From the massive data breach at Yahoo! to the constant coverage of Russia’s cyber campaign interfering in the U.S. election, 2016 was a year in which cybersecurity received constant mainstream coverage. Here’s a breakdown of the top cybersecurity stories of 2016, proving no information is safe from cyber-attackers:
Wendy’s Breach Compromises Payment Cards
Fast-food chain Wendy’s was impacted by malware throughout the year, which resulted in the compromise of sensitive payment card information. In February, the company reported that it was seeing unusual payment card activity affecting some franchise-owned restaurants. A few months later, Wendy’s explained that an additional malware variant was identified and disabled. Finally, in July, Wendy’s provided information regarding specific restaurant locations that may have been impacted by the attacks.
All in all, more than 1,000 of its franchises across the U.S. were impacted according to Time magazine. Information that was potentially exposed includes cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.
Cyber-Attack Continues to Trouble LinkedIn
A cyber-attack from 2012 that impacted LinkedIn continued to affect the company even in 2016. The social media company learned in May that an additional set of data that was stolen from the 2012 incident had been released, claiming to be email addresses and hashed password combinations of more than 100 million LinkedIn members. As a result of the breach, the company invalidated all passwords they believed were at risk. Additionally, for several years now LinkedIn has hashed and salted every password in its database.
Dyn DDoS Attack Disrupts Internet Access
Internet performance management company Dyn experienced a distributed-denial-of-service (DDoS) attack in October which lasted approximately two hours. During that time, Internet users directed to Dyn servers on the East Coast of the U.S. were unable to reach certain websites, “including some of the marquee brands of the Internet,” the company said in a statement. According to The Guardian, those sites included Twitter, Netflix, Reddit and CNN, among others. After restoring service, Dyn experienced a second wave of attacks which was mitigated in just over an hour, the firm said. After analyzing the attack, Dyn later confirmed that the Mirai botnet was the primary source of malicious attack traffic.
What makes the Mirai botnet unique is the fact that it consists of Internet of Things (IoT) devices, such as digital cameras and DVR players, The Guardian reported at the time.
Yahoo! Breach Impacts Over One Billion Users
In what may be one of the biggest data breaches of all time, Yahoo! confirmed in December that an unauthorized third party in August 2013 stole data associated with more than one billion user accounts. Yahoo! became aware of the incident when law enforcement provided the company with data files that a third party claimed was user data. The company has not been able to identify the intrusion associated with the theft. The stolen information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Russian Cyberattacks on U.S. Election
While the Yahoo! breach was massive in scale, one of the cybersecurity stories that gained the most attention this year was the assertion by the U.S. government that Russia ordered an influence campaign aimed at the U.S. presidential election. According to an intelligence report recently released to the public, Russia’s campaign blended covert intelligence operations, including cyber activity, with “overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls.’” The goal of the campaign, the U.S. says, was to “undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
The story saw near-constant media attention, with former Secretary of State Hillary Clinton and President-Elect Donald Trump discussing the topic frequently on the campaign trail. And with the recent release of new information by the Obama Administration, this story isn’t going away anytime soon.
As we begin 2017 and reflect on these incidents, among many others, the case for comprehensive cybersecurity planning has never been stronger. The experts at Adapture recommend that all our clients sign up to receive an Executive Threat Report (ETR).
An ETR is a non-invasive, low-impact opportunity to validate your current security solution or discover security gaps that require attention.
For more cybersecurity stories, click here to read about the worst hacks of 2017.