DDoS attacks were launched against Dyn
In October, Dyn, a DNS service, was hit by a sophisticated, widely distributed attack involving “tens of millions of IP addresses.” As a result of the attack, which was carried out in three waves, many users were unable to access Twitter, Etsy, Github, Spotify, Reddit, Netflix, and SoundCloud.
“While Dyn’s Network Operations Center (NOC) staff mitigates DDoS attacks regularly, it quickly became evident that this attack was unusual,” Kyle York, Dyn’s Chief Strategy Officer, said in a statement after the incident.
You may also be interested in What is a Network Operations Center?
The Dyn attack was remarkable because it made use of the Mirai botnet to enlist the help of “zombie” Internet of Things devices. A DDoS attack originating from compromised IoT devices demonstrated criminal actors’ increased capabilities when targeting networks, prompting some IoT device manufacturers to recall or review their equipment’s security.
It also raised awareness of IoT device security concerns in general, prompting the House Subcommittees on Communications and Technology and Commerce, Manufacturing, and Trade to convene a joint hearing to determine if government regulation is required to protect the Internet of Things device security.
However, the Dyn attack, as well as later (and a few before) strikes, were significant for their scale. According to Akamai’s Third Quarter, 2016 State of the Internet Security Report, the two largest DDoS attacks in the third quarter, both utilizing the Mirai botnet, were the company’s largest ever, with speeds of 623 Gbps and 555 Gbps, respectively.
A number of our clients experienced Mirai attacks that were well over a terabit in size. It’s also worth noting that the attackers targeted a DNS provider. Many attackers are learning right now that instead of assaulting a target directly, they should hit upstream.
You’re taking down a lot more than just your target if you can take down the DNS provider. It demonstrates a progression in the assailants’ worldview.
The hack of the DNC
Russian hackers targeting compromised personal email accounts were blamed for breaches at the Democratic National Committee and the Democratic Congressional Campaign Committee exposed during the summer. However, the intrusions sparked serious fears about possible election meddling.
The DNC intrusions were utilized to try to influence and control the elections. This isn’t the first time somebody has seen something like this. There’s a terrific story of a hacker in South America who used data dumps and misinformation to influence eight different elections.
While it hasn’t been established that the DNC hackers intended to influence the election, the fact that it happened was enough to make voters nervous.
Anonymous began waging cyberattacks against banks around the world in May. The Central Bank of the Dominican Republic, the Central Bank of the Maldives, the National Bank of Panama, the Central Bank of Kenya, and the Central Bank of Mexico are among those that have been affected. Anonymous knocked down the bank’s websites but did not try to steal money, instead claiming that the attacks were meant to bring attention to financial malfeasance.
Op Icarus began as a conventional application-layer attack, but it gained notoriety since it was a year-long campaign that went through numerous phases.
It was fascinating to see how [the hackers] progressed from using simple LOIC and rudimentary BPM to using Tor and botnets. They are now in phase five. Because the traffic appears semi-legitimate and is tough to prevent, the techniques they utilize are more difficult to neutralize.
SWIFT and Tesco
The allure of easy money made the banking industry an enticing target this year, as expected.
Criminals exploited SWIFT messaging to help steal $81 million from Bangladesh’s central bank in February, setting a new record. Following the hack, banks in Southeast Asia and other regions of the world began investigating probable security breaches using the SWIFT global financial messaging network.
Cybercriminals targeted the SWIFT messaging network in the hopes of delaying or initiating fraudulent transfers and thereby gaining access to cash.
Then, in November, Tesco Bank officials stated that a total of $3.1 million had been stolen from 9,000 client accounts. Banks are frequently targeted by hackers, but the Bangledesh and Tesco heists appear to be the first instances of cybercriminals successfully withdrawing funds from accounts, putting the financial sector on edge.
Tesco theft is a “threat to national security” and “undermines public trust in financial organizations,” said Britain’s interior minister, Amber Rudd, at a Financial Conduct Authority conference.
San Francisco Public Transportation
After a cyberattack on the city’s mass transit system in November, San Francisco transit riders were given a free ride.
A message appeared on ticket machines that read, “You broke into the system. ALL DATA IS SECURE “in addition to a contact email address The San Francisco Municipal Transportation System’s ticketing and point-of-sale systems were turned off. As a result, the transit agency opened the gates and provided free rides to people.
In 2016, ransomware became a popular attack method. Cybercriminals also targeted hospitals with ransomware earlier this year, demanding payment to open systems. In Q3, according to Kaspersky’s quarterly IT threat evolution report, there were 821,865 ransomware victims. While ransomware is already very widespread, a coordinated attack on several transit systems, hospitals, or other essential infrastructure appears to be a possibility.
Fedor Sinitsyn, a Kaspersky Lab ransomware expert, said crypto-ransomware continues to be a serious threat to both private consumers and businesses.
Security companies are detecting intrusions faster, so criminals are creating new malware modifications faster, Sinitsyn said.
Will there be more?
How can we expect hacks in 2022?
The best years of security of our systems may be behind us if attack surfaces, techniques, and means continue to grow in 2022.
It is expected to be a continued move away from reflective and amplification attacks, which are relatively easy to block, leading to TCP and IoT devices becoming the main vectors of attack.
Several different protocols have also been explored by attackers, according to security experts. Next year, we will probably see one or two new attack vectors we haven’t seen before. We are trying to figure out what they are doing while these attackers have all day to discover new things.
There is a responsibility on each organization to be aware of and prepared for cyber risks, both traditional and new, and to devise appropriate strategies and controls for mitigating them.
A cyber security consultant identifies potential threats and takes action on them immediately. Are you looking for a cyber security consultant? Schedule a demo today!