, Pinterest and Netflix in October. The attackers compromised thousands of IoT devices — some 20,000 — transformed them into a botnet and flooded traffic to DNS hosting provider Dyn.
“The attack was staggering for its size, measuring close to 1 Tbps at one time, which was not dissimilar to the DDoS attack, which targeted Brian Krebs’ website one month earlier.”
As the story points out, Gartner predicts there will be 20.8 billion connected things talking to each other by 2020, so this is probably just the start of attacks such as this.
The post goes on to highlight another DDoS attack, where cybercriminals knocked out the heating systems in two buildings in Lappeenranta, Finland in late October and into early November by overloading the network with traffic. During that time of year, temps are below freezing and the attack caused the main control circuit to keep rebooting so that the heater was unable to come on. The devices under attack were built by a local tech manufacturer called Fidelix, according to this story.
While 40,000 seems like a low number compared to lots of other breaches in 2016, A Tesco Bank breach was significant in that actual money disappeared from accounts. That’s rare in the cybercriminal world. The bank has more than seven million customers and reported that roughly 9,000 people had as much as $763 taken from their accounts.
“One customer said that cash had been withdrawn from his account in four separate transactions, with all of these coming from Rio de Janeiro in Brazil. Needless to say the attack has far-reaching consequences not only for the customer but for Tesco too, with the UK’s Financial Conduct Authority (FCA) preparing to issue a potentially huge fine,” according to the post.
Other highlighted incidents include;
- U.S. Department of Justice employees had their data stolen, including 10,000 Department of Homeland Security employees and 20,000 FBI employees. Read the CNN story here.
- Personal information from 412 million AdultFriendFinder users was stolen in November and published in criminal marketplaces on the dark web. More on that attack here.
- Data from millions of LinkedIn, Tumblr and Myspace users was posted online, including more than half a billion passwords. Read the BBC’s story on the attack here.
- Security journalist Brian Krebs’s website, KrebsonSecurity was attacked in September was hit with a record DDoS attack, measuring between 620 and 655 Gbps. Read more on the attack in this KrebsonSecurity story.
- Yahoo’s breaches take up two spots on the list, first for the disclosure in September that up to 500 million customers may have had data stolen back in 2014. Then in mid December, Yahoo announced up to one billion user accounts were compromised in a different incident. Read the New York Times story on the second reported breach here.
- In April, Philippine election voters were targeted and approximately 55 million people had their personal data made public online by Lulzsec Pilipinas. Read more in this Wired.com story.
Are you covered for identity theft?