Levels of cyber attacks increased in 2016, making it a busy year for cyber security workers, but what were the main observations we can take from the year?
Microsoft, in its report ‘2016 Trends in Micro Security’ said that 41.8% of all cyber vulnerability reports are rated as ‘highly severe’. Cyber criminals exploit these software vulnerabilities to launch attacks.
This highlights the need for software publishers to quickly develop patches as vulnerabilities are revealed, and for IT managers to install them as soon as they are released.
In 2016, a number of major breaches reared their heads. Perhaps the most publicised ones were connected with the US presidential campaign.
Democrat Party private emails, including those from and to Hillary Clinton and campaign chairman John Podesta, were hacked and released on WikiLeaks.
The CIA found evidence that hackers from Russia linked to the Kremlin were behind cyber attacks intended to damage Clinton’s campaign and favour new U.S. President Donald Trump.
Another high-profile incident was the Denial of Service (DoS) attacks on Dyn. Dyn is a hosting provider that arranges services for well-known websites including Twitter, Reddit and Spotify. The number of DoS attacks reached 1.2 Tbps.
Last year, attackers shifted their attention from Java vulnerabilities to attacks via Adobe’s Flash Player.
Java exploitation used to be the favourite form of cyber-attack, but 2016 saw attacks via Java decrease. This is mainly due to the way browsers handle Java applets, and means that cyber security personnel might consider moving Java down the priority list.
Flash Player objects, meanwhile, appeared on 90% of malicious webpages. Some organisations have disabled Flash on their browsers, deeming it outdated. Organisations using Flash need to make sure that they keep up with the tool’s security updates.
Thanks to greater proactive measures by cyber security personal, the chances of enterprise computers being affected by malware decreased in 2016. Consumer computers are now more likely to be affected by malware than enterprise ones.
Exploit kits responsible for 40% of common exploits in 2016
Exploit kits, collections of exploits sold as bundles on hacker forums and other non-legal outlets, are stored on webpages, from which they can download malware that infects computers. Security workers need to understand the workings of these kits in order to guard against them, since two out of five exploits were down to them last year.
Many cyber security teams make sure that they protect operating systems and web browsers, but 2016 highlighted the need to also focus on applications. These count for a hefty 44.2% of vulnerabilities.
The number of Trojan malware incidents increased by 57% in 2016. Trojans pretend to be documents or images, but install malware on a computer when a user tries to open them. The challenge to security personnel is to prevent workers from opening dubious documents and image email attachments.
As we all expected, 2016 was a busy period for cyber criminals and provided many challenges for cyber security personnel. There is no sign that 2017 will show any let-up for both cyber attackers and cyber defenders, meaning we all need to stay on the ball.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.