The Biggest Cyber-Security Incidents of 2016

Pierluigi Paganini
January 3, 2017 by
Pierluigi Paganini

January 1st, 2017, this is the right moment to look at the last 12 months analyzing the biggest hacks of 2016. It was for sure the worst year for cyber-security due to the amazing number of data breaches that have been publicly disclosed.

Presidential Election hacks

The last clamorous event of 2016 is the executive order of President Barack Obama that ejected 35 people in retaliation for the cyber-attacks against the numerous cyber-attacks against politicians involved in the Presidential Election. Russian hackers broke into the systems of the Democratic National CommitteeDemocratic Congressional Campaign Committee, and Podesta Emails.

Top Security Awareness Posters

Top Security Awareness Posters

Download our collection of free posters and use them to keep security at the forefront of your employees' minds.

Hackers in the attempt of influencing the final vote also publicly released private emails through WikiLeaksAccording to a JAR released by the FBI and DHS, the Russian APT groups APT28 and the APT29 were involved in the attacks against 2016 Presidential Election.

The APT29 known as (Cozy Bear, Office Monkeys, CozyCar, The Dukes and CozyDuke) broke into the party's systems in summer 2015. The APT28 known as (Fancy BearPawn StormSofacy Group, Sednit, and STRONTIUM) entered in spring 2016.

Shadow Brokers hacked the NSA-linked group Equation Group

Last summer a mysterious hacker group calling themselves the Shadow Brokers hacked into "Equation Group" arsenal. In February 2015, security researchers at Kaspersky revealed the existence of a hacker group, called Equation Group, that has been active since 2001 and that targeted practically every industry with sophisticated zero-day malware. Researchers linked the Equation Group to the NSA Agency.

The researchers explained that the Equation Group is a "threat actor that surpasses anything known regarding complexity and sophistication of techniques,"

In the arsenal of the ATP group, there were sophisticated hacking tools that according to the experts requested a significant effort for their development.

The Shadow Brokers tried to sell the hacking tools and exploits in an online auction without success.

YAHOO Data breach

In 2016, security experts discovered two data breaches suffered by Yahoo in 2012 and 2014. The second one, which occurred in fall 2013, is the biggest one regarding sheer magnitude, experts estimated it has impacted one billion accounts. Personal users' information was compromised, including names, email addresses, phone numbers, birthdays, hashed passwords, and security questions and answers. No financial data was exposed.

In 2016, Yahoo confirmed that it suffered another data breach in 2014 by state-sponsored hackers that accessed 500 million user accounts. The two security breaches are most likely separate.

"Weaponizing" the Internet of Things - The DYN DNS hack

In 2016, we assisted in massive DDoS attacks powered by Internet of Things devices that created serious problems.

The biggest cyber-attack powered by the Mirai botnet targeted the Dyn DNS service and affected a huge portion of Internet users in the US taking down the access to major web services, including Twitter, Reddit, Amazon, Netflix, PayPal, Pinterest, Spotify and many others.

The Mirai botnet involved in the attack was composed of IoT devices like DVRs, routers, CCTVs as confirmed by experts at Flashpoint. Experts believe that roughly 20,000 IoT devices participated in the attack flooding traffic to DNS hosting provider Dyn.

"Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs' blog "Krebs On Security" and French internet service and hosting provider OVH." reads the analysis published by Flashpoint "Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. "

Figure 1 - Mirai botnet attack on Dyn DNS service

OLD breaches shake IT industry ... LinkedIn, Tumblr, VK and DropBox.

Many serious hacks that happened in the past were disclosed in 2016. Overall, a billion account credentials fueled the black market.

  • 2012 LinkedIn breach affected around 117 million.
  • MySpace breach exposed 427 million users.
  • Tumblr data breach exposed 65 million accounts.
  • VK security breach exposed 93 million accounts.
  • DropBox security breach exposed 69 million accounts.

It is not clear who breached the above companies, and how, but a mysterious character using the online moniker Tessa88 was involved in all the circumstances, at least in the sale of the huge trove of data.

Adult Friend Finder data breach

The Adult Friend Finder data breach exposed more than 400 million users. The company Friend Finder Network that owns AdultFriendFinder and other adult websites was hacked.

The data breach has exposed more than 412 million accounts, 339 million of which from the and over 15 million "deleted" accounts that were still present in the database.

A close look at the databases revealed that 62 million belong to, and 7 million from, the remaining records come from other brands of Friend Finder Network.

Almost every account password was cracked, thanks to the company's poor security practices. Even "deleted" accounts were found in the data leaked after the data breach.

SWIFT Cyber-heists

In 2016, crooks have abused the international cross-border payment messaging system SWIFT to steal millions of dollars from banks across the world.

The first major known cyber-heist occurred in February against the Bangladesh Bank; cyber-criminals have stolen $81 million.

It was the first heist of a long string, in May, the media announced the second and the third victim of SWIFT hackers. In May a fourth Bank in the Philippines was a victim of the SWIFT hackers and experts at Symantec confirmed the malware shares code with tools used by the Lazarus group. In June experts from the ISACA organization confirmed that SWIFT hackers stole $10 million from a Ukrainian bank through SWIFT system.

Database of Philippine election voters hacked by Anonymous

In April hackers belonging to the Anonymous Philippines collective breached the database for the Philippine Commission on Elections (COMELEC). It is the biggest government-related data breach that exposed the records of more than 55 million voters that were made public online by Lulzsec Pilipinas. The archive is full of sensitive data, including personal and passport information and fingerprint data, and unfortunately, not all the records were encrypted.

LulzSec Pilipinas released 16 databases from the Comelec website for a total number of 355 tables

The data breach occurred a few weeks before the national elections in the Philippines, scheduled for 9 May.

Anonymous Philippines warned COMELEC to improve the security of the vote-counting machines.

Tesco Bank, victims of hackers

In November, Tesco Bank halted all online transactions after a cyber-heist affected roughly 40,000 of its customers.

This attack will remain in history due to the number of customers affected and the emergency measure adopted by the financial institution. The bank confirmed that roughly 9,000 customers had as much as £600 (around $763) stolen from their accounts.

Tesco has downplayed the amount of money that was stolen from the customers' accounts, anyway the bank will refund all losses and has apologized for poor customer service that supported the users that tried to receive information by calling the bank over the weekend.


Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.