While the data breach at Yahoo nabbed all the headlines last week, an equally nasty attack on a cybersecurity site went all but unnoticed, primarily because the attack failed.
Security website KrebsOnSecurity was targeted by a dedicated denial of service (DDoS) attack on September 20 that was among the largest internet assaults ever. According to security expert and website owner Brian Krebs, first reports estimated that traffic directed toward the site amounted to about 665 gigabits per second. Later analysis dropped that figure to 620 gigabits per second, still a gargantuan number.
What made the attack unusual is that it appeared “to have been launched almost exclusively by a very large botnet of hacked devices,” Krebs writes in his report. Hundreds of thousands of hacked systems may have been involved in the attack.
Krebs goes on to note that there were signs that the attack was launched “with the help of a botnet that has enslaved a large number of hacked so-called ‘Internet of Things’ (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.”
In September of last year, Fiat Chrysler recalled more than 1.4 million vehicles after testing proved that it was possible to hack into the vehicles’ software and take control of the engine and steering. IoT devices from door locks to thermostats have been hacked in similar demonstrations. Think about that the next time an appliance salesperson begins the spiel about the convenience of connected devices.
The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 708 data breaches recorded this year through September 27, 2016, and that nearly 29 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 21 since ITRC’s last report on September 20.
The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 708 data breaches reported so far for 2016 are more than 16% above the number reported (609) for the same period last year. A total of more than 169 million records were exposed in 2015.
Here’s a rundown of the latest ITRC report:
- The medical/health care sector leads them all in the number of records compromised to date in 2016. The sector has posted 36.2% (256) of all data breaches to date this year. The number of records exposed in these breaches totaled nearly 13.6 million, or about 47.2% of the total so far in 2016.
- The government/military sector has suffered 51 data breaches so far this year, representing about 42.5% of the total number of records exposed and 7.2% of the incidents. More than 12 million records have been compromised in the government/military sector to date in 2016.
- The business sector accounts for more than 2.5 million exposed records in 308 incidents. That represents 43.5% of the incidents and 8.8% of the exposed records.
- The number of banking/credit/financial breaches totals 26 for the year to date and involves more than 25,000 records, some 3.7% of the total number of breaches and about 0.1% of the records exposed.
- The educational sector has seen 67 data breaches in 2016. The sector accounts for 9.5% of all breaches for the year and more than 400,000 exposed records, about 1.4% of the total so far this year.
Since beginning to track data breaches in 2005, ITRC had counted 6,518 breaches through September 27, 2016, involving more than 880 million records.
