Mid-Year Review: 6 of the Biggest Cyber Threats of 2016

Since these summer days are extremely slow and quiet, I decided to take advantage and write an article I’ve been planning for a while.

It’s a review of 6 of the most serious cyber threats of the year, for those of you who want to see the bigger picture.

As you’ll see next, there are no new major cyber issues, only old ones that reached a whole new level. They grew bigger, stronger, and impacted more people than we could have imagined.

 

1. Ransomware, ransomware everywhere

Ransomware is a type of malware that blocks your files and system and won’t let you access them unless you pay the attacker a ransom.

There are two types of ransomware:

1: Encrypting ransomware. It will block your system files with advanced encryption algorithms. If you want to get the decryption key, you’ll have to pay up.

2: Locker ransomware. It locks you out of the operating system, making it impossible to access any apps or files. The payment part remains the same – pay or you won’t be able to access your system anymore.

The ransom is usually requested in Bitcoins. If you don’t pay it in a certain number of hours, it will automatically double. It keeps increasing until you pay it (or you never pay it and don’t regain access ever again).

This is how a simple ransomware infection chain looks like:

Although this is not a new type of attack, it’s clearly one of the most spread threats of the year.

The attacks increased both in strength and frequency, while the losses they caused skyrocketed.

Here are some statistics:

“The number of users attacked with encryption ransomware is soaring, with 718,536 users hit between April 2015 and March 2016: an increase of 5.5 times compared to the same period in 2014-2015.”

(source: ITSecurityGuru)

It’s impossible to know precisely the number of ransomware attacks or to list all the types of existing ransomware, as most attacks go unreported.

What we do know is that ransomware creators are moving towards bigger targets. They started attacking especially businesses and public institutions.

The reason behind this move is, as you guessed it, money. More money than what they might get from the normal home user. Ransomware creators treat their “product” just like a regular business.

Healthcare is now the most ransomware-targeted industry worldwide, accounting for 88% of all detections in Q2 (source: Dark Reading).

One of the first huge attacks of this year involved the Hollywood Presbyterian Medical Center. Their system was infected with ransomware and they were forced to go back to working with plain old pen-and-paper. Ten days later, the hospital paid the ransom and regained access to the system and patients database.

But this was just one of the many attacks that followed.

Our advice? Backup all your important data. Start using a cloud service, don’t keep your essential files only on your system.

This way, even if you do get your system infected with ransomware, at least you won’t lose any valuable data.

Extra resources to read:

• What is ransomware & 15 easy steps to keep your system protected
• Wired: Why hospitals are the perfect targets for ransomware
• Motherboard: Ransomware complaints double in a year, total over $1.5 million

 

2. Mega data breaches

This spring it’s been raining with mega data breaches.

LinkedIn, MySpace, Tumblr were among the attacked services. Databases with their users’ credentials went for sale on the dark web, leaving exposed a total of around 500 million accounts.

LinkedIn was one of the first major social networks to be hacked. It happened in 2012, leaving 6.5 compromised accounts – or at least that’s what it was thought back then.

When the database went for sale on the dark web, it was revealed that the actual number of exposed accounts was 25 times bigger: 167 million.

More huge data breaches databases went for sale:

• MySpace breach, with 360 million accounts
• Tumblr breach, with 65 million accounts
• Fling, a dating social network, with 40 million accounts

 

It was as easy as A-B-C for cyber attackers to just take the passwords from the already hacked databases and test them on other digital services. Because people were using the same passwords for most of their online accounts, even more hacks followed.

Not even Mark Zuckerberg was spared. He had the same password from LinkedIn on all his other accounts, so it was piece of cake for cyber crooks to gain access to his Twitter, Pinterest and Instagram accounts.

More celebrities followed: Katy Perry, Drake, Lana del Rey, they all had their social accounts hacked.

Additionally, the Twitter accounts of Twitter’s CEO himself, Jack Dorsey, Google’s CEO Sundar Pichai, and the co-founder of Oculus VR, Brendan Iribe, were also compromised.

Our advice? Always stay on top of this kind of news.

As soon as you hear about an online service that was compromised, change all your passwords. (and make sure that the new passwords are strong and unique.)

This way, you make sure that your old credentials are useless, even if they are stolen.

Here’s a list of more than 50 cyber security blogs that you should start following.

Social media accounts weren’t the only ones getting breached.

Here’s how World’s Largest Data Breaches look like:

This year alone we had the following breaches:

• A database with Philippines electoral records
• WikiLeaks let out emails and audio recordings between the Democratic National Commitee members
• Erdogan’s emails were also leaked
• Your medical records. The U.S. Government declared that, since 2009, 121 million people’s health info was hacked.

 

And some statistics from the latest Verizon Data Breach Industry Report:
– In 93% of the attacks cyber criminals take minutes or even less to compromise systems;
– 4 out of 5 victims don’t realize they were attacked for weeks or longer;
– In 7% of the cases, the breach goes undetected for more than a year;
– 63% of the data breaches were caused by a weak, default or stolen password.

