End of the year wrap-ups always want to name a year something, like the “Year of Ransomware” or the “Year of Artificial Intelligence,” but it would be difficult to pin 2018 to a specific threat or trend, as so many reared their ugly heads. With that noted, it is pretty simple to define the year that was with some broad strokes.
Cryptocurrency. This topic can be broken down into miners – with 2018 seeing the level of cryptocurrency mining reac new heights – and other malicious actors instead simply breaking into digital wallets to steal the money. Those looking to place illegal miners on systems used a variety of methods and tricks to do so, including phishing, update scams, leveraging vulnerabilities, fake apps, exploit kits and even mobile devices. It was also proven this year that the direct approach was also quite profitable, with millions in digital currency being stolen from exchanges and wallets. Criminals hacked DNS servers to rob MyEtherWallet.com while two Missouri men were arrested on suspicion of committing a SIM swap attack that allowed them to steal $14 million in cryptocurrency from a California firm.
Data Breaches. While breaches are not new, 2018 saw some very high-profile victims – Facebook, with 50 million records compromised, to dozens of retailers and other organizations that were hit by the Magecart cybergang that specializes in placing malware on point of sale systems and then systematically stealing transaction data. Misconfigured servers also played a huge role in helping expose corporate and personal information in the last 12 months. Whether it was an Amazon Web Service S3 bucket or a MongoDB, millions of records were left open to the public because IT admins were not doing their due diligence and changing log in credentials or if they did making them something easy to find or figure out.
Election Hacking. Did it happen? Maybe yes, maybe no, but what did take place were endless discussions over whether or not the U.S. electoral system was safe from outside influence. Department of Homeland Security (DHS) Secretary Kirstjen Nielsen called the just completed elections “the most secure election” the country has ever experienced just prior to November 6, Then there were the 81.5 million voter records from 20 states that were found for sale on the dark web. Although much of this was discovered to have been publicly available data, the fact that it was available as a potential tool for malicious actors was, and remains, concerning.
Ransomware. A perennial favorite did not disappoint in 2018 with a SamSam ransomware variant pulling off some very high profile attacks. SamSam ransomware cut a relatively wide swath across the world with at least 67 different targets – 54 in the U.S. – targets being struck in 2018, according to a Symantec report. While some municipalities decided to pay the ransom, possibly garnering $6 million for the attackers, the real cost came from recovering from the attack Atlanta found itself with a $10 million plus bill to recover from SamSam, but the city can comfort itself knowing it is the same company as the Colorado Department of Transportation, Port of San Diego and shipping giant COSCO.
Cloud Storage. The words AWS S3 Bucket and MongoDB were in the news quite a bit in 2018, a fact the owners of those products would rather forget. In one of the largest breaches of the year, 445 million records were exposed when the Swiss-based data company Veeam used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access. The culprit in this situation, and dozens of other cases this year, is human error in the form of poor identity access management (IAM) practices. AWS and other cloud storage providers usually turn over a bucket to a customer in a locked down condition, but changes made by the end user often result in the data going from safe to exposed with a single keystroke. The sheer number of these incidents is helping shed light on the problem and, as a result, more effort is being placed on using proper IAM practices and simply keeping track on a regular basis of what is taking place in a database.