Most persistent cybercriminals: Ransomware attackers
Most expensive attacks: Leoni and Bangladesh Bank
Biggest attack vector in finance: SWIFT
Most prolific patches: Microsoft
Microsoft has been regularly releasing its fixes on Patch Tuesday for over a decade now, and 2016 has been its busiest year. In 2015, Microsoft released 135 updates in total—a count easily eclipsed this year, already reaching 142 in November.
Worst all-around troublemaker: Mirai
Distributed Denial of Service (DDoS) captured the spotlight this year because of massive attacks against several high-profile targets. The fuel behind these attacks is Mirai, the ELF malwarethat turns devices into bots used for performing DDoS attacks. ELF is a common file format for Linux and UNIX-based systems, which makes many Internet of Things (IoT) devices particularly vulnerable.
First successful cyberattack on an industrial facility: Ukrainian power grid
Biggest data breach: Yahoo
In a year of mega-breaches, Yahoo has the distinction of potentially exposing the biggest number of users to risks. And since a lot of users reuse their passwords and usernames across different sites, multiple accounts become vulnerable. Cybercriminals use a technique called credential stuffing—using usernames and passwords from one account to hack other accounts.
Most politically charged breach: DNC hack
The Democratic National Committee (DNC) leak had a powerful impact on relations between Russia and the United States. Months after the initial leak and a thorough investigation, the US formally accused Russia of cyber-espionage and attempting to influence the US election.
Unanticipated discoveries: Apple zero-days
While the existence of Apple malware isn’t a surprise, the level of sophistication of the exploits is notable. The researchers who first investigated the malware called it, “the most sophisticated mobile attack we’ve seen yet, and marks a new era of mobile hacking.”
Perennially vulnerable: Adobe Flash
Constant security issues with Adobe Flash have caused most users to migrate to alternatives like HTML5. The situation worsened when Google started actively blocking Flash content on its Chrome browser, leaving users to enable Flash on a site-by-site basis.