Reflare - Weekly Security Briefing 2016-01
Every year brings new security trends that increase threats for specific targets. This year, we expect to see an increase in extortion, government threats, and activist hacking. Security experts should still expect the standard DDoS and malware attacks, but these three trends continue to gain interest in the security industry as the primary focus for improved system protection.
The first and most costly for business and customers is extortion. We saw the fallout of the Ashley Madison hack in 2015. Hackers obtained 32 million user accounts from the company whose motto is â€œLife is short. Have an affair.â€ Privacy was paramount for company operations, and the fallout left millions of users exposed. Hackers first attempted to extort the company itself, but then turned instead towards its customers. Customers were emailed and even received phone calls to pay a fee to keep their privacy. It was the biggest extortion hacks to date.
The second trend is government hacking. Government websites are not a new target, but escalating tensions between China and the US continue to put government employees and systems at risk. Over 21 million government employee records were exposed in 2015 when hackers were able to gain access to social security numbers, military records, classified data and even fingerprints. It was the biggest government breach to date, and it allegedly stemmed from China. It was reported by Ars Technica that at least one person in China had full root access to every row in the database.
Finally, hacking activists (hacktivists) are creating some concern. Hacktivists are attackers who hack and deface systems to prove a point and make their cause heard. The hacktivist group Anonymous has commonly hacked systems for a cause, and these types of threats continue to be more popular as these hackers as well as others want their point seen in public. Most threats this year will involve political points such as environmental issues and even terrorism. We warn that organizationsâ€™ system administrators should use utmost caution especially if they manage networks for entities facing strong opposition from one or several special interest groups.