Threats, bugs, hackers and flaws – your highlight reel for the year behind us.
This year has been a busy one for cybercriminals and their foes. As more of our economy moves online both the crooks and the police have shifted their focus, resulting in more extreme breaches and more extensive legal action. For those who slept through the year in cybersecurity, here are the highlights.
As arguably the most successful desktop and laptop OS ever invented, Windows XP is still widely used in domestic and corporate settings. Launched in 2001, it had survived 13 years when Microsoft decided to pull support for it in April of this year, hoping that its customers would switch to newer software.
At the time as much of a quarter of desktop and laptop users were still using it, and many public services such as the NHS had to scramble deals with Microsoft to continue support for a few more years. That said much of the panic over security implications turned out to overblown, with only a few big hacks connected to the sustained use of Windows XP.
Few of the discussions in the cybersecurity industry make their way directly to the mainstream, but the Heartbleed OpenSSL bug was an exception to that rule. The flaw, which had existed since March 2012, allowed hackers to listen into conversations between web servers and users, facilitating the easy theft of passwords.
Websites as big as Facebook, Instagram and even Google swiftly issued patches, advising users to change their passwords as soon as possible. The hack also highlighted how rife password reuse across sites was, meaning that hackers could take one credential and use it to break into multiple accounts belonging to one person – a theme that has persisted since.
Perimeter security has often taken flak for the weakness of cybersecurity, partly because it is the first line of defence. Yet until Brian Dye, SVP of information security at Symantec, told the Wall Street Journal in May that antivirus "is dead", few people had been so brazen as to admit it to their customers.
Dye added that antivirus software only catches 45% of attacks, and that the company no longer thought of it as a good means of making money. Though for Symantec it was a repositioning exercise, for the rest of the world it was a huge admission that the hackers could get in if they wanted.
The auction site eBay had a nasty shock later that May as 145 million of its customers were hit by a breach of the database that contained customers details, including names, encrypted passwords, physical addresses, phone numbers, emails and dates of birth.
Despite the breach happening between February and March it took the company months to find out, and slightly longer still to let its customers know. This prompted a group in the US to file a class action lawsuit against the company in July, alleging the security measures in place had been inadequate.
The US and China have spent much of the year warily eyeing one another up, each investing time and money in developing weapons and defences online while accusing the other of behaving badly.
This standoff reached a climax in May as a grand jury in Pennsylvania indicted five Chinese hackers for attacking American industry in energy and metal. The move was strictly symbolic, but annoyed the Asian superpower nonetheless. Yet since then the cold cyber-war has continued unabated.
The trojan GameOver Zeus gained infamy in the cybersecurity industry for its botnet, a network of infected computers that helped to distribute CryptoLocker, the most significant piece of ransomware in the wild at that time.
A coalition of international police decided to make a move against the criminals, which were thought to be operating out of Ukraine and Russia. The subsequent takedown of the botnet in June crippled the virus for some weeks, though cybersecurity workers observed it returning some months later, and other ransomware has also surfaced.