2017 - The Year Everyone Got Hacked
Decoding Security
English - December 19, 2017 15:43 - 11 minutes - 9.54 MB - ★★★★★ - 6 ratingsTechnology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
2017 was a big year for malware, hacks, and data breaches. Voting machines proved to be easily hackable, Uber was caught paying off cybercriminals, and of course, Equifax experienced a breach that affected 140 million Americans. On the latest episode of Decoding Security, security analysts Jessica Ortega, Ramuel Gall, and producer/security analyst Topher Tebow count down the top ten cybersecurity issues of the past year.
Top 10 Cybersecurity Threats of 2017
2017 - The Year Everyone Got Hacked
2017 was a big year for malware, and data breaches. We even discovered new information about old data breaches, like the Yahoo breach that resulted in more account credentials being leaked than there were users on the Internet at the time. This being our last episode of 2017, we are going to go over the top ten cybersecurity issues that hit this year.
Recent News
Net Neutrality
Thursday, December 14th, the FCC voted to end net neutrality in a 3-2 vote. Now it’s up to the senate to block this, or let this decision stand.
WordPress
WP Keylogger
https://www.scmagazine.com/wordpress-hit-with-keylogger-5400-sites-infected/article/712733/
Null themes
https://blog.barkly.com/ransomware-statistics-2017
ROBOT attack
2017 Top 10
10 Freedom Hosting II
https://securityaffairs.co/wordpress/55990/deep-web/freedom-hosting-ii-hack.html
Took down a significant chunk of the dark web - including child abuse content
9 CCleaner Hack
https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security
Hackers hid malware in legitimate CCleaner software
8 Defcon Hacks Voting Machines
https://www.engadget.com/2017/10/10/defcon-event-reveals-ease-of-hacking-voting-systems/
Voting machines were hacked in under 90 minutes
7 Cloudbleed
https://www.cnet.com/how-to/cloudbleed-bug-everything-you-need-to-know/
Patched super fast, but gave Cloudflare users access to other users' data
6 KRACK
KRACK rendered nearly all wifi security vulnerable
5 Uber Coverup
https://www.nytimes.com/2017/11/21/technology/uber-hack.html
Don’t negotiate with cyber terrorists
4 Leaky S3 Buckets
https://www.theregister.co.uk/2017/09/04/ussecurityclearanceawsbreach/
https://threatpost.com/experts-warn-too-often-aws-s3-buckets-are-misconfigured-leak-data/126826/
Verizon and US Military data leaked due to mis-configured Amazon S3 buckets
3 EternalBlue/Shadow Brokers
http://www.wired.co.uk/article/what-is-eternal-blue-exploit-vulnerability-patch
Enabled much of the ransomware we saw in 2017
2 Equihax
https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do
https://krebsonsecurity.com/2017/09/equifax-breach-setting-the-record-straight/
How not to handle a breach
Apache Struts
1 Ransomware
Petya/NotPetya/Goldeneye/Netya/BadRabbit/WannaCry
Final Tip
Watch out for malvertising. If you aren’t already familiar with the term, malvertising is the practice of placing an ad with a large ad network, then changing the code to direct you to malicious content. You’ll come across this even on trusted sites, like Facebook and Spotify.