faceless person in a hoodie hacking into a computerBeing aware of the cybersecurity incidents that happened in 2016 is a vital part of the preparedness role of the risk management team in your organization.

Although cybersecurity related events of 2016 will be remembered mostly for the numerous breaches of users’ personal data by big-name companies offering online services, ransomware attacks have actually been the most common type of cyber-criminal activity this past year.

2016 Cybersecurity Incident Examples

Ransomware Attacks

Cyber criminals nearly doubled their ransomware activities in 2016.  And, while the healthcare and education sectors have been long-time ransomware targets ……that trend continued throughout 2016.

A few of the year’s more notable ransomware attacks on these sectors:

The Hollywood Presbyterian Medical Center

MedStar Health

The University of Calgary

Also important is the fact that ransomware attacks on small and medium businesses grew exponentially this past year. This independent report maintains that the number of attacks is eight times higher in 2016 than during the same time in 2015.

To that point, malware in 2016 was found to be designed to target the smaller network environments of SMBs. One of the significant examples of this is seen in the attack on small businesses based in Waukesha County, Wisconsin.   Check out the link below:

Menomonee Falls 

Another example is when during Thanksgiving weekend of 2016, one of the busiest weekends of the year, San Francisco commuters got to ride the train for free as ransomware attackers infiltrated the SFMTA ticketing systems.  Chek out the link below for more details:

SFMTA ticket system hacked

DDoS Attacks

But the high number of ransomware attacks have been closely followed by an uptick in the number, power and sophistication of distributed denial of service (DDoS) attacks.  These DDoS attacks have been spurred by the proliferation of criminal online services enabling anyone who is willing to pay to target companies in this way.

The fuel behind these attacks is Mirai, the ELF malware that turns devices into bots used for performing DDoS attacks. ELF is a common file format for Linux and UNIX-based systems, which makes many Internet of Things (IoT) devices particularly vulnerable.

A few factors contributed to the strength of the DDoS incidents: firstly, the source code of Mirai was made public, allowing a whole new pool of DDoS attackers to come into play. Mirai’s public source is on the way to becoming the core template that everyone copies. Secondly, the increasing number of unsecured Internet of Things (IoT) devices means that plenty of devices were easily compromised and used for botnets.

Mirai has been responsible for the largest DDoS attacks and the following devices are examples of which devices Mirai has compromised—from CCTV cameras, DVRs, home networking equipment and most recently routers.

To read more about the effects of Mirai follow the links below;

Brian Krebs


Russian banks

source: Dept Homeland Security

Cyber-attack on Critical Infrastructure

Prior to the event listed below, cyber attackers consistently showed interest in the critical infrastructure of various industries. Specifically, attackers were targeting enterprises using Supervisory Control and Data Acquisition (SCADA), which is an automation control system at the center of many modern industries.

This attack on the Ukrainian power grid in 2016 was the first confirmed instance of hackers leveraging malware to access SCADA systems and cause a power outage….check out the link below for more details of this attack:

Malware in Ukraine energy firms

Credit: idownloadblog.com

Apple Malware Attacks

While the existence of Apple malware would not be a surprise, the level of sophistication of the exploits is notable. The researchers who first investigated the malware called it, “the most sophisticated mobile attack we’ve seen yet, and marks a new era of mobile hacking.”

Apple zero-day vulnerabilities

Three zero-day vulnerabilities were identified and dubbed “Trident”. The chain of vulnerabilities could be leveraged to spy on the individual, collecting information from messaging apps, email, social media, and others. Trident was discovered when an activist in the UAE received text messages he identified as suspicious. He reported it to Citizen Lab, a research facility based in Toronto which worked with mobile security firm Lookout to gather more information about the vulnerabilities. Apple quickly issued a patch and widely urged customers to update to the latest version of the OS.

Adobe Flash Vulnerabilities

The number of Flash vulnerabilities discovered in 2016 was comparable with previous years, however, there were still several serious zero-days found and exploited. In late October, espionage group Pawn Storm ramped up its global spear-phishing campaign using a Flash zero-day even after a patch was issued. Both Adobe and Microsoft provided fixes, but the hackers still expanded the campaign. No doubt they were trying to get as many victims as possible before users updated their software.  Check out the following link

Adobe Flash vulnerabilities

Source; hainingnetcom.com

DNC Hack

A collection of over 19,000 emails from the DNC, the governing body of the Democratic Party of the United States, was leaked and published by WikiLeaks. This resulted in the resignation of DNC chair Debbie Wasserman Schultz as well as other prominent members of the committee. Reports also speculated that the leak may have influenced the outcome of the national elections.


Throughout 2016, Bitcoin remained the currency of choice for the payment for criminal products and services in the digital underground economy and the Darknet. Bitcoin has also become the standard payment solution for extortion payments.

Whether a financial institution, an Internet storefront that does business with online shoppers, and now even hospitals with the rising tide of ransomware, these cybersecurity incidents clearly inidicate a strong growing threat that cybercrime has no boundaries.

In fact, anyone with an email address, an inbox, or a social media account is a target for a cybersecurity incident.

Most organizations or individuals are not even aware of the bulls-eye on their back for hackers, cyber thieves, and extortionists until it’s already too late to respond or recover from being attacked.

If you found this information useful, please pass it along to members of your organization’s risk management team.

And, even more importantly, if you could, please share any additional information you may have about cybersecurity incidents in 2016 with our readers by posting comments to this blog.

Finally, our staff would like to share a link to a recent whitepaper by RSA entitled “2016: Current State of Cybercrime” with you.  Click here to read this report.

Pin It on Pinterest