2017 Greatest Hits: Problems seeded in the past

Posted date
30/01/2018
Autor
Juan Delfín Peláez Álvarez (INCIBE)
Cover greatest hits 2017

It seems that the word Cybersecurity was a trend on the front pages of the main media last 2017. Frauds against companies by means of Ransomware with Bitcoin payments, which are well-known, like the Wannacry, or the Petya, or attempts to obtain corporate information. We have also witnessed espionage tools developed by intelligence agencies, and alleged hacking of prominent electoral campaigns, as well as security failures in critical infrastructure applications and incidents.

Year 2017 may be summed up with the phrase “problems seeded in the past”, where most of the misfortunes we have suffered during 2017 are the consequence of carelessness, mistakes or bad previous configurations. Some of these oversights, even apparently unimportant facts, have had great consequences that we had not known to date.

If 2016 Greatest Hits began with a bank robbery, the 2017 headlines began warning about vulnerabilities in database systems. These are the main events that took place in 2017:

VULNERABILITIES

In January 2017 one of the biggest attacks against one of the most widespread database managers was already warned. More than 27,000 servers based on MongoDB were affected by this vulnerability. Subsequently, information leaks occurred due to these bad configurations, contributing to data theft, such as the case with the Smart Teddy Bears that exposed data from more than 800,000 families, or the data theft from the 19 million of Californian voters.

In October, a new vulnerability in the WPA2 protocol known as KRACK Attack, which affects the encryption protocol of WPA2 wireless communications, became news. It made possible for the attackers to capture and decrypt the traffic of a WiFi network.

RANSOMWARE

But undoubtedly, year 2017 will be remembered for the cases of Ransomware Wannacry and Petya. In May, the first wave of ransomware affecting more than 360,000 computers worldwide took place, taking advantage of vulnerabilities in the Windows operating system. Soon after, a new wave of ransomware, belonging to the family known as Petya, is once again news worldwide, although with low impact in Spain. Months later, a few isolated cases took place, but they had great repercussion, like the one that affected the public transport of California or the Scottish Healthcare.

CYBERSPYING

Cyber spying using networks has been a constant trickle, sometimes with a political purpose, such as the British intelligence service warning about possible cyber-attacks against its political system, or Russian interferences in the French electoral campaign, with accusations against countries and groups of hackers like Hidden Cobra, and specific espionage tools like Pegasus acquired by governments. Other espionage cases were aimed at obtaining information from companies such as the one suffered by the VEVO video streaming company, the theft of banking data from more than 143 million of Equifax customers, which resulted in the termination of several of the IT managers of the company, the theft of 57 million user to UBER or the possible spyware pre-installed on HP computers.

CRITICAL INFRASTRUCTURE

Fear of attacks against critical infrastructures has been present throughout the year. We started with the serious security breach at the Stewart International Airport in NY, the CrashOverride Case, the malware that sabotaged the Ukrainian power supply, or the Dragonfly 2.0 Campaign on intrusion in Electric Power Industry, and finally the Triton Case, a new malware that affects critical infrastructures.

During 2018, we hope that some of the lessons learned from 2017 may avoid these serious incidents, although the beginning of the year does not seem very promising: serious vulnerabilities of meltdown and spectre in the Intel and AMD processors and the management of the patches made by manufacturers do not foretell a good future. Even so, learning and trying to avoid the large number of incidents that will occur would have been ideal, which are sometimes caused by a lack of foresight by those responsible for computer systems. Unfortunately, cyber-attackers are becoming more and better prepared and have more resources, and the possibilities of profiting illegally or obtaining huge economic benefits or strategic interests are also greater. Given this scenario, on oncoming years will be necessary to organizations to hire Cybersecurity experts to fight against this threats. We can only say: “At least, they will not catch us off guard” since we are aware that sooner or later it can happen to all of us.

botón arriba