In many respects, this was a landmark year for cyber-security, with the scale of attacks and breaches reaching new heights as organizations struggled to stay safe. A number of key cyber-security events took place in 2017—involving ransomware, including WannaCry and NotPetya; misconfigured Amazon cloud storage disclosures; new vulnerabilities such as KRACK; and mega-breaches such as the Equifax attack.
Many of those big cyber-security incidents had a common root cause: the lack of patching.
On May 12, the WannaCry ransomware worm first struck organizations around the world, including hospitals in the United Kingdom, which were forced to shut down. Months after WannaCry first showed up, it was still having an impact and was responsible for a Honda Motor plant shutdown in June.
The open-source Apache Struts framework reported a remote code execution vulnerability identified as CVE-2017-5638 on March 6. Days later, the vulnerability was already being actively exploited by attackers, even though a patch was available. On Sept. 7, months after the original Apache Struts disclosure, credit reporting agency Equifax reported that it was the victim of a data breach impacting 145.5 million Americans. The root cause for the Equifax breach was identified by the company's management as being the CVE-2017-5638 Struts vulnerability.
Yahoo had first publicly disclosed the breach in December 2016, reporting at the time that 1 billion users were at risk. Yahoo is no longer an independent company and, as of June 13, is now owned by Verizon as part of a $4.5 billion deal. Although the impact of the Equifax breach was far reaching, no single breach disclosure in 2017 was larger than the one made by Yahoo on Oct. 3. On that date, Yahoo revealed that a data breach impacted all 3 billion of its users in 2013.
Blueborne is a set of Bluetooth vulnerabilities first disclosed on Sept. 12 that exposed nearly all operating systems to risk. The Broadpwn vulnerability also had a wide impact, enabling attackers to execute code on all devices with Broadcom WiFi chips, which include all iOS and many Android devices.
Patches for all major operating systems are now available for KRACK, Blueborne and Broadpwn. That said, if the experiences with MS17-010 leading to WannaCry and the CVE-2017-5638 Struts vulnerability leading to the Equifax breach are any indication, not all organizations patch all vulnerabilities. Don't be surprised to see vulnerabilities that were disclosed in 2017 still leading to breaches in 2018 and beyond.