Nobody can deny that computer security is a vital issue in our lives, affecting all of us. It is not uncommon to see articles on themes related to or speaking directly about computer security in newspapers or mainstream publications. The INCIBE_ Cybersecurity Highlights log aims to gather together articles published on events or incidents related to computer security based on their importance or repercussions. With the information available in the Cybersecurity Highlights log, it is possible to keep up to date or to extract highlighted events from a given timespan; these highlighted events from 2015 are a good starting point.
Although all the events listed in the Cybersecurity Highlights log are there because of their relevance, here are 20 of the most important events from 2015, in chronological order.
As can be seen in the graph below showing the number of events recorded in the log, there is a rising trend, and it is logical to think that this trend will continue. People and companies are becoming ever more aware of the repercussions that the theft or disclosure of their private information can have; therefore, there is also a rising interest in learning relevant facts around these issues.
- Number of events logged by month -
In the following graph, the main computer security related events of 2015 are linked to cybercrime, data leaks, incidents and vulnerabilities.
It is logical to think that cybercrime should be one of the overarching themes in this sector, given the huge economic benefits that can be obtained by malicious Internet use and everything it entails. Some examples of this are:
- The theft of 5 million dollars in Bitcoins from Bitstamp, at the time the third-largest Bitcoin exchange globally.
- Operation Carbanak, where it was revealed that hundreds of millions of dollars were stolen from banks by criminals who infiltrated systems using phishing techniques in order subsequently to make transfers to false bank accounts or to compromise ATM machines.
- The theft of 46.7 million dollars from Ubiquiti, a company dedicated primarily to the design of wireless network hardware. The attacker posed as a member of the finance department and requested access credentials and bank account numbers by sending fraudulent emails to members of the organisation. Funds were subsequently transferred from the organisation to an account under the attacker’s control.
The leaking of information was the issue that generated the second highest number of computer security incidents in 2015. While it is true that the sale of user data and confidential information is big business, it is also true that in many cases the motive for making this information public is to gain notoriety or to damage the reputation of the companies affected. Examples of information leaks that have been seen in 2015 are:
- Publishing of the information of Ashley Madison´s 39 million users, an international website dedicated to putting married people in contact to have extramarital affairs. The criminal group responsible leaked 40Mb of data, including bank details and internal documents. Their goal was for the page to be shut down.
- The theft of the personal data of 18 million employees of the US federal government in a cyber-attack. The attack occurred in December and was not detected until April.
- The compromise of the personal AOL email account of the director of the CIA, John Brennan. The information stolen included a spreadsheet containing the personal data of members of the CIA. This information was published by Wikileaks
- The theft of 13 million passwords from 000Webhost, one of the main free hosting providers. During the attack, 13 million passwords were leaked in plaintext, as no kind of encryption had been used. The company had been warned of multiple vulnerabilities in their systems but did not act on this. The attack occurred in February but did not come to light until 28 October.
The exploitation of vulnerabilities is one of the main techniques that cybercriminals use to attack systems. Therefore, the discovery of certain vulnerabilities which are especially significant, whether because they are widespread or because of their possible consequences, is always news that can have considerable repercussions. Examples of vulnerabilities discovered in 2015 are:
- FREAK. A group of researchers discovered a number of serious vulnerabilities in OpenSSL and Apple’s TLS/SSL system, which would allow attackers to carry out a Man-in-the-middle (MITM) attack by downgrading the connection security from a strong RSA system to a more vulnerable one named Export RSA, which uses 512-bit keys. Multiple systems were affected, including Android, Linux and Apple and Windows operating systems.
- Critical vulnerability in SSL affects thousands of iOS applications. The vulnerability was in the AFNetworking open-source code library, which provides network functionality for iOS and iOS X products. The exploit could allow SSL protection to be bypassed, because the domain names on certificates presented by servers were not checked correctly.
- Logjam, another SSL vulnerability. The Diffie-Hellman protocol, used in HTTPS, SSH, IPSec and any other TLS-based protocol, is affected by a vulnerability that makes MITM attacks possible by downgrading encryption to 512 bits. With this security level and using precomputed data, the key can be found relatively quickly. This vulnerability, which is reminiscent of FREAK, is not due to an implementation error, unlike FREAK, but rather due to an error in the TLS protocol.
In addition to the attacks described, the following events in the fields of computer security deserve special mention, especially those related to critical infrastructure:
- German Patriot missiles attacked. According to reports from German media, but denied by the government, six launchers and two German Patriot radars, deployed in Turkey near the Syrian border, carried out unknown commands for a limited time. The commands were supposedly issued by an "unknown foreign source". The attack against infrastructure as critical as a missile launcher shows that no system is absolutely secure and that a fault in this type of system can have alarming consequences.
- ISIS attacking the US power grid. According to US government officials, the Islamic State (ISIS) is carrying out cyber-attacks against US electricity companies, although they have not been successful. According to an FBI source, although the tools use although the tools used do not represent a problem, the attack does reflect the growing importance of protecting key systems such as the energy generation and distribution network.
- Safe Harbor agreement cancelled. A European Court of Justice (ECJ) ruling invalidated the Safe Harbor agreement, which allowed countries outside the EU to store the data of European citizens under certain security measures. The annulment of the agreement mainly affects large American companies, such as Facebook, Google and Twitter, whose business is based on information. The ECJ ruling indicates that adhering companies were obliged to comply with privacy requirements, but not American authorities, who could handle the data as their laws allowed.
- First blackout history due to a cyber-attack. On 23 December 2015, Ukraine's national power grid suffered a cyber-attack that cause a blackout lasting several hours, which affected more than 600,000 homes in the Ivano-Frankivsk region. The attack would have been carried out using the BlackEnergy trojan and social engineering techniques.