It was only three days into 2018 when one of the year’s biggest security stories broke about the Meltdown and Spectre flaws in modern microprocessors. From there, the calendar filled quickly with both privacy and security SNAFUs. While some of year’s privacy and security missteps were just a passing dark cloud, others left an indelible mark on the security landscape. Need some hints on what those events were? Just ask Mark Zuckerberg for starters.
Here is a look back at some of 2018’s most important privacy and security stories.
Cryptocurrency Mining Malware
It’s been a wild ride with the cryptocurrency boom and sorta bust. The year started out with a steady onslaught of hackers shifting from extorting money from victims via ransomware to planting cryptojacking malware. The switch was to take advantage of sky-high valuations for cryptocurrencies such as Monero. In March, we learned that one cryptoming gang earned $7 million in six months. As of December, the price for virtual currency has dropped so low thst ransomware has come back into vogue.DDoS Attacks
Compared to 2017, DDoS attacks grew five-fold. Not only did they become more popular, they also became bigger, smarter and more diverse. One of the most notable evolutions in the DDoS landscape over the past year was the growth of peak size of volumetric attacks. Attackers continue to use reflection/amplification techniques to exploit vulnerabilities in DNS, NTP, SSDP, CLDAP, Chargen and other protocols. Making matters worse, 2018 also saw a record number of devices, such as routers, become infected with malware such as VPNFilterBreach Fatigue
The year kicked off with the Department of Homeland Security announcing a breach that exposed the data of 240,000 employees. But, things were just getting started. In March, Under Armour reported a breach impacting 150 million MyFitnessPal accounts. And after that, breaches began to pile up from Ticketmaster, Girl Scouts, British Airways, Quora, Marriott and others.Meltdown and Spectre
Chip-makers were sent scrambling in January when teams of researchers revealed two major vulnerabilities hiding in microprocessors. Called Meltdown and Spectre, the flaws impacted Intel microprocessors and other modern CPUs. Both vulnerabilities impact how microprocessors isolate sensitive data in memory. It opened the door for an attacker to gain access to data such as passwords, encryption keys or potentially even data from adjacent virtual systems co-located on the same server.
Facebook Privacy Fiasco
The story broke about Facebook and Cambridge Analytica in the early months of 2018. And Facebook hasn’t stopped saying sorry ever since. The revelations began with the news that Facebook partner Cambridge Analytica had harvested personal data of Facebook users without their consent via the app thisisyourdigitalife. Then came the apology tour with Facebook CEO Mark Zuckerberg making nearly a dozen stops before Congress and the Senate Judiciary Committee. But just when you thought Facebook might catch its breath, in October there were new revelations about a security issue involving access tokens that exposed 50 million users. Then in December more reveals: This time it was a bug that exposed private images of 6.8 million users and then revelations of a data-sharing agreement with 150 tech firms where some had access to private Facebook Direct Messages.End-to-End Encryption
The 2018 debate over the government’s authority to access private encrypted data on digital devices was kicked off in January when the FBO Director Christopher Wray called unbreakable encryption an “urgent public safety issue.” The year will likely also be remembered for a controversial bill passed in Australia, which could give the government there access to data otherwise protected by end-to-end encryption. The year also saw challenges to end-to-end encryption by Russian authorities who ordered secure messaging service Telegram to hand over the encryption keys of 9.5 million active Russian users.Advanced Persistent Threats
In 2018, activity among the usual Advanced Persistent Threat (APT) suspects has been a little quieter than usual, say researchers. That’s not to say that some - Sofacy, Turla and CozyBear, notably - didn’t make waves this year. According to a year-end analysis by Kaspersky Lab, Sofacy was the most active of the three. “One of the most high-profile incidents was abuse of Computrace LoJack by this actor in order to deploy its malware on victim machines, in what can be considered a UEFI-type rootkit,” Kaspersky researchers wrote. The year also made room for newcomers as well, including Middle East APTs LazyMerkaats, FruityArmor, DarkHydrus and DomesticKittens.Destructive Malware
Soon after the start of the Winter Olympics in Pyeongchang, there were reports of malware attacks on infrastructure related to the Games. What became known as Olympic Destroyer shut down display monitors used by Olympic organizers, zapped Wi-Fi networks and prevented visitors from printing tickets by crippling the official Olympics website. The activity was an attribution confusion bomb, so researchers simply call the APT behind it “Hades.” And, we also saw destructive malware in 2018 in the form of the SamSam ransomware which is tied to crippling attacks on the city of Atlanta and Newark, N.J. Data-wiping malware Shamoon reappeared in December destroying drives at an Italian oil and gas company. And an incident in September forced an Indiana hospital to cancel elective surgeries and divert ambulances.GDPR Arrives
In late May, the European Union’s General Data Protection Regulation (GDPR) was signed into law. GDPR is considered the most comprehensive regulation on the protection of personal data in the world. It introduces a sweeping set of privacy requirements impacting everything from US consumer privacy, cybersecurity, the role of technology companies and the future of the transatlantic digital economy. Yet, while 2018 may have been a milestone for GDPR, there have been few fines and many are still trying to sort out compliance.Router Attacks
As criminals focused on stealing data and growing bot armies, routers became an attractive target for doing both. In May, Talos researchers reported that Russian-speaking threat actors, with links to the BlackEnergy APT group, were behind the VPNFilter malware that infected 500,000 routers. In August, Censys.io reported a massive cryptomining campaign targeting MikroTik routers, infecting 170,000 devices with the CoinHive malware. In March, we learned of a cyber-espionage threat, dubbed Slingshot, which targeted routers and used them as a springboard to attack computers within a network. And in November, 45,000 routers were reported compromised by a campaign designed to open networks to attacks by EternalBlue, according to Akamai.