It was hard to top 2016, the year when cyber security’s role in global politics became undeniable. And in 2017, the threats kept coming.
Social media continued to be a battleground for voters but didn’t seem to play a significant role in the British, French of German elections. Ransomware is still the most common attachment in spam emails and the trojan became more potent on Macs and Androids. And the role of antivirus companies even became a global controversy. We even found out about a vulnerability that could affect everyone who uses a modern Wi-Fi network.
These were all major events, but not biggest cyber security stories of 2017 as covered by Safe and Savvy. Our biggest stories of the year both summed up the current threat landscape and also spoke to larger trends that we will be forced to contend with in the new year and beyond.
1. The Internet of Things: If it’s smart, it’s vulnerable.
In January, F-Secure Senior Security Consultant Harry Sintonen appeared at Disobey in Helsinki to show how easy it is for hackers to use vulnerabilities make it to take of a device. It was a real life example of Hypponen’s Law: “Whenever an appliance is described as being ‘smart’, it’s vulnerable.” For years, F-Secure Chief Research Officer Mikko Hypponen has explaining that mass adoption of the IoT is going to happen “whether we like it or not.” And in 2018, the number of consumer IoT devices will likely exceed the human population of the earth. Meanwhile, there’s still no evidence that manufacturers are taking security seriously enough to sustain this sort of mass adoption safely.
2. Internet service providers (ISPs) in the U.S. can now sell your browsing history without your consent.
In April, the U.S. reversed a regulation that prevented ISPs from selling your browsing history without your consent. This move shifted regulation of providers from the Federal Communications Commission to the Federal Trade Commission (FTC). This shift is similar with what is now happening with the end of “Net Neutrality” protections. Cable companies prefer FTC regulation this because it puts them on a more equal footing with the firms that dominate web advertising, Google and Facebook. However, it also means all your web traffic may be sold so advertisers can more effectively target you. The good news is that a using VPN like FREEDOME, which is included in F-Secure TOTAL, to secure your traffic also prevents your ISP from collecting your browsing history.
3. WannaCry and NotPetya explode.
In May and June, we saw the two largest ransomware outbreaks ever — WannaCry and then NotPetya. Both used vulnerabilities that had been stockpiled by the U.S’s National Security Agency and then leaked into the public. And both exploited unpatched systems to spread like worms through networks. Luckily, both threats didn’t do nearly as much damage as they could due to flaws in their design. While both reminded the world of the importance of basic security hygiene like installing updates and designing networks to prevent worms from spreading, they both also raised numerous questions, like why did someone release ransomware like NotPetya when it didn’t seem capable of collecting ransoms? In May, F-Secure Security Advisor Sean Sullivan wondered if WannaCry might be nation-state crimeware. In December, the Trump Administration directly blamed North Korea for the attack.
4. Breaches from hell.
If you’ve used the internet in the last decade or have a credit card, chances are you were somehow caught up in the breaches that were reported in 2017. Over 143 million Americans had data compromised in the Equifax breach alone. Leaks of private data are so pervasive that F-Secure Labs found that even 30 percent of CEOs have had a password from an online service leaked online. For businesses, breaches are becoming even more crucial to prevent and manage. This is not just true because trust destroyed by hacks can potentially do catastrophic damage to a brand but because of the rise of the the European General Data Protection Regulation (GDPR), which enters full force on May 25th. There are many myths surrounding the GDPR, but in general these regulations may be good news for consumers’ data privacy and potentially a huge opportunity for businesses that take a proactive approach to cyber security.
5. Bitcoin boom.
“Ransomware has been around for years and years, way before Bitcoin,” Mikko Hypponen told BBC this year. “But the megatrend that really made ransomware such a problem is crypto-currencies like Bitcoin.” As the year neared its end, the price of Bitcoin exploded, at one point hitting over $19,000. It’s unclear what this means for ransomware crooks, given how difficult it may be to run a business with a payment method that gains or loses $1,000 in a day. And using Bitcoin to purchase real world items can be difficult. But it’s clear there’s a hunger for virtual currency that’s not subsiding as we head into 2018.