What a year it’s been for online security! Louie, cyber security specialist at OmniCyber Security, has taken over today’s post to take a look back on 2016’s most threatening cyber attacks and share his tips for how we can protect ourselves.
Whilst 2016 has been a whirlwind for cyber security with the major introduction of Ransomware, wide scale breaches and the ever so infamous denial of service attacks. It’s time to think about what the near future will offer instead of dwindling on the past, with security becoming a growing industry and attacks becoming more complicated its very much a case of onwards and upwards, for both the malicious adversary and the person at the receiving end of these attacks, attempting to protect and dismiss against these high level platforms – our white helmeted knight in slightly dishevelled armour whom runs solely on coffee and twisted sense of humour.
Ransomware has been an ever growing problem within the last year or so, it’s easy to produce, often has a high yield and can be transported through various means – It is the basic concept of ransom. Essentially locking all of your cherished belongings in a two tonne, six foot, reinforced steel safe – then asking you to pay for the combinations. Ransomware works by slowly encrypting all data on a machine and once entirely manipulated informing the victim they have to send ‘x’ amount of money to a bitcoin address. Often people don’t make use of backup solutions of snapshot features within an operating system meaning that this can be a devastating loss for a person with 10,000 family photos or a student’s dissertation, this being data an individual can’t afford to lose, inevitably meaning the lockers get paid so the data can be retrieved.
The issues with this being that once you have succumbed to the extortion you are likely to be targeted again and labelled as ‘easy money’. Ransomware likes to travel via forms of email attachments and bad downloads, often purporting to be from a trusted source or having a naming convention that entices a user to open, for example ‘Invoices’. In my honest opinion I believe these types of attacks will feature heavily in 2017 and until we learn how to safely mitigate and fight these attacks the creation and variants of Ransomware will only grow, and flower into something not so lovely to look at. Ransomware has doubled since 2014 and six fold from 2013 and doesn’t seem to be slowing so learning to protect yourself is key. Be sure that you are aware of the attachments you are opening and the information you are downloading. Regular backups and snapshots of computers can be used to effectively mitigate these attacks after all, why would you pay ransom if you could just backup from a snapshot taken two days ago?
The Internet of Things (IoT), botnets and denial of service attacks. Where do you even start on this, this disparate array of devices that plug in, play, and control a lot of our daily lives. From smart TV’s, lighting and baby monitors to fridges and kettles. Nowadays we are beginning to form an addiction to ensuring everything can be automated and regulated. A friend of mine for example has lights that fade in to the sound of waves whilst his blinds slowly raise as a kettle is freshly boiled, all at the trigger of a morning alarm – sounds idyllic, no? However, with all these devices interconnects there spreads a wider attack platform for hackers to use to breach environments. In 2016 we saw a vast majority of these devices including routers and CCTV cameras that were advantageously breached through simple attacks. Either achieved through misconfiguration or through lack of built in security. Our issue is that we put so much faith into these products and when we plug them into our home, they just work. We neglect to realise that these devices can connect our home, to the world, then that can attract unwanted attention. We’ve seen many distributed denial of service attacks originate from these devices and when all controlled together can be used to overload services and sites with so much traffic they essentially fall over, cry and look to the skies for answers. 2016 has shown us that IoT devices can be used for DoS attacks.
2017 in my opinion will begin to show use more complex attacks as to what these IoT devices can do and then some, potentially gaining access to personal networks and environments – after all, they are realistically tiny PC’s with the power to act like mini controllers or pit stops for attackers looking to gain further footholds. The hope for a safe implementation of IoT is there though, with the scope for a ‘kite mark’ or framework to ensure that these devices are produced safely, with secure technologies at the development phase of product creation. Given this present time though it is encouraged to ensure that all devices with network connectivity are correctly configured and that all default passwords are changed to a suitable strong password because after all, they would’ve gotten away with it too if it wasn’t for us meddling kids.
In conclusion 2016 has been an eclectic year with Brexit, Trump and crazes that can’t get any weirder (we hope). Given current security stances and the ever long game of cat and mouse between the good guys and the bad in the cyber security world it is highly advised that people should look to go over and beyond security practices that they may already have. Ensure strong passwords, back up personal data and don’t be so quick to trust everything with access to the internet.
However, showing in a cinema near you will be the forthcoming blockbuster hit ‘2017’ showing from the first of January, all year long – so buckle up for the crazy ride that is sure to ensue.