Here are some essential resources that will help you stay safe:

• First step: learn how to manage your credentials like a security expert.
• Second step: activate two-factor authentication wherever possible.
• And last but not least: here’s what to do in case one of the online services you use is ever breached.

Motherboard also has a chart on the growing number of breaches:

 

3. Identity theft still strong

Identity theft is the illegal use of someone’s personal information.

It’s when a malicious hacker steals your data and starts making financial operations in your name. They open bank accounts, take out loans, ruin your credit cards’ ratings, and many others.

Besides the financial loss, there may also be additional consequences. You can even realize one day that you are held responsible for criminal actions that you had nothing to do with.

And wanna hear what the worst part is?

Most of the identity theft victims are usually clueless.

They have no idea what’s happening to them.

Recent statistics show that:

• almost 70% of the victims don’t know how the thief got their information;
• 92% don’t even know anything about the individual (or group) that stole from them.

(source: Identity Force)

That’s because the bad guys don’t have any problem patiently waiting to cash in. They’re lurking, waiting for the right moment.

You might be delusioned into thinking that identity theft won’t affect you. It’s actually one of the most common types of fraud.

Here are more scary statistics:

– In 2015, identity theft complaints were the second most reported type of fraud, increasing more than 47% from 2014. Don’t be fooled into thinking 2016 is any different. (source: Federal Trade Commission’s annual report).

– In the U.S., the average annual number of identity fraud victims is around 12 million, with a total financial loss of $26,350,000,000. (source: StatisticBrain).

Find out from our security guide how you can stay safe from it:
How to prevent identity theft with 20 easy steps.

 

4. Smartphone insecurities

One of the major stories covered this year by the media was the FBI vs Apple debate.

Quick recap of what happened: The FBI wanted to gain access an iPhone owned by one of the San Bernardino shooters.

A federal judge asked Apple to build a tool for them to access it, but the company refused to do so.

In a public letter to Apple customers, Tim Cook said that they don’t want to insert a backdoor into its system, fearing that it would end up in the wrong hands.

The FBI eventually found an alternate way to breach the phone and the case was dismissed.

I won’t insist too much on this subject, as I’m sure we’re all well aware of the importance of keeping our smartphone secure.

As the little devices that we carry all the time with us in our pockets became more and more powerful, we also became increasingly dependent on them.

In the future, we expect to see more and more debates similar to the Apple vs FBI one.

Where do we draw a line between privacy and security?

How can we achieve them both?

What if the bad guys manage to breach our encrypted systems and access our data?

These are all questions that need answers.

Here’s how to keep our smartphones secure:
Smartphone security guide: The easiest way to keep your phone & data safe
How to master your app permissions so you don’t get hacked

 

5. IoT – Internet of Things

Another delicate subject that poses new threats.

With the Internet of Things, threats are more real than ever. It’s not only our privacy at bay, but also our physical safety.

Imagine what if:

A burglar manages to open the door to your home, because the intelligent home system isn’t as cyber secure as it should be.

You lose control of your car and you crash, because your smart car is also hackable.

The power plants in your country were hit with a cyber attack and taken down.

A terrorist group remotely gains control over the train you’re traveling with.

Unfortunately, none of this scenarios is science-fiction.

They’re real, they’re already affecting people. It’s not a matter of “IF a big disaster will happen”, it’s only a matter of WHEN.

The vendors will have to find the perfect balance between convenience, security and data privacy. While the technology advanced in ways that we couldn’t even imagine a few years ago, the safety issues were left behind.

For further research:

• The Internet of Things will cause the first ever large-scale internet disaster
• Welcome to privacy hell, also known as the Internet of Things

 

6. Augmented reality gaming

Now that Pokemon Go turned into a worldwide phenomenon, we start to realize the new threats brought by augmented reality games.

The technology is amazing, without a doubt, but game creators and authorities must now address a whole new set of issues.

First of all, the physical side of the issue. We’ve all heard about cases of people who were hurt, mugged or even killed themselves, just because they were too caught up in the augmented reality and weren’t paying attention to the real world.

And then there are the cyber security and privacy issues born from the melding with the real world: the images and audio registered by our smartphone, location tracking, and all the rest of the information that we willingly give away about ourselves.

Just imagine all the wrong ways that data could be used if it ended up in the wrong hands.

Extra resources to read on this subject:
Emerging threats posed by reality gaming
Pokemon Go security risks flagged by CIA, Gulf States and Data Security Experts
The future of augmented reality and cybersecurity

 

Conclusion

With the risk of sounding like a broken record, I’m gonna repeat myself here: Hope for the best but prepare for the worst.

Stay on top of the cyber security news.

For every new technology that you try, make sure you also know its vulnerabilities.

Always imagine all the possible scenarios and know what you’ll do in each and every one of them.

Be confident that you’ve taken all possible measures to minimize the potential damage that might be caused by a cyber attack.

Don’t let any threats catch you off guard.