SSL.com’s Security Roundup – End of 2015 Edition

SSL_com_logo

It’s the end of 2015, and SSL.com’s End-of-Year Security Roundup takes a quick trot past some of the most interesting, dire and memorable occurrences in the field of information security of the past year. We certainly hope everyone has a very secure 2016 – but check back with us every Friday in 2016 to find out who didn’t.

2015 SECURITY ROUNDUP

January


PUBLIC WI-FI NETWORKS REALLY ARE INSECURE – A PROOF OF CONCEPT:
 Swedish Pirate Party member sets up open (and insecure) wi-fi network at security/defence conference, collects reams of data from hundreds who connect to it.


February


INSURANCE COMPANY HACK – ANTHEM EDITION:
 Some 80 million records accessed.

KAPERSKY DETAILS EQUATION GROUP: Elite state-sponsored cybersnoops related to Stuxnet and Duqu teams profiled by security researchers.


March


INSURANCE COMPANY HACK – PREMERA EDITION:
Medical and financial information for 11 million customers stolen.


April


WHITE HOUSE EMAIL HACK:
Russian black-hats read (nonclassified) Presidential email.

BACKRONYM ATTACKS MYSQL: Defeats SSL protection on most widely used flavors of popular database.


May


NETNANNY PRACTICES POOR SECURITY HYGENE:
Multiple profound flaws revealed in widely-used “family monitoring” software.

UBER PRACTICES REAL-TIME ENCRYPTION: As in, remotely accessing and encrypting their data during a raid by Canadian taxmen.


June


OPM – THE HACK KEEPS ON GIVING:
4 million 11 million 20 million current and former employees (and accredited journalists) compromised. (Bonus points: First round of victim notification only completed in December.)

GERMAN PARLIAMENT NETWORK COMPROMISED: Solution: complete shutdown and rebuild of entire network.

KASPERSKY HACK: In wake of Equation group expose, “Duqu 2.0” compromises security researcher’s own systems.


July


HACKING TEAM HACK:
Well-known, generally reviled hackers-for-hire hoist on cyber-petard.


August


ICANN CREDENTIAL HACK:
Master domain name organization has user profiles, email addresses and more compromised.

WHALING FOR DOLLARS: Ubiquiti wires $46 million and change to offshore accounts due to faked executive emails.


September


PENTAGON FOOD COURT HACK:
Worker bank data compromised, nuclear codes and recipe database secure.

INSURANCE COMPANY HACK – BLUECROSS/BLUESHIELD EDITION: Records for 10 million customers compromised.


October:


CIA DIRECTOR’s EMAIL HACKED:
John Brennan’s AOL account compromised (repeatedly) by teenage hacker.


November


DELL PULLS SUPERFISH 2.0:
 Computer manufacturer pulls a Lenovo, slips bad SSL certificate onto multiple machines.


December


VTECH AND MATTEL MAKE VERY INSECURE TOYS:
Hello Barbie and electronic toys made by VTech prove to have deeply troubling security flaws.

JUNIPER BACKDOOR WEDGED OPEN: Parties unknown find and exploit an existing, intentional security hole in Juniper devices.


As always, we appreciate your reading these words, and hope you have a terrific new year. And remember what we truly believe here at SSL.com – a safer internet is a better internet.