2017 in Review: The top cybersecurity news stories
2017 was quite a year in the world of cybersecurity! From the politicization of cyberwarfare to several major data breaches, hardly a week went by that cybersecurity issues didn’t appear on the front pages of newspapers around the world. Let’s take a moment to recap what I consider to be the 10 biggest cybersecurity news stories of the past 12 months.
1 — Russian Election Tampering. When I write these year-end recaps, I usually have a hard time selecting which event merits top billing. There’s no contest this year. The aggregate of coverage of Russia’s attempts to influence the 2016 U.S. presidential election through disinformation campaigns, hacking election infrastructure, and disclosing private e-mails to the media clearly tops the list.
These efforts were arguably the largest-scale state-sponsored use of cyberwarfare in history and are much more likely the beginning of a new trend rather than an isolated incident. We’ll undoubtedly see calls for greater election security in the run-up to the 2018 congressional midterm elections, and certainly the 2020 presidential race. Let’s also not forget that the United States isn’t the only target of election tampering tactics. The French presidential race saw similar problems in 2017.
2 — Equifax Breach. This summer’s security breach at credit reporting agency Equifax rises near the top of the list not because it was particularly innovative, but because of its sheer impact. The breach itself was humdrum and entirely preventable. System administrators failed to apply an Apache Struts patch that was released more than two months earlier and attackers exploited that vulnerability to gain access to back-end systems.
The real story is what they did when they gained that access — stole personal credit information belonging to more than 145 million individuals, and then disappeared into the ether. The aftershocks of this breach will reverberate for many years to come, as it included Social Security Numbers, birthdates, and other immutable information that will remain sensitive until an individual’s death. We haven’t heard the last of this breach.
3 — North Korean Cyberwarfare Activities. While most of the world’s attention is on North Korea’s nuclear weapons program, the country continues to develop and use its offensive cyberwarfare capabilities against perceived adversaries. After successfully stealing $81 million from Bangaldesh’s central bank last year, cybersecurity researchers believe that the North Korean regime has turned its attention to other profit-generating initiatives.
North Korean attackers are believed to be behind several attacks on cryptocurrency exchanges this year. As tensions continue to rise on the Korean peninsula, watch for increased cyberwarfare activity out of the north, as well as attacks that focus on military and political objectives.
4 — Mirai DDoS Attack. The Mirai attack acutally took place in 2016, but the impact of it bled over into this year, with the perpetrators pleading guilty in December 2017. While Mirai did have an impact on the Internet, including a partial DNS outage last October, the real story here isn’t the impact, but the tactic.
Unlike prior worms, Mirai targeted the Linux operating system and specifically sought out Internet of Things devices running on home networks. The attackers created a virtual army of security cameras, baby monitors, and wireless access points, and used it to wage a war of attrition on various targets. As IoT usage continues to grow, watch for new attacks that target these connected devices, which often sit for months or years without security updates.
5 — Uber’s Breach Scandal. The Uber breach hit the news in November for neither its ingenuity nor its impact. In this attack, hackers stole personal information about 57 million individuals, but it wasn’t particularly nefarious. They walked away with names, e-mail addresses, and telephone numbers.
The real story here, however, came in Uber’s bungling of its response. News reports indicate that Uber paid off the attackers to hide the breach and then failed to disclose it to regulatory authorities, as required by many state laws. Expect to see Uber dragged before Congress again in the new year.
6 — Government Secrets Spilled on the Web (again). In 2013, Edward Snowden, a defense contractor, leaked a series of secret National Security Agency documents onto the Internet before fleeing to Russia. In the years, since, we’ve seen a number of similar breaches take place and 2017 was no exception.
This year saw two major breaches that leaked sensitive cyberwarfare information from government agencies. A group calling itself the Shadow Brokers leaked sensitive NSA hacking tools, while Wikileaks’ Vault 7 disclosure released similar documents from the CIA. We’ve already seen some use of those secrets in attacks (see item 7, below), and we’re likely to see more in 2018.
7 — The Continued Rise of Ransomware. Ransomware was one of the biggest stories of 2016 and, despite efforts to bring it under control, it remains on the list this year. This year’s resurgence of ransomware is actually related to two of the other items on this list: the rise of North Korean cyberwarfare activities and the leaking of government cybersecurity secrets onto the Internet.
Things kicked into high gear in May when WannaCry wreaked havoc on systems around the world. This ransomware leveraged NSA attack techniques disclosed by the Shadow Brokers and many experts believe that it originated in North Korea.
8 — Net Neutrality Repealed. The repeal of net neutrality made major headlines this year and the only reason it ranks so low on this list is that the action taken by the FCC is only indirectly a cybersecurity issue.
While the repeal certainly raises legitimate issues about fair and open access to the Internet, there also may be a hidden side benefit for cybersecurity. If ISPs do invest in content filtering technology, that same technology may be put to use to combat security threats. That might not be enough to constitute a silver lining to the net neutrality repeal, but it’s something.
9 — GDPR Preparations Underway. IT compliance specialists around the world spent 2017 bracing for what will be one of the biggest privacy and compliance stories of 2018. The two-year transition period ends in May and companies doing business in the European Union or with EU citizens will be subject to new privacy requirements.
We’re certain to see GDPR coverage ramp up as the deadline approaches and compliance specialists are watching to see how enforcement actions play out. Will the EU take a hard line against GDPR violations? Will they attempt to vigorously enforce GDPR outside of EU borders? The answers to these questions will shape compliance efforts for years to come.
10 — Cybersecurity Skills Gap Grows. Anyone who tried to staff a cybersecurity team this year knows that the industry faces an increasing cybersecurity skills gap. The gap actually made mainstream news this year when it was the subject of an article by Forbes.
In this year’s (ISC)2 Global Information Security Workforce Study, Frost & Sullivan projected that “the gap between available qualified professionals and unfilled positions will widen to 1.8 million by 2022.” That an astonishing number of positions and presents a serious threat to organizations who need robust cybersecurity teams to defend themselves against increasingly sophisticated threats.
Phew! That’s quite a list, and it’s kept many information security experts extremely busy this year. On behalf of all cybersecurity professionals around the world, I hope that we see a far less interesting 2018!