Email Security Blog

Cyber Security Reflections on 2014

John Wilson December 29, 2014 Cybercrime
Fallback Featured Image

Over a year ago, Target publicly acknowledged the now infamous data breach. For many weeks afterwards, news of the Target breach dominated the headlines. Cyber security was no longer just a topic for security professionals; the topic had gone mainstream. Sadly, 2013 was quickly eclipsed by 2014 in terms of data breaches.

In a report released on December 9th, 2014, the Identity Theft Resource Center identified 720 separate data breach incidents with an estimated 81.6 million records stolen. On October 10, 2014, Federal officials warned America that more than 500 million financial records had been stolen. If the ITRC’s numbers are alarming, the Federal government’s numbers are downright terrifying. You might as well take out a full-page ad in the NY Times listing your social security number, bank account number, and mother’s maiden name. After all, the bad guys already have the information, so why not just share it with the rest of us?

Reflection #1: 2014 saw an unprecedented number of financial records stolen. Incredibly, our payment systems are still functioning.

In April 2014, a tiny coding bug in the openssl library made global headlines as technology vendors and website owners scrambled to fix the Heartbleed vulnerability. In September, Shellshock hit the news, with the POODLE vulnerability hot on its heels. At least those three vulnerabilities can be fixed. A fundamental flaw in the USB standard, first announced in August, became significantly more likely to be exploited in October, when 2 researches published exploit code samples.

Reflection #2: 2014 saw an unprecedented number of code vulnerabilities make the news.

At Agari, we see email-based fraud every day. What strikes me about 2014 is the sheer number of brands that are being used as the lure in large-scale phishing and malware campaigns. We’ve seen campaigns using E-Zpass, Kohls , PG&E, Adobe, Costco, Walmart, Best-buy, Target, Microsoft, Gmail, Yahoo, AT&T, and hundreds of other brands.

Reflection #3: 2014 saw well-known brands in nearly every sector used as the bait in phishing and malware campaigns. 

Overall, 2014 was a terrible year for cyber security. If 2014 were a movie, it would be “The Empire Strikes Back”. Let’s hope 2015 will be a little more like “Return of the Jedi”.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

Agari Blog Image

February 27, 2019 Crane Hassold

Scarlet Widow Bombs Nonprofit Directories to Run BEC Scams

When the Agari Cyber Intelligence Division released our report on London Blue in December, much…

mobile image