Every year, security publication SC Magazine publishes its list of the biggest security events of the year. The list contains everything from top new threats to top cybercrime charges and convictions, to the weirdest security news. It makes for very interesting reading because it provides a very clear snapshot of exactly what we're up against as cybercrime becomes more sophisticated.
Here's a selection of just some of the list. Enjoy!
Notable breaches (records exposed)
- AvMed Health Plans: 1.2 million
- Lincoln National Financial Securities: 1.2 million
- BlueCross BlueShield of Tennessee: 1 million
- Stuxnet vulnerabilities: Four Microsoft Windows zero-day flaws were used in the dangerous Stuxnet attack.
- "Operation Aurora" flaw: A vulnerability in Microsoft’s Internet Explorer allowed attackers to spread data-stealing espionage Trojans to Google, Adobe, and dozens of other organizations.
- Cross-site scripting flaw on Twitter: In September allowed an infectious worm to spread through the social networking site, affecting an estimated 500,000 users.
Top courtroom actions
- Albert Gonzalez: 20 years in prison for hacking into the payment card networks of retail chains to steal 130 million credit and debit card numbers.
- Three Gonzalez co-conspirators were also sentenced in March for providing Gonzalez with a zero-day exploit, laundering money and other charges.
- Katina Candrick: 15 years in prison for orchestrating a scheme to steal the personal information of patients while she was employed by Texas-based medical billing contractor MedAssets.
- "Iceman," aka Max Ray Butler: 13 years in prison for his use of wireless hijacking tactics to break into the databases of financial institutions and credit card processing centers.
- Huping Zhou: Four months in prison for, while an employee, illegally snooping into patient records at UCLA Health System employee. He is the first person to receive prison time for violating HIPAA.
Top research discoveries
- Firesheep: A plug-in for the Firefox web browser, created by Eric Butler, that lets anyone scan open Wi-Fi networks and hijack Twitter and Facebook accounts.
- Shadow Network: A sophisticated cyber espionage network stole classified documents from a number of computer systems belonging to government agencies, businesses and other organizations.
- Russian botnet: Cybercrooks in Russia installed Zeus and Gozi Trojans onto victims’ machines, enabling them to access check image archiving services and to crack into job websites to deliver messages to unsuspecting individuals, who were recruited as money mules.
Top 5 social networking news
- Simplified privacy: Bowing to the continued outcry from its massive member base, Facebook streamlined the settings available to users to control the data they share.
- Worm attack: A 17-year-old from Australia exploited a vulnerability to launch a massive Twitter worm that affected hundreds of thousands of accounts.
- Agency agreement: Twitter settled with the FTC over charges that lax security allowed users’ accounts to be compromised to deliver bogus tweets.
- Zeus meets LinkedIn: A massive spam campaign targeted users of LinkedIn by trying to trick them into installing the bank credential-stealing Zeus Trojan.
- Buzzed: Google paid $8.5 million into an education fund to settle charges that its Buzz service violated users’ privacy.
Top 5 cybercrime busts
- A federal judge in Illinois shut down a fraudulent debit and credit card operation that went undetected for years. The unidentified defendants, who usually made charges between 20 cents and $10 and targeted each card only once, racked up more than $10 million in fake charges.
- Law enforcement officials in three countries cracked down on organized cybercrime operations that used the Zeus Trojan to steal millions of dollars from U.S. and U.K. bank accounts. Within one week, police in the U.S., U.K. and Ukraine arrested 94 money mules and orchestrators of a cybercrime ring responsible for stealing $70 million with the data-stealing malware.
- Romanian police, in partnership with U.S. law enforcement, arrested 70 people from three different organized cybercrime groups charged with hijacking eBay accounts and setting up fake auctions. Since 2006, the groups stole more than $1 million from more than 800 victims across Europe, New Zealand, the U.S. and Canada.