Home / Blog / 2015 Cybersecurity Highlights log

2015 Cybersecurity Highlights log

Posted on 01/28/2016, by David Cantón (INCIBE)
2015 Cybersecurity Highlights

Nobody can deny that computer security is a vital issue in our lives, affecting all of us. It is not uncommon to see articles on themes related to or speaking directly about computer security in newspapers or mainstream publications. The INCIBE_ Cybersecurity Highlights log aims to gather together articles published on events or incidents related to computer security based on their importance or repercussions. With the information available in the Cybersecurity Highlights log, it is possible to keep up to date or to extract highlighted events from a given timespan; these highlighted events from 2015 are a good starting point.

Although all the events listed in the Cybersecurity Highlights log are there because of their relevance, here are 20 of the most important events from 2015, in chronological order.

timeline

As can be seen in the graph below showing the number of events recorded in the log, there is a rising trend, and it is logical to think that this trend will continue. People and companies are becoming ever more aware of the repercussions that the theft or disclosure of their private information can have; therefore, there is also a rising interest in learning relevant facts around these issues.

Number of events logged by month

- Number of events logged by month -

In the following graph, the main computer security related events of 2015 are linked to cybercrime, data leaks, incidents and vulnerabilities.

Classification

It is logical to think that cybercrime should be one of the overarching themes in this sector, given the huge economic benefits that can be obtained by malicious Internet use and everything it entails. Some examples of this are:

  • The theft of 5 million dollars in Bitcoins from Bitstamp, at the time the third-largest Bitcoin exchange globally.
  • Operation Carbanak, where it was revealed that hundreds of millions of dollars were stolen from banks by criminals who infiltrated systems using phishing techniques in order subsequently to make transfers to false bank accounts or to compromise ATM machines.
  • The theft of 46.7 million dollars from Ubiquiti, a company dedicated primarily to the design of wireless network hardware. The attacker posed as a member of the finance department and requested access credentials and bank account numbers by sending fraudulent emails to members of the organisation. Funds were subsequently transferred from the organisation to an account under the attacker’s control.

The leaking of information was the issue that generated the second highest number of computer security incidents in 2015. While it is true that the sale of user data and confidential information is big business, it is also true that in many cases the motive for making this information public is to gain notoriety or to damage the reputation of the companies affected. Examples of information leaks that have been seen in 2015 are:

The exploitation of vulnerabilities is one of the main techniques that cybercriminals use to attack systems. Therefore, the discovery of certain vulnerabilities which are especially significant, whether because they are widespread or because of their possible consequences, is always news that can have considerable repercussions. Examples of vulnerabilities discovered in 2015 are:

  • FREAK. A group of researchers discovered a number of serious vulnerabilities in OpenSSL and Apple’s TLS/SSL system, which would allow attackers to carry out a Man-in-the-middle (MITM) attack by downgrading the connection security from a strong RSA system to a more vulnerable one named Export RSA, which uses 512-bit keys. Multiple systems were affected, including Android, Linux and Apple and Windows operating systems.
  • Critical vulnerability in SSL affects thousands of iOS applications. The vulnerability was in the AFNetworking open-source code library, which provides network functionality for iOS and iOS X products. The exploit could allow SSL protection to be bypassed, because the domain names on certificates presented by servers were not checked correctly.
  • Logjam, another SSL vulnerability. The Diffie-Hellman protocol, used in HTTPS, SSH, IPSec and any other TLS-based protocol, is affected by a vulnerability that makes MITM attacks possible by downgrading encryption to 512 bits. With this security level and using precomputed data, the key can be found relatively quickly. This vulnerability, which is reminiscent of FREAK, is not due to an implementation error, unlike FREAK, but rather due to an error in the TLS protocol.

In addition to the attacks described, the following events in the fields of computer security deserve special mention, especially those related to critical infrastructure:

  • German Patriot missiles attacked. According to reports from German media, but denied by the government, six launchers and two German Patriot radars, deployed in Turkey near the Syrian border, carried out unknown commands for a limited time. The commands were supposedly issued by an "unknown foreign source". The attack against infrastructure as critical as a missile launcher shows that no system is absolutely secure and that a fault in this type of system can have alarming consequences.
  • ISIS attacking the US power grid. According to US government officials, the Islamic State (ISIS) is carrying out cyber-attacks against US electricity companies, although they have not been successful. According to an FBI source, although the tools use although the tools used do not represent a problem, the attack does reflect the growing importance of protecting key systems such as the energy generation and distribution network.
  • Safe Harbor agreement cancelled. A European Court of Justice (ECJ) ruling invalidated the Safe Harbor agreement, which allowed countries outside the EU to store the data of European citizens under certain security measures. The annulment of the agreement mainly affects large American companies, such as Facebook, Google and Twitter, whose business is based on information. The ECJ ruling indicates that adhering companies were obliged to comply with privacy requirements, but not American authorities, who could handle the data as their laws allowed.
  • First blackout history due to a cyber-attack. On 23 December 2015, Ukraine's national power grid suffered a cyber-attack that cause a blackout lasting several hours, which affected more than 600,000 homes in the Ivano-Frankivsk region. The attack would have been carried out using the BlackEnergy trojan and social engineering techniques.