Why 2013 was the year of the personal data breach

We look back at a year when cybersecurity hit very, very close to home.

As 2013 winds to a close, it's time to look back at the biggest security events and incidents of the year. Here's hoping there are some lessons to be learned--something to provide a foundation for stronger protection and a safer online and mobile world in 2014 and beyond.

With each passing year, the world of technology evolves and improves, and that includes building stronger defenses against cybersecurity threats. Unfortunately, cybercriminals are continuously adapting and acquiring new techniques, too, and successfully exploiting emerging technologies in a perpetual game of security leapfrog.

Here's the 2013 security highlight--er, lowlight--reel.


The concept of ransomware is simple: Attackers encrypt your data or lock you out of your PC or device using malware exploits, and then demand payment in exchange for restoring your access.

The biggest ransomware threat of 2013 was CryptoLocker. A recent report from Dell security researchers suggests that the CryptoLocker crooks raked in $30 million in only 100 days. That's $300,000 a day on average from users paying the ransom to get access to their data again.

"2013 saw a significant trend toward ransomware because cyberattackers were able to utilize Tor and Bitcoin to anonymously blackmail people into paying for access to their own data," says Ken Westin, security researcher for Tripwire.

The CryptoLocker ransom is generally $300. If you don't have a recent backup of your data, you don't have many options--either pay the ransom, or lose all of your data and start over from scratch. On the positive side, the criminals do, in fact, follow through on their promise to return your PC or data once you've paid the ransom.

"This trend will accelerate and migrate to mobile devices in 2014," Westin says. "There's an enormous number of consumers to target who are dependent on the data and services in their mobile device. More than half of mobile-device users don't use even the most basic security precautions, making them easy prey for cyberattackers."

Wolfgang Kandek, CTO of Qualys, warns that traditional defenses may not offer much protection against CryptoLocker. The attack does not require any special access or privileges, so it's very difficult to prevent using standard computer security tactics. "XKCD had it absolutely right in its April 2013 comic strip," he says. "If all my important data is my user data, the malware does not need to escalate to administrator to wreak havoc."

You really have only one way to protect yourself against ransomware threats: You must back up your data on a regular basis. If your system is compromised by ransomware, you can simply restore your own data from the backup rather than paying the extortionists.

Mobile malware

The overlap between ransomware and mobile security brings us to the next security trend of 2013: mobile malware. The volume of mobile malware has continued to grow exponentially, as cybercriminals try to take advantage of the fertile new territory.

FortiGuard Labs reported that it logged 50,000 malicious Android samples in January 2013--about 500 per day. As of November, that number had spiked to 1500 new malware samples per day.

The trend is alarming, but such reports also seem a bit "the sky is falling" at this point. Security vendors keep telling us that the volume of mobile malware is growing at a distressing pace, yet we haven't really seen a significant malware attack against mobile devices in the real world.

It's only a matter of time, though, before criminals move beyond the testing and proof-of-concept phase, and actually plant a malicious payload. The attack may not be as pervasive or obvious as old-school PC malware, because attackers have learned that flying under the radar and avoiding detection is a more lucrative strategy.

FortiGuard says that it has started to see evidence of a threat called AndroRAT, which attackers can deliver as a Trojan horse buried within an otherwise normal app. The RAT, or remote application tool, enables the attacker to send SMS text messages from the infected smartphone, monitor calls and SMS texts, direct the device's browser to a specific URL, or perform a variety of other actions that could serve either to compromise personal information or to siphon funds from the victim.

We're still waiting for "The Big One," but mobile malware will eventually live up to the hype--probably when users least expect it.

Data breaches

If you didn't already follow the established practice of changing your passwords every few months, 2013 probably left you little choice as sites and services forced users to choose new passwords in the wake of data breaches. Living Social, Evernote, and Adobe all experienced major data breaches in which tens of millions of user accounts were compromised, and passwords were exposed.

"One could argue that 2013 was The Year of Stolen Credentials,'" says Dwayne Melancon, CTO of Tripwire. "According to DataLossDB, the top five largest breaches in 2013 affected about 450 million records--that's a lot of instances of 12345,' password,' and monkey.' The most alarming thing is that many of these stolen passwords were found to have been stored in insecure ways despite plenty of warnings about using strong cryptography."

To cap things off, we found out that Target was the victim of cybercrooks. Between Black Friday and December 15, hackers collected credit card details on about 40 million people who had shopped in person at the popular retail chain.


The year kicked off with the Mandiant report on APT1, which offered undeniable proof that U.S. agencies and companies were being infiltrated by a group based out of China. But after everyone spent the first half of the year worried about foreign--possibly state-sponsored--attacks out of China, Iran, and Syria, Edward Snowden dropped a bomb that would change the conversation dramatically.

Snowden--a contractor for the National Security Agency--fled the United States (eventually finding temporary asylum in Russia) and shared with the world details about the NSA's spying on just about everything and everyone around the globe. The ripples from the Snowden revelations are still being felt, as U.S. citizens, the U.S. government, and the nation's allies struggle to find a balance between proactive diligence and overt violations of privacy and civil liberties.

"What he released essentially proved to the 10th degree that the U.S. government was itself infiltrating its own corporations and has been eroding the privacy of millions for years already," says Andrew Storms, a security researcher with CloudPassage. "The hundred-pound gorilla in the room wasn't China or Iran, but our own U.S. agency called the NSA."

"Perhaps the only good news from the Snowden leak is that it has forced a lot of companies to take a serious look at which data is important to them and how it's being protected," Melancon says.

Looking ahead to 2014, the looming threats are essentially the same. The threat from mobile malware will continue to grow, and we will continue to strive to protect our personal data--from cybercriminals and from our own governments.

Join the CSO newsletter!

Error: Please check your email address.

Tags Andrew StormsTripwireU.S. National Security AgencyDwayne MelanconCyberattackMandiantmalwarequalysKen WestinDellFortiGuard LabssecurityEdward SnowdenlegalCloudPassageWolfgang Kandekcybercrime

More about Adobe SystemsAndrew Corporation (Australia)DellEvernoteNational Security AgencyNSAQualysTripwire

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts