One hack after the next, large-scale data breaches, and high-risk vulnerabilities, are just a few of the many major security issues that have been chronically compromising organizations, users, and other businesses in 2014. Before we look forward to the rest of 2015, here's a recap of last year's biggest security stories—the ones that impacted a large number of users and various industries—so we can learn from past incidents.
One of the biggest security threats in terms of impact, the Heartbleed bug, which was disclosed in April 2014,is a critical vulnerability in the popular OpenSSL cryptographic software library that affected many websites.
The Heartbleed vulnerability allows an attacker to read the memory of systems that use certain versions of OpenSSL, potentially allowing the contents of the server’s memory to leak. Obtaining the keys allows malicious users to spy on all communications made on that system, enabling further exploits. While the use of OpenSSL is widespread, the impact of Heartbleed is mitigated depending on the configuration of the systems using it. Affected parties were encouraged to upgrade to OpenSSL version 1.01g, patch systems, and change or reset passwords for different websites accordingly.
Just a few months after the Heartbleed bug broke out, another major vulnerability known as Shellshock was discovered on September 2014. Shellshock is a flaw in the Bash shell, a standard component on most versions of UNIX and Linux operating systems as well as Mac OSX. The vulnerability allows attackers to run malicious scripts in systems and servers which compromises everything in it. The reach of affected systems is very broad since Linux powers over half the servers on the Internet, Android phones, and a majority of the devices in the Internet of Things (IoT).
The Sony hack, is the massively controversial hack attack that happened in late November of 2014. The attack maimed the corporation and forced them to shut down their entire corporate network after a threatening message appeared on their computer screens. The hacker group calling itself the Guardians of Peace (GOP) took over the corporate network, stole a treasure trove of sensitive data and dumped them online to expose plenty of private information such as email exchanges of executives, names and passwords, and personal information of involved parties. US officials initially concluded that North Korea ordered the cyber-attacks. An ongoing investigation is still being held and the FBI is closely working with multiple departments and agencies to trace the source.
Recently, UK police arrested a suspected member of Lizard Squad, a group of hackers who admitted to carrying a major Distributed Denial of Service (DDoS) attack on the Sony Playstation and Microsoft Xbox games network.
Data breaches have become a rather anticipated security issue that occurs at least once every month. The iCloud hack that went down in September involved leaked nude photos of famous celebrities posted by an unnamed hacker at the time who managed to get into the A-list celebrities’ iCloud accounts. Interestingly, the hack could not have come at a worse time for Apple as they were just about to stage their biggest event of the year: the launch of iPhone 6, other smart devices, and new operating systems that links to new features of iCloud. After an investigation, Apple concluded that the leaked images were a result of compromised accounts using “a very targeted attack on user name, passwords, and security questions”.
Despite the security measures practiced by the Apple App Store, a newly discovered WireLurker malware affecting OS X and iOS devices was found. This malware first infects the computer and transfers the malware when iOS devices are plugged in. What makes WireLurker unique is how it was able to scale the “walled garden”: it used a designed feature, a Trojanized app, which resulted in the successful infiltration of both jailbroken and non-jailbroken devices.
On April 8, 2014, Microsoft announced that Windows XP will no longer be officially supported. In the absence of any security patches from Microsoft, the potential for criminals to take advantage of the situation is significant for both users and enterprises as they will continue to be targeted.
As we look back at the past security incidents in 2014, we should learn from them and be reminded of what to avoid, what to improve, and what to anticipate. In retrospect, while we’ve seen the bad and the ugly, some good still managed to come out of these incidents, such as improved authentication methods to enhance security and user privacy. Many high-profile companies like Facebook, Google, and Microsoft now support some type of two-factor authentication, while Apple has made a big leap in terms of device security and privacy. With these developments, we can expect many positive implementations in the security landscape for the year 2015
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.