In-depth

2017's biggest security horror stories

The year's worst security incidents we'd hate to see again in 2018

Cybersecurity is always top of mind for businesses, but that's especially been the case in 2017.

From ransomware to botnets, this year's tech news has been dominated by a regular flow of security crises.

Here are some of the top cybersecurity incidents of 2017 that we don't want to see repeated in 2018.

Unsecured clouds and databases

Leaky bucket

Probably the trend that can most easily be prevented by users is databases facing the public internet that should have been secured, but weren't.

Two of the biggest bungles in this area relate to Amazon Web Services' (AWS) S3 cloud storage service and MongoDB's NoSQL database.

A spate of data leaks across 2017 came about because of unencrypted S3 buckets, affecting organisations including Accenture, WWE, the AA and Dow Jones.

These companies had apparently failed to read the small print of their contracts with AWS and hadn't realised this particular storage service wasn't encrypted by default.Thus, customer data was left exposed on the open web for anyone to see, leading to major security crises.

The issue was finally resolved in November when AWS decided it would add default encryption to S3 buckets, taking the onus off customers.

In the case of MongoDB, the situation was much the same. Users failed to encrypt their databases, which led to several waves of ransomware attacks rather than data leaks, with the cybercriminals encrypting the exposed servers and demanding Bitcoin for their release.

Unfortunately for the victims, there is no central resolution as with AWS S3, as MongoDB offers database software, rather than a cloud storage service, that can be installed on pretty much any server. The general advice, from both the company and the security community, is to turn on encryption, or at the very least password protection, at the point of installation sage advice for any IT administrator, irrespective of the service or software they are using.

Ransomware attacks

While ransomware has been a popular tool for cybercriminals for many years, 2017 saw an uptick in large-scale attacks.

Two of the most notable global ransomware attacks were WannaCry, which hit in May, and NotPetya, which landed in June.

WannaCry made global news after it spread rapidly around the world, with theNHS in England and Wales being particularly badly hit. The attack was notable for several reasons. First, the speed of the spread; within hours of the first incidents being reported in Asia on 12 May, it had started to spread internationally. By the end of the day, over 230,000 computers in 150 countries were infected.

Second is the systems affected. WannaCry exclusively infected Windows operating systems, both server and desktop. Although Microsoft had issued a patch for the vulnerability in March 2017, many large organisations' systems hadn't been updated for one reason or another (sometimes due to staffing, sometimes due to dependent software or other technical reasons).

Many were quick to point to the continued use of Windows XP despite it no longer being supported by Microsoft for several years. However, research from Kaspersky Lab demonstrated that, in fact, most of the infected computers were running Windows 7, which was still covered by Microsoft support at the time.

The third interesting thing about WannaCry is its alleged provenance. While there's no indication the US National Security Agency (NSA) created the ransomware itself, it has been suggested that EternalBlue, the Windows vulnerability that allowed the malware to spread and infect numerous systems at such high speed, was discovered by the agency some years ago but not reported to Microsoft. Instead, the organisation allegedly used it as an offensive tool in cyber warfare and defence. The existence of EternalBlue and other similar tools were revealed by Shadow Brokers in 2016.

While WannaCry was fast and effective, it was short-lived British independent security researcher Marcus Hutchins discovered a so-called "kill switch" embedded in the ransomware's code and was able to disable the initial attack in one fell swoop.

The same can't be said for NotPetya. According to WebRoot, this malware strain was the most damaging and dangerous to emerge in 2017. Despite using the same EternalBlue exploit as WannaCry, NotPetya was less widespread, but it was more persistent: first emerging in June 2017, it continued to infect systems all the way through to the autumn.

The creator's MO was also different: although it looked like a traditional ransomware attack, including displaying a ransom message, it didn't simply encrypt the system it created utter havoc. Once affected, the files were irrevocably scrambled, meaning that even if victims did pay the ransom they still wouldn't get their files back. Indeed, it has been speculated by various researchers that havoc and infamy were the main objectives of these criminals, rather than generating money.

Botnets

Like the other tactics on this list, botnets aren't new. What is new, however, is how they're powered.

Continuing a trend started by the Mirai botnet in 2016, 2017 saw outbreaks of DDoS and other attacks from botnets powered by Internet of Things (IoT) devices.

As such devices aren't typically thought of as computers, consumers in particular have failed to change default passwords before connecting them to the internet. To make the situation worse, some of these so-called "headless" devices don't give users any control over security settings anyway, meaning there's no way to protect them once they're exposed online.

While Mirai continued to cause disruption through 2017, with a 54-hour DDoS attack on an American university in March being the most notable of these.

Later in the year, a new IoT botnet dubbed Reaper emerged, which security researchers claimed will be worse than Mirai. This is because rather than cracking default or weak passwords, as Mirai did, Reaper infiltrates IoT devices via unpatched vulnerabilities. Once again, this is something that is largely in the hands of vendors, rather than consumers, to secure.

Reaper is only partially mobilised, according to a report released in late 2017 by Arbor Networks,with several thousand infected devices lying dormant. This raises concerns of a potential wide-scale DDoS attack in 2018.

Cybersecurity is a constant game of cat and mouse and true total security is unattainable but that doesn't mean businesses, consumers and vendors can't do their best to mitigate vulnerabilities and build up protection. Let's hope that in 2018 we see greater use of basic security precautions to defend against these potential monster attacks.

Pictures: Bigstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
8 most secure web browsers
web browser

8 most secure web browsers

25 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020