Search Close
Email Security Blog

Cyber Security Reflections on 2014

John Wilson December 29th, 2014 Cybercrime
Fallback Featured Image

Over a year ago, Target publicly acknowledged the now infamous data breach. For many weeks afterwards, news of the Target breach dominated the headlines. Cyber security was no longer just a topic for security professionals; the topic had gone mainstream. Sadly, 2013 was quickly eclipsed by 2014 in terms of data breaches.

In a report released on December 9th, 2014, the Identity Theft Resource Center identified 720 separate data breach incidents with an estimated 81.6 million records stolen. On October 10, 2014, Federal officials warned America that more than 500 million financial records had been stolen. If the ITRC’s numbers are alarming, the Federal government’s numbers are downright terrifying. You might as well take out a full-page ad in the NY Times listing your social security number, bank account number, and mother’s maiden name. After all, the bad guys already have the information, so why not just share it with the rest of us?

Reflection #1: 2014 saw an unprecedented number of financial records stolen. Incredibly, our payment systems are still functioning.

In April 2014, a tiny coding bug in the openssl library made global headlines as technology vendors and website owners scrambled to fix the Heartbleed vulnerability. In September, Shellshock hit the news, with the POODLE vulnerability hot on its heels. At least those three vulnerabilities can be fixed. A fundamental flaw in the USB standard, first announced in August, became significantly more likely to be exploited in October, when 2 researches published exploit code samples.

Reflection #2: 2014 saw an unprecedented number of code vulnerabilities make the news.

At Agari, we see email-based fraud every day. What strikes me about 2014 is the sheer number of brands that are being used as the lure in large-scale phishing and malware campaigns. We’ve seen campaigns using E-Zpass, Kohls , PG&E, Adobe, Costco, Walmart, Best-buy, Target, Microsoft, Gmail, Yahoo, AT&T, and hundreds of other brands.

Reflection #3: 2014 saw well-known brands in nearly every sector used as the bait in phishing and malware campaigns. 

Overall, 2014 was a terrible year for cyber security. If 2014 were a movie, it would be “The Empire Strikes Back”. Let’s hope 2015 will be a little more like “Return of the Jedi”.

Leave a Reply

Your email will not be published. All fields are required.

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

February 22, 2018 John Wilson

Email Phishing Scam Continues to Target College Students

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

February 2, 2018 Agari

Tax season is open – and W-2 scammers are back in force

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

December 7, 2017 John Wilson

The DMARC Mandate: How to Protect Citizens from Cyber Crime

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

mobile image