Most persistent cybercriminals: Ransomware attackers

Ransomware has proved to be a popular business model for cybercriminals. It has attracted attention from several parts of the underground—as evidenced by the 172% increase in new ransomware families in the first half of 2016. And these attackers didn't limit themselves to just creating and updating tools. They continued to hammer old targets as they widened their pool of potential victims and adopted new methods to make their attacks more lucrative.

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.

Most prolific patches: Microsoft

Microsoft has been regularly releasing its fixes on Patch Tuesday for over a decade now, and 2016 has been its busiest year. In 2015, Microsoft released 135 updates in total—a count easily eclipsed this year, already reaching 142 in November.

Distributed Denial of Service (DDoS) captured the spotlight this year because of massive attacks against several high-profile targets. The fuel behind these attacks is Mirai, the ELF malwarethat turns devices into bots used for performing DDoS attacks. ELF is a common file format for Linux and UNIX-based systems, which makes many Internet of Things (IoT) devices particularly vulnerable.

First successful cyberattack on an industrial facility: Ukrainian power grid

Prior to this event, a Trend Micro report already revealed attackers showing interest in the critical infrastructure of various industries. Specifically, attackers were targeting enterprises using Supervisory Control and Data Acquisition (SCADA), which is an automation control system at the center of many modern industries.

Biggest data breach: Yahoo

In a year of mega-breaches, Yahoo has the distinction of potentially exposing the biggest number of users to risks. And since a lot of users reuse their passwords and usernames across different sites, multiple accounts become vulnerable. Cybercriminals use a technique called credential stuffing—using usernames and passwords from one account to hack other accounts.

The Democratic National Committee (DNC) leak had a powerful impact on relations between Russia and the United States. Months after the initial leak and a thorough investigation, the US formally accused Russia of cyber-espionage and attempting to influence the US election.

Unanticipated discoveries: Apple zero-days

While the existence of Apple malware isn’t a surprise, the level of sophistication of the exploits is notable. The researchers who first investigated the malware called it, “the most sophisticated mobile attack we’ve seen yet, and marks a new era of mobile hacking.”

Perennially vulnerable: Adobe Flash

Constant security issues with Adobe Flash have caused most users to migrate to alternatives like HTML5. The situation worsened when Google started actively blocking Flash content on its Chrome browser, leaving users to enable Flash on a site-by-site basis.