Let’s take a look back on the cyber breaches in the year past—the bad, the worse and the worst.
The Year When Cyber Criminals Went Loose
If you want to ask who was hacked this year, it’s better to just ask who wasn’t. It was that kind of a year.Cybercrime was on its peak and no one was safe—not even CIA. Let’s have a look at some of the biggest cybercrimes of 2017.
Elasticsearch is a search engine library. It is popularly used by sites like Wikipedia, Soundcloud and Pandora. Hackers made use of a security opening in the services and affected thousands in its wake. The absence of authentication led to the attacks getting through.
2. WannaCry Attacks
This was one of the deadliest cyber attacks of the year, with over300,000 systems affected in only four days. The attack took place on May 12, by a cyber criminal group called WannaCry, who exploited the patch management lapses and hit thousands of enterprises with ransomware. This included both corporations and public utilities, but it hit the hardest on NHS—UK’s healthcare system. It effectively created chaos, delayed healthcare and about 19,000 appointments were canceled, including surgeries. The attack was the first to use EternalBlue—the leaked cyber weapon from another attack. Which brings us to…
3. Leaked Cyber Tools by Shadow Brokers
The National Security Agency has always been the epitome of secrecy and intelligence security. But even they were not exempt from cyber attacks. In April, a group of criminal masterminds called the Shadow Brokers leaked cyber weapons and classified hacking information that even most of the operators in NSA’s hacking group did not have. EternalBlue was one of the cyber weapons leaked, and which has been used in many following attacks.
4. Giants Like Merck and FedEx Fall to Petya Attacks
These were the second in the series of attacks that used EternalBlue. The attacks began in June, and attacked Ukrainian companies, from where they spread globally and infiltrated companies like FedEx and Merck, causing them losses in more than $300 million each. Initially, the attacks got through due to infected email attachments, but they spread like wildfire because not everyone installed the patches.
5. Deloitte Attack
This attack could be deemed the most ironic of them all. The global accounting firm that prides itself on cybersecurity was hacked because they failed to implement basic procedures like two-factor authentication, and hackers dived into the company’s internal email system, getting access to accounts of clients like U.S. departments of State, Energy, Homeland Security and Defense, FIFA and the Postal Service.
6. Equifax Breach
While the consumer credit reporting agency had had previous security failings in 2016 and earlier in March 2017, the most crippling attack was carried out in the May-July identity theft attack, which compromised more than 189.5 million consumers worldwide. The attack occurred due to a flaw in one of Equifax’s open-source tools, Apache Struts. The hackers used this as their opening to gain control of the website. Equifax also reported that they were made aware of the security flaw two months before the attacks.
If you want to learn about cybersecurity or wish to discuss your company’s information security and the best practices to implement, reach out to the experts at Graystone International.