Each year has its defining security moments; the events that completely change the way we think about hacking and breaches. The major security events of 2016 show a worrying trend towards more prolonged campaigns, in which advanced techniques are used over a period of weeks or even months to achieve pre-meditated goals. Large-scale attacks have become more targeted. Cyber-crime is maturing from random opportunities to earmarked recipients , and that could result in bad news for organisations of all types.
State-sponsored hacking has also taken centre stage this year, becoming a powerful tool in Russia and China's foreign policy operations. The US Democratic Party and Donald Trump's campaign were both subject to attacks. It's not only political organisations, which have felt the brunt of these activities, though - private organisations with public ties are also being targeted, as the attack on the World Anti-Doping Agency proves.
In the light of these developments, we examine here the two most significant security events of 2016 and how the cyber-security community responded - as well as what still needs to be changed.
1. Russia hacks the Democratic National Committee
When US Democratic Party officials levelled claims of hacking at Russian state actors following a string of confidential email leaks in the summer, a political security saga was born. Private emails from within the DNC were published on both Wikileaks and DCLeaks in 2016, raising questions about the party's internal politics and the fairness of its candidate selection process. With the blame laid firmly at Russia's door, a curveball was thrown in the shape of Guccifer 2.0, a self-proclaimed lone hacktivist. Research conducted by ThreatConnect, among others, later concluded that Guccifer 2.0 was in fact a false persona being used as cover by Russian-backed hacker collective Fancy Bear.
The significance of this attack lies in its position in 2016's political cycle. It brought the issue of state-backed hacking to a wide public audience, and highlighted the impact that countries like Russia could have on rival states' elections. The spectre of foreign cyber-intervention became a running theme during the US presidential race. Fears ran high that the electronic voting system itself could somehow be hacked. Although there is no evidence to suggest any such activity took place, the fact remains that in 2016, cyber-attacks escalated to a new level when they directly impacted national politics.
2. The Dyn botnet DDoS sweeps the web
We've seen a lot of excitement about the IoT over the last year, but in October, it bit back. Or more accurately, it was hijacked, with hackers using infected IoT-enabled cameras and sensors to form a massive botnet (a network of enslaved machines) to send floods of data to the Dyn Domain Name System (DNS). The DNS was knocked offline, and with it, many of the internet's most popular destinations - Twitter, Spotify, Soundcloud, Airbnb and Reddit, to name a few.
This attack was significant for two key reasons. First, it proved the dangers of implementing millions of poorly-defended IoT devices in people's homes and businesses. As the IoT grows, organisations need to ensure their own device networks are fully secure, and prepare their infrastructure for unprecedented DDoS attacks. That leads us to the second, more serious problem: This was the first attack to prove the viability of a future attempt to ‘bring down the internet'. The Dyn attack sustained traffic rates of 1.2 terabytes per second - levels which would have seemed outlandish just a year ago. A hit of that magnitude - or several factors larger - on core internet nodes or servers could well bring down large swathes of sites.
3. Automation and collaboration: the security community responds
In response to these powerful new attack styles, we've seen an increased availability of automated threat intelligence and information sharing in 2016. Information sharing is key to a strong defence, as companies can receive intel on existing and emerging threats from a wide network of partners, enabling them to prepare their systems against attacks of which they wouldn't otherwise be aware. This sharing is easier said than done, however, and as a result we've seen an increase in the availability of automation tools to speed up the process. By using automatic data analysis and integration tools to aggregate and interpret threat data, organisations of all sizes can gain the upper hand over hackers, accessing key information fast enough to head off would-be attackers.
The combination of these two factors has led to the creation of information sharing groups such as the collaboration between JP Morgan, Bank of America and Goldman Sachs which emerged in the summer. Despite their commercial rivalry, the banks moved together to tackle the cyber-risks facing the financial services industry, pointing the way forward for wider industries. There is strength in numbers, and we have seen some great steps forward towards a world in which defence data is made freely available to partners and competitors alike - when one benefits, all benefit.
4. The education deficit
As we look forward to 2017, what are the logical next steps for the security community? There is still a considerable gap between the need for security experts and the personnel and skills available. Organisations must look to increase the capabilities of their existing staff as well as hiring new team members. This is partly a message for the education system - as cyber-security becomes a major concern for governments as well as private enterprise and individuals, there is a growing need for education around cyber-defence at an earlier age to help encourage the growth of the next generation of security specialists.
With such measures still in their infancy, however, companies must now focus on maximising the resources they already have. Automation and information sharing should be top of the agenda for security teams looking to increase the depth of their insight and the speed of their response.
As evolving technology boosts cyber-criminal capabilities and state-sponsored hackers continue to come out of the shadows, it's essential that companies get the most information possible as quickly as possible. 2017 must be the year of rapid automatic sharing - or else the hackers will have the upper hand.
Contributed by Adam Vincent, CEO, ThreatConnect