/ TitanHQ Blog
/ What the network security disasters of 2015 tell us about what’s ahead for 2016.
Posted by Geraldine Hunt on Tue, Jan 5th, 2016
No surprise here, 2015 was a big year for network security disasters.The Identity Theft Resource Center (ITRC) reports that the nearly 178 million records breached in 2015 is a record since it began reporting in 2005. The number of records exposed in 2015 by sector is as follows:
- Medical/health care - 122 million
- Government/military - 34 million records
- Business - 16 million exposed records
- Banking/credit/financial - 5 million records
- Education - 760,000 exposed records
Health care is a major target
In February, Anthem Blue Cross experienced the largest healthcare breach ever, involving 80 million records. The breach affected one-third of Americans. Records stolen included names, birthdates, social security numbers, addresses, and employment information. What is worse, much of the data was not encrypted. The breach was a result of a watering hole attack, where websites accessed by targeted users are compromised. The attackers then infect the targets and gain access to their local area network. The attack went undetected for nine months. Then a systems administrator noticed an internal database was being accessed by an account without the user’s knowledge.
Although the FBI says that the attacker is unknown, reports hint that this breach was perpetrated by Deep Panda, a know hacker group associated with the Chinese government. Premera Blue Cross was attacked the same day as Anthem, leading experts to believe that the same actors were involved. The Anthem breach was followed by the discovery of 10 million records stolen at Excellus and CareFirst BlueCross BlueShield. The attack began in December 2013 but was undiscovered until September 2015. Again, the attackers are unknown.
In July, news hit of a breach of 4.5 million records at UCLA Health Systems. There was “unusual activity” on a server during October 2014, persuading UCLA Health to involve the FBI. The breach was not discovered until May 5, 2015. UCLA Health had experienced other breaches since 2005, leading to lawsuits claiming data was not properly secured.
Governments still get hacked
The United States has repeatedly blamed China for cyberattacks on American government and business. In September, US president Barack Obama discussed the issue with his Chinese counterpart Xi Jinping. It appears that China does not limit its attacks to the United States. In December, news came of a breach at Australia’s Bureau of Meteorology supercomputer. Since this was linked to other computers in more sensitive government agencies, the attackers were obviously targeting the weak link in the network. The Australian government blamed China for the attack, but China denied any involvement.
The US Office of Personnel Management experienced two huge breaches, the first involving 4 million records and the second involving 21 million records. Some experts call these breaches are the most damaging to US national security ever. This is because the records stolen included entire background checks and fingerprints, perfect for blackmailing present and former government workers. The attackers stole a contractor’s credentials and used them to establish a malware backdoor into the network. The first breach went undetected for nearly a year until uncharacteristic SSL traffic and a decryption tool tipped off the systems administrators.
High-profile business and financial sector breaches
Fifteen million records were exposed at Experian, the world’s largest credit monitoring agency. The data stolen were of T-Mobile customers undergoing credit checks with Experian for a 15-day period in September. What is more disturbing; Experian’s encryption may have been compromised.
The UK's largest data breach of 2015 was reported in August by Carphone Warehouse, a conglomerate that does a lot more than sell car phones. Up to 2.4 million records containing personal and banking information and 90,000 encrypted credit card records were breached. There are conflicting reports of how the attack was executed. Some sources say there was a moderated DDoS to throw the security personnel off the scent while the break-in occurred. Others report that it was the result of a spear phishing attack. Carphone Warehouse reported the breach within 4 days after it was discovered.
In November, we were reminded that the Internet of Things (IoT) is not as secure as it should be. There was a breach of 4.8 million records at the toymaker VTech of Hong Kong. Its download portal was compromised, exposing a database of first names, genders, and birthdays of over 200,000 children. VTech purportedly had weak password security. According to Motherboard online magazine, the self-professed attacker said he planned to do "nothing" with the data.
Lessons for 2016
The only good thing about a data breach is that it can lead to improved security overall. Some of the lessons of the 2015 data breaches are:
- Corporate data can be exposed by a business partner or contractor. Third-party credentials require the same rigorous controls as those for employees.
- Attention-grabbing attacks like a DDoS can be used as a smokescreen for data breaches.
- Personal information as well as credit card data should be encrypted.
- A computer network is only as strong as its weakest link – layered network security is crucial.
- Health care providers maintain sensitive data that is attractive to foreign intelligence as well as identity theft rings. This sector will continue to be a major target of attacks.
- The lax security on IoT devices will invite more breaches.
Why not subscribe to our blog below and we'll keep you updated on all the latest news on the current malware, spam and network security issues.