A Look Back at 2016: The Most Memorable Cyber Moments

A Look Back At

INFOSEC PROS SHARE THE YEAR’S MOST MEMORABLE MOMENTS

“The story that was most curious to me was the surprise

announcement in May by the authors of the Teslacrypt

ransomware. They posted a short and simple message that they shut down their ‘project’ and they released the master

decryption key. While there is plenty of speculation about why the authors did this, it

still remains a mystery what caused the demise of

Teslacrypt.”

-BOB COVELLO @bobcovello

“The Mirai botnet, made up of hundreds of thousands of

compromised poorly-secured IoT devices, bringing down a DNS

service and – as a result – making many of the world’s

most popular websites utterly inaccessible.”

-GRAHAM CLULEY @gcluley

“Nothing has defined 2016 for the security community quite like Locky …. Given its sharing of infrastructure with one of the most persistent banking trojans in the wild, not to mention the current lack of decryptor, the ransomware will likely continue to make waves and prey upon unsuspecting users for years to come.”

-DAVID BISSON @davidmbisson

“In my opinion, the biggest battle has been for privacy. We’ve seen recent laws … that have created

legislation to give governments sweeping power, [concerning] privacy advocates. Along these lines,

we also watched a debate between the FBI and Apple in regards to a backdoor being requested to their iPhones. Digital privacy will continue taking a

bigger role in the news, and I think we’ll see encryption and privacy techniques built into

software as a response.”

-MATT PASCUCCI @matthewpascucci

“I can’t forget the Dyn attack that happened this October. Attacking a major

DNS provider is catastrophic because it

allows for phishing websites to succeed, which can lead

to man-in-the-middle attacks, credential theft

and malware infection .... Corporations online must

focus on having lots of redundancy in DNS

providers.”

-KIM CRAWLEY @kim_crawley

“The most memorable events of the year will prove to be the transfer of the Internet’s DNS to Internet Corporation of Assigned Names and Number (ICANN), the growth in number of Internet-connected devices (IoT) and continued growth of exploitation platforms like the Mirai botnet. Easy access to tools like Mirai make it easy for emotionally- and ethically-deprived actors to wreak economic havoc on unsuspecting targets.” �

-JIM NATTERAUER @jnitterauer

“I find the attack from the Mirai botnet to be the most notable event

of 2016 …. This was certainly an excellent example of why

redundancy and the main plans – disaster recovery, business

continuity and incident response – are vital to every business.”

-JOE GRAY @c_3pjoe

“I’ve been looking at insider threats more closely this year. In a nutshell: it only takes a few minutes to post company data for sale on the Dark Web. Once the information is posted – there is no going back. Whether it is via a disgruntled employee or a compromised account – internal information offered in the underground can bring a company to its knees.”

-BEV ROBB @teksquisite

“Recently, I was the target of a phishing campaign. The attacker

sent me an email saying my MS Outlook mailbox could no longer

send messages because it was too large .... This email stopped me in my tracks because I regularly do

exceed the allowed size of my mailbox. Attackers are getting much

better at manipulating us with carefully-constructed messages that appear legitimate. I think their skill

has improved dramatically in the past year, forcing us to be ever more

vigilant to prevent serious problems.”

-DAVID JAMIESON @dhjamieson

tripwire.com/blog

FOR THE LATEST SECURITY NEWS, TRENDS AND INSIGHTS, VISIT:

@tripwireinc