Greatest Hits 2016

Posted date 23/01/2017
Miguel Herrero (INCIBE)
Portada greatest hits 2016

After analysing the 2015 cybersecurity headlines, we already forecast that 2016 would bring plenty of news stories concerning information security. It is only now that the year has ended that we can see which objectives were main focus of cybercriminals.

Let us start with the bank robbery through the SWIFT system. In February, news broke regarding a potential theft of 1 billion dollars from Bangladesh Central Bank. In the end only 100 million was stolen, but in June, another 12 million dollars was stolen from Banco del Austro (Ecuador) and another 10 from a bank in Ukraine. The SWIFT transfer system was found to have been malware-infected, following which an update was released on 25 April. In addition to these SWIFT heists, banks were also victims through their ATM network, as was the case in Europe, Thailand and Japan. Platforms that work with crypto-currencies couldn't stay out of the headlines either, as shown by the theft of 60 million dollars in Bitcoin and 50 million dollars in ether.

The second great focus of the year was the theft of personal information. The information of 50 million Turkish citizens along with that of 93 million Mexicans, 55 million Filipinos and 154 million US citizens was stolen in a grim year for citizens' privacy. In addition to these incidents, many online services were also affected by different thefts, as was the case with Twitter, VK, Dropbox, Finder Friend and Yahoo!, who confirmed two incidents whereby the information of more than 1 billion accounts and 500 million accounts respectively was stolen. But it was not all black clouds in relation to privacy, 2016 brought some good news too, such as WhatsApp's end-to-end encryption and Apple rejecting the creation of a backdoor in iPhones.

With the Mirai botnet, whose source code was recently opened, virtually anyone is now able to perform massive denials of service and, since October, it has been particularly active. The Mirai botnet, comprised of IP cameras and other IoT devices, was first used to attack a sector website and later, to attack OVH, the French service provider. Over the course of a few days, large corporations such as Sony and Twitter were targeted by this botnet which even managed to leave a million Deutsche Telekom customers without service.

In addition to these three huge successes (or failures, depending on one's point of view), there were headlines about an error in implementation of Linux TCP, threatening all users of the latest versions of Android, followed by a failure in Qualcomm processors which allowed access to encrypted information. Nor was it a quiet year for the iOS platform either, with at least three zero-days for the operating system used to spy on a human rights activist. This was later tackled by Apple's update of its operating system.

The latest glut of headlines focused on ransomware, which was also very present in 2015, such as when the San Francisco public transportation system was attacked, joining the list of other affected companies such as hospitals or electricity companies. Aware of the impact of ransomware on citizens and companies, here at INCIBE-CERT we offer you our support through our Anti-ransomware system.


The number of events included in the log has increased on previous years; however, the second quarter of the year seems to have been quieter than the first, in which all the SWIFT system-related incidents mentioned above occurred.

What to watch out for in 2017? The same as in 2016, no doubt. Thefts of money and information which can be easily monetised, together with denial-of-service and ransomware attacks, also in high demand and financially profitable . Furthermore, we will probably see more unknown failures of the most common mobile platforms, Android and iOS which are the new targets of cybercriminals due to the large amount of information they store.