Blog
← Back to Blog
December 10, 2017 cybersecurity

2017 Cybersecurity Year in Review: The Year the Threats Got Real

Year in review and cybersecurity landscape

If 2016 was the year cybersecurity went mainstream, 2017 was the year it became unavoidable. The attacks were bigger, faster, and more destructive than anything we'd seen before. Here's what happened and what it means for 2018.

The Timeline

May 12: WannaCry

The first global ransomware worm. 200,000+ infections across 150 countries in 48 hours. UK hospitals turned away patients. Used leaked NSA tools (EternalBlue) to exploit a Windows vulnerability patched two months earlier. A researcher accidentally stopped it by registering a kill-switch domain. Estimated damages: $4 billion.

June 27: NotPetya

Disguised as ransomware but designed to destroy. Spread through a compromised Ukrainian software update. Hit Maersk, Merck, FedEx, and thousands of others. Even fully-patched machines were vulnerable through credential theft. No functional decryption mechanism: data was destroyed, not held for ransom. Estimated damages: $10 billion.

September 7: Equifax

147 million Americans' data exposed: SSNs, birth dates, addresses, driver's licenses. Caused by an unpatched Apache Struts vulnerability. Attackers had access for over two months before detection. Equifax's response was widely criticized as inadequate. The breach that will generate identity theft for decades.

October 16: KRACK

A fundamental flaw in WPA2 Wi-Fi encryption. Every Wi-Fi device in the world was theoretically vulnerable. Mitigated by software patches and the fact that HTTPS provides an independent encryption layer. A reminder that no single security standard is permanently secure.

November: Uber Cover-Up

57 million users' data stolen in October 2016. Uber paid the hackers $100,000 to stay quiet and concealed the breach for over a year. Disclosed only after a new CEO discovered it. The cover-up became a bigger story than the breach itself.

By the Numbers

  • $10+ billion: NotPetya damages alone
  • 147 million: Americans affected by Equifax
  • 200,000+: Computers infected by WannaCry
  • 57 million: Uber users affected by concealed breach
  • $1.42 billion: Losses from business email compromise (FBI IC3 data)
  • 1,579: Data breaches recorded in the US (new record)

What Changed

Ransomware became a weapon. NotPetya showed that ransomware techniques can be used for destruction, not just extortion. The line between cybercrime and cyberwarfare blurred permanently.

Supply chain attacks arrived. NotPetya through M.E.Doc and the CCleaner compromise (which we didn't even have space to cover) showed that legitimate software updates can be weaponized. Trust in vendors now requires verification.

Accountability increased (slightly). Equifax's CEO resigned. Uber's CSO was fired. There are starting to be real consequences for security failures and cover-ups.

Patching urgency became undeniable. WannaCry, NotPetya, and Equifax were all caused by known, patched vulnerabilities. The evidence is conclusive: unpatched systems are the primary attack vector.

Looking Ahead to 2018

Expect more supply chain attacks, more targeted ransomware, and the beginning of regulatory response (GDPR takes effect in May). Expect CPU-level vulnerabilities to emerge (there are rumors in the security community about something big). And expect business email compromise to continue growing, because it keeps working.

2017 proved that cybersecurity threats are real, consequential, and not going away. 2018 will prove whether we've learned the lessons.