2016: But her emails?
This year, a shady hacking group known as the Shadow Brokers started leaking NSA secrets, vulnerabilities, and exploits onto the Internet, embarrassing the agency, but more importantly, putting sophisticated tools in the hands of cybercriminals that would be employed over the remainder of the decade.
Most notably, they disclosed a group of SMB vulnerabilities and their accompanying exploits, which were later used to propagate the WannaCry infection laterally through thousands of endpoints, and which are still in use today to spread deadly Emotet and TrickBot infections in worm-like fashion.
If it were not for the cybersecurity fails caused by the Shadow Brokers, who knows? Threat actors might still be messing around with small potato consumer scams and identity theft. But with grown-up utilities in hand, they realized they could do a lot more damage to a lot more devices, and soon turned their greedy gaze to loftier goals.
2017: The year of the outbreak
Super sneaky government tool thefts are all well and good, but the impact of ransomware retooling and running wild cannot be denied. In 2017, ransomware authors decided that just going after home users was becoming a little old hat, so they started targeting large organizations in a wave of outbreaks (fueled by the very exploits stolen from the NSA in 2016). Sadly for us, those organizations included many of the services we make use of on a daily basis, whose files and operations were encrypted and held up for Bitcoin ransom.
WannaCry, NotPetya, and BadRabbit were the big three ransomware epidemics of the year, but the malware made headlines time and time again as ransomware authors inched themselves into every available corner. Threat actors may have become a little less inventive during this period, but they certainly were not resting on their laurels.
Arguably the heaviest-hitting ransomware story of 2017 was the WannaCry attack on NHS, as £92m vanished down the plughole. This was a seismic attack, the aftershocks of which are still felt today, spinning off into unexpected places that have taken on a life of their own.
2017: Crypto fever
In 2017, it was safe to say that basically anyone who had ever been online had their information compromised. Which is why we will instead turn to the birth of a brand-new form of cybercrime: cryptomining.
Bitcoin and other cryptocurrency had always been the favored tender of the black market, as it is anonymous and nearly impossible to trace. However, in 2017, crypto became more mainstream as a sudden, acute increase in value had even the beariest of bears opening cryptowallets and investing in super-niche altcoins. So naturally, cybercriminals being the vultures of the Internet, found a way to capitalize on all this carrion by jacking the CPU/GPU of other users’ systems to generate coin.
Starting in late 2017, we started noticing hundreds of millions of detections of coinhive.com, a CPU-mining platform that—while itself was a legitimate service—was being abused by cybercriminals to mine users without their permission. This kicked off a landslide of cryptomining activity that spawned the creation of multi-platform cryptomining malware, drive-by mining attacks, crypto-bundlers, crypto-themed scams, cryptowallet drainers, crypto crypto cryptors, and crypto.
While cryptomining has since died down from its 2017/2018 heyday, it remains forever part of the threat landscape, and I’m sure we will be seeing much more of it as cryptocurrency and blockchain technology take hold in the next decade.
2018: Shine’s off social media
2018 was all about the covert use of data pulling the strings in every direction you can imagine. Data mining and digital assets plus social media makes for a cracking combination in the wrong hands, and it turns out Facebook was the place most of this war was fought and won (or lost, if you were on the receiving end).
Cambridge Analytica, a political consulting firm based in the UK, probably knew they’d walked into “oh, whoops” territory when their offices were raided in 2018. They’d been mucking around on multiple elections worldwide, but drew attention to themselves and Facebook after it was discovered that they’d been harvesting the personal information from 50 million Facebook user profiles without their permission. The repercussions from this story continue to be felt today, as lawmakers now scrutinize Big Tech for their data privacy policies.
2018: Data privacy becomes a thing
Here, users got a rude awakening into the inner workings of the tech giants they had come to love, rely on, and otherwise be addicted to. Wait, you are selling my information to pharmaceutical companies? You can actually record my conversations through my digital home assistant? Suddenly, users had to be just as wary of legitimate tech companies as they were of cybercriminals.
The awareness of 2018 led to global action, as GDPR was put into effect, launching a million cookie notices and EULA rewrites. Digital data privacy had always been an issue, reaching far back to pre-Y2K years, and it will continue for many decades as we contend with biometrics and genetic data. But 2018 represented a period of public awareness that forever changed the way we build, buy, regulate, and use technology.
2019: The year of the triple threat
We are too close to 2019 to be able to say conclusively what stuck and what stank, but the triple threat of Emotet, TrickBot, and Ryuk ransomware caused such massive problems across a range of critical infrastructure and business services that any 2019 listicle that does not feature this attack is missing the mark. If your mailbox has not detected the familiar twang of an Emotet malspam landing on the network yet, you are doing very well indeed.
The triple threat officially saw light in 2018, but it was the attack of 2019. If there was news of a city declaring a state of emergency, a school shutting down for weeks, or a hospital shelling out thousands in ransom payment, you bet it was on account of these three devils. It is an assault from every angle, and in an alien invasion, this would be the part where the hero escaped through a conveniently placed air vent.
Cybersecurity fail of the decade
All this arguing on which cybersecurity fails were most awe-inspiring, death-defying, or just plain stupid would be pointless if we did not wrap it up in a nice year-end bow. So, without further ado, we will now take our pick of the top cybersecurity fail of the decade. Drumroll please…
Wendy: My vote is for Shadow Brokers because it set off a chain of events that allowed cybercriminals to evolve into more sophisticated, industrialized players, essentially radically changing the threat landscape from a bunch of kids messing around in their basements to organized criminals aimed at taking down organizations, swiping millions of users’ personal data and making significant profit in the process.
Chris: My pick is the Mat Honan hack. It is not as big, or as flashy, or as sophisticated as most of the attacks on display. But what happened to him pretty much still happens to people now as their first introduction to the world of “All my data is gone forever.” How they torched his digital existence and salted the earth is beyond brutal—and, most chillingly, it was nothing personal.