It was presented last February 22 the the Clusit Report 2017 on ICT security in Italy, the result of the work of a hundred experts and with the contribution of public and private entities that have shared with Clusit– the Italian Association for Information Security -information, data and their own experiences in the field. The analysis conducted globally has highlighted an alarming fact regarding the year that has just passed: 2016 was the worst year ever in terms of the evolution of “cyber threats” and the consequent impact. Specifically, 1050 incidents have been identified that are classified as serious, i.e., with a significant impact on the victims in terms of economic damage, reputation and disclosure of sensitive data. The report is developed on a global scale and, despite ourselves, for the first time Italy is in the global top ten for number of victims.
In addition to describing the most affected sectors, as well as attack techniques, the report describes the ten most significant attacks that occurred in 2016, which were also selected based on the variety of situations/institutions they affected.
- Hollywood Presbyterian Medical Center. It was a ransomware-based attack that forced the hospital to pay a $17,000 ransom to get the criminals the key to decrypt its data. The holding of the first place is justified by the fact that similar attacks with hospital infrastructures were quite frequent in 2016 given the vulnerability of the entities in question: poorly protected facilities, easy to hit and at the same time critical, inclined to pay even relatively large amounts of money to quickly restore their operations
- FriendFinder Networks. An online dating platform that has had over 412 million of its customers’ accounts stolen. The attack was carried out through a Local File Inclusion vulnerability with the aggravating circumstance that most of the passwords were stored in plain text, i.e. not encrypted on the site’s database, or in the form of a simple SHA-1 hash, an insecure algorithm.
- Bangladesh Bank. The estimated damage in this incident is $81 million: not only was the bank’s system compromised, but fraudulent transactions were introduced into the Swift system with orders to transfer $1 billion in funds, of which fortunately only a first tranche of $81 million was successful.
- Adups Technology. The Chinese company has undergone the modification of the firmware for Android devices installed on 700 million machines marketed in different countries around the world, resulting in the collection of information related to Imei, Imsi, Max address, version number, phone operator, Sms and call list. An activity that lasted over 6 months before it was discovered.
- San Francisco public transportation system. Yet another ransomware attack that infected approximately 2 thousand systems including servers, clients, and machines used for ticketing functions. The ransom demanded was 73 thousand dollars without counting the main damage consisting in the necessary opening of the turnstiles for the free circulation of users in the impossibility of issuing tickets until the incident was resolved.
- American presidential campaign. The attack consisted in the publication by Wikileaks of 19252 emails relating to the National Committee of the Democratic Party, some of which were quite compromising and with a consequent influence on the outcome of the elections. The emails were stolen by a hacker even though all major American intelligence agencies have stated that they have evidence of Russian intervention behind the affair.
- Yahoo and its users. This is the largest account breach in history with over a billion accounts breached. The data breach in question involved names, email addresses, phone numbers, dates of birth, encrypted passwords and in some cases even security questions with their answers, which were then put up for sale for about $300,000.
- Dyn, Dns service provider. We are back in the United States where, users on the east coast found themselves unable to reach most of the most popular internet sites and platforms for a day. This is a DDoS attack scored through hundreds of thousands of remotely compromised IoT devices used as attack vectors.
- Tesco Bank. About 20 thousand customers of the British bank suffered this attack, robbed of their money over a weekend.
- Ministero degli Esteri Italiano (Italian Ministry of Foreign Affairs). Italy also falls in this unpleasant ranking with respect to the attack suffered by the Farnesina in spring 2016, which allegedly resulted in the compromise of some unclassified systems.