2016 was a challenging year for most of us, so it's nice to know that it’s almost over. We experienced some major cybersecurity incidents this year that were stressful for information security professionals and end users alike but that also provided the opportunity for players from all industries to understand that these risks exist.
Here are a handful of major cybersecurity incidents that we encountered in 2016, as well as the lessons that we (hopefully) learned from them.
1) Internet Shutdown Is Possible: Dyn DDoS Attack
Dyn, an Internet performance management company, experienced a distributed denial-of-service (DDoS) attack in November. Dyn services a handful of major customers such as Amazon, GitHub, Shopify, and Twitter. The attack was so serious that many thought that the Internet itself was broken.
This means that it is possible to take down the Internet for an extended period of time. So what can businesses do to protect themselves? Consider having two or more DNS providers. Having backups will enable the site to run even if one provider goes down. Site owners should also consider lowering the time-to-life settings on their DNS servers so that redirecting traffic to the backup DNS provider would be faster. Additionally, customer support is crucial during times like this. Immediately address concerns and explain the reason for the outage in simple, nontechnical terms.
2) Anyone Is Vulnerable: The DNC Hack and the NSA Shadow Brokers Leak
The Democratic National Committee (DNC) was hacked this year, and the stolen e-mails revealed a lot of information about the Democrats’ pick for the 2016 U.S. Presidential Election. Although we can only speculate about the impact of this breach on Hillary Clinton's campaign, it does highlight the importance of protecting e-mail servers storing potentially sensitive information.
Later on, the hacking group Shadow Brokers (perceived to have links with Russia) tried to sell stolen hacking tools from another hacking group, the Equation Group (believed to have links with NSA). This is said to be a way for Russia to shame the NSA and mitigate any U.S. response against the former’s alleged hack against the DNC. This was allegedly made possible due to the carelessness of operatives who left the tools on an unsecured NSA server.
The first lesson is that absolutely anyone can be a victim. If those from the government can be hacked, anyone can be hacked. Everyone should pay a lot of attention to the security of their own websites or blogs.
Second, it is very difficult to attribute an attack to a specific person or group. Although the attack is said to be the doing of Russian groups, the Russian government cannot be held accountable. That said, it is vital for owners of websites of all sorts to be attentive to their website security so that they won’t easily be victimized by the same kind of attack.
From what we saw in the Shadow Brokers incident, it is crucial that servers be given solid protection and that sensitive tools, no matter how old they may be, should not be left exposed.
3) There's Nothing You Can Hide: Panama Papers
Cybercrooks stole 2.6 terabytes of data from Mossack Fonseca, a Panamanian law firm. The amount of data is so enormous that the attack is considered a truly major breach, not to mention that the stolen data include information on how 70 political personalities have hidden income in offshore accounts.
This case showed that outdated plugins pose security risks and could expose websites to similar attacks. Also, administrators’ privileges were not limited or tightly controlled, so hackers had an easier time gaining access. Remember to update your applications, systems, and plugins on a regular basis, and implement appropriate access controls to limit admin access.
4) Regularly Change Your Password: Yahoo! Hack
Yahoo announced in September that half a billion of its accounts were compromised. As of December, Yahoo updated that number to more than one billion. Further investigations revealed that the actual hacks happened as early as 2013 and 2014. This attack has caused losses amounting to as much as $4.8 billion.
What caused such a large-scale hacking for this major company? Many users were using weak passwords. This underscores the importance of using unique, strong passwords and changing passwords if you suspect a site has been compromised.
Businesses should also be transparent when it comes to matters that affect consumers. If Yahoo had informed its users about the breach as soon as the company learned about it, users could have changed passwords immediately, potentially decreasing the scale of the breach.
5) Backup: Ransomware Versus Healthcare
The healthcare industry has been the target of many ransomware attacks this year. Some healthcare institutions had no choice but to pay the ransom because they did not have back-ups of critical information. And because these cybercriminals know that the healthcare industry is an easy target with valuable data, they extort more money with more attacks.
Every industry has the potential to be victimized by hackers using ransomware attacks, so it is important to back up your site and your systems, as well as critical data. Paying the ransom because you have no choice may lead to additional ransoms, putting you, your organization, and your customers in hot water over and over again.
Learn the Lessons of 2016 and Face 2017 Head-On
The major cybersecurity incidents of 2016 are some of the biggest ones yet. As technology evolves, so do the threats that are lurking in the dark alleys. Don’t fall prey to the online predators — activate your defenses and protect yourself from their attacks.
By being prepared, you can significantly reduce the chances of falling into the traps set by cybercrooks. You might have heard this advice before, but it's worth repeating. Peter Romness, Cisco's Cybersecurity Programs Lead, U.S. Public Sector, discussed some great tips and techniques on incident response planning in an EDUCAUSE business continuity and disaster recovery virtual event in September. Here are the top three tips he shared with participants:
- Plan ahead using best practices — incident response plan
- Build and continually foster a security-aware organization
- Use the network as sensor and enforcer — drive to automate
Hopefully the major cyberincidents of 2016 have taught us what to be on the lookout for so that there will be fewer headaches for the information security community next year. Always remember, crooks are intimidated by the prepared. Whether you run a campus network, a healthcare institution portal, an online banking system, or an online clothing business, continue to make your organization’s security a high priority, and you can face 2017 head on!
You can find Erin doing a Baddha Konasana somewhere in La Jolla Cove. Problems with student loans made her interested in selling online, so she researched how to start an online clothing store. Her own yoga boutique is now five years old, and she's debt-free.
© 2016 Erin Feldman. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.