Cyber Security Vulnerability

Happy New Year & look back at 2013!


As we look forward to an exciting year in the world of Penetration Testing and Cyber Incident Response, it is hard not to remember what an eventful year has just gone by.

Last year saw the continued rise in the level of sophistication, impact and volume of hacking incidents; therefore it is not hard to predict that this trend will continue into 2014.

Here are just a few of the biggest incidents that came to light last year:

Adobe attacked on an unprecedented scale. This attack was initially disclosed by Adobe in October, who admitted that a database of 2.9 million customer accounts had been compromised. It is now clear that the attackers compromised up to 152 million accounts, all of which were uploaded onto the public internet. The attackers also stole source code for many upcoming releases of Adobe products. It is speculated that the full extent of the compromise is still not known to this day.

Social engineering used to breach two high profile UK banks. KVM devices were planted by attackers to provide access to internal networks. These attacks were perpetrated against Santander and Barclays earlier this year. Arrests have been made, however a reported 1.3m was stolen from Barclays.

Anonymous have had a busy year, there have been attacks on the US (NSA), North Korea, and Israel as well as many, many others.

The Syrian Electronic Army attack on AP and numerous other twitter feeds to raise awareness for its cause.

The global internet was said to have been slowed down in the DDoS attack on Spamhaus, the biggest attack ever seen of this type.

Bitcoin trading platforms have been subjected numerous attacks this year motivated by individuals trying to either steal the currency or disrupt global markets to influence trading prices.

The “Black Friday” attack against Target, who has confirmed that in excess of 40 million credit card records have been taken. The attack looks to have been committed against all retail outlets across the US, with the online elements of the business being unaffected. Investigations are ongoing.

The Snapchat hack which took place just before the New Year. The attackers posted 4.6 million user names and passwords to a website along with a message berating Snapchat’s approach to security with a witty analogy; “You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.” Whilst most would disagree with their methods, the sentiment is something can be related to by all security professionals.

It is clear that attacks are becoming both more sophisticated and numerous, therefore likely that 2014 will be a very interesting year in Cyber Security.