Email Security Blog

Cyber Security Reflections on 2014

John Wilson December 29, 2014 Cybercrime
Fallback Featured Image

Over a year ago, Target publicly acknowledged the now infamous data breach. For many weeks afterwards, news of the Target breach dominated the headlines. Cyber security was no longer just a topic for security professionals; the topic had gone mainstream. Sadly, 2013 was quickly eclipsed by 2014 in terms of data breaches.

In a report released on December 9th, 2014, the Identity Theft Resource Center identified 720 separate data breach incidents with an estimated 81.6 million records stolen. On October 10, 2014, Federal officials warned America that more than 500 million financial records had been stolen. If the ITRC’s numbers are alarming, the Federal government’s numbers are downright terrifying. You might as well take out a full-page ad in the NY Times listing your social security number, bank account number, and mother’s maiden name. After all, the bad guys already have the information, so why not just share it with the rest of us?

Reflection #1: 2014 saw an unprecedented number of financial records stolen. Incredibly, our payment systems are still functioning.

In April 2014, a tiny coding bug in the openssl library made global headlines as technology vendors and website owners scrambled to fix the Heartbleed vulnerability. In September, Shellshock hit the news, with the POODLE vulnerability hot on its heels. At least those three vulnerabilities can be fixed. A fundamental flaw in the USB standard, first announced in August, became significantly more likely to be exploited in October, when 2 researches published exploit code samples.

Reflection #2: 2014 saw an unprecedented number of code vulnerabilities make the news.

At Agari, we see email-based fraud every day. What strikes me about 2014 is the sheer number of brands that are being used as the lure in large-scale phishing and malware campaigns. We’ve seen campaigns using E-Zpass, Kohls , PG&E, Adobe, Costco, Walmart, Best-buy, Target, Microsoft, Gmail, Yahoo, AT&T, and hundreds of other brands.

Reflection #3: 2014 saw well-known brands in nearly every sector used as the bait in phishing and malware campaigns. 

Overall, 2014 was a terrible year for cyber security. If 2014 were a movie, it would be “The Empire Strikes Back”. Let’s hope 2015 will be a little more like “Return of the Jedi”.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 5, 2019 Crane Hassold

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding…

Agari Blog Image

April 25, 2019 Crane Hassold

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to…

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

mobile image