Every year we hope that cyber-attacks will not worsen, and we’ll finally have figured out the formula for stopping them. However, it seems that the problem only continues to be a huge issue for online databases all over the world. Regardless of whether you’re talking about a business in the Fortune 500, a small start-up down the street, or a personal e-mail, every single day accounts and information are being stolen, leaked, and held captive.
Unfortunately, no matter how smart our security programs are, online hackers seem to be getting that much smarter as well. With deep pockets and huge incentives to hacking, another company falls victim to a breach every single day. In 2016, worldwide spending on security software reached more than $73 billion, up from the $68 billion spent the year before. Also in 2016, companies saw an aggressive new form of hacking known as ‘whaling scams’ that accounted for almost 56% of all breaches.
The year 2017 has only seen increases when it comes to the number of breaches counted, and some of the worst attacks to date have already occurred in the calendar year. Familiarizing yourself with some of the pitfalls other companies have faced can often help you learn the do’s and don’ts of cyber security so you can protect yourself better. The following are 10 of the wildest cyber-attacks of 2017 to date:
In March of 2017, the exposure website WikiLeaks made public some 8,761 documents that were allegedly stolen from the CIA. The sensitive documents were said to hold some very valuable information, including the details behind their extensive spying operations and hacking tools.
The documents made known some of the weak points of iOS and Android devices, as well as vulnerabilities in Windows and smart TVs. After the initial exposure of information, the organization continued to let out smaller leaks in procession. This included information about Wi-Fi signals being used to track phone locations and the ability to watch users’ movements on Macs.
The information that was hacked included all of the CIA’s Trojans, malware, viruses, and much more. Although this cyber-attack wasn’t one of the largest this year in terms of ransomware, the motion did much more damage to the CIA itself by injuring its name in the public eye and slowing down its operations.
Voter Records Exposed
Voting data records seem to be very sought-after pieces of information for hackers to expose, and in this instance, almost 198 million voters and their personal specs were made public. On June 19, researcher Chris Vickery noticed a public database that exposed the massive amount of voter information from across the United States.
The information included almost every American citizen and dated back more than ten years. A data firm known as Deep Root Analytics who hosted the database explained that although the information was exposed, it’s likely that only a few people, including Vickery, had seen the information.
It was a good thing, too, that Vickery sent up the alarm, since any hackers would have had a hay-day with the easily-accessed information.
NotPetya began its hacking escapades by posing as a Ukrainian tax software update, which tricked hundreds of thousands of people into clicking the links and giving out their personal information. The malicious program accessed all of these computers—located in more than 100 countries around the world—in just a couple of days.
As a result of the malware, huge financial damage rained down on many American firms, including a pharmaceutical company known as Merck. In the end, the attack cost Merck over $300 million dollars in Q3, and it’s said that the company will lose? That number again in Q4.
A program known as WannaCry has been exposing companies and individuals all over the world for months. It works to lock people out of their computers, requesting a certain amount of money before the access will be returned.
This type of hacking is known as “ransomware”: where the organization demands money before lifting any locks or returning valuable information. For those who take too long trying to decide on their course of action, the price only continues to go up. If the deadline is reached, all of the files are ultimately destroyed with no way of getting them back.
People all over the world have been hit, from America to Russia to China, and specifically a lot of healthcare and financial institutions have been victims of this pernicious malware. More than 200,000 computers have been compromised this year, and there was even a live feed of WannaCry to track its movement.
For those who are worried about the future of WannaCry, your fears are warranted. Even when a security researcher found a kill switch to the virus, the organization worked around the problem and came back again. The program also seems to have a new name, called Uiwix, and it’s likely they’re still targeting computers.
If you do find yourself in the midst of a breach with this program, it is suggested that you wipe your entire machine and work with the back-ups you have. If you haven’t done that already, you may be in trouble. But simply paying the criminals isn’t a good solution, either. If you agree to pay, the hackers may simply request more money or hack you again at a later date because they know you’re willing to pay.
If you haven’t been hacked yet, consider backing up all your files to get ahead of WannaCry. Protecting your valuable office equipment is critical to keeping all your files safe and your hard-earned money where it belongs.
Locky is a form of ransomware that made huge waves in 2016. In the current year, Locky has been just as much of a problem, sending malware to thousands of computers by means of a phishing scheme.
The virus is delivered by e-mail, with an unassuming design that some users felt they could trust. The e-mail informs the reader that they have received an invoice requiring payment and that an attached Word document needs to be opened.
If the individual opens the Word document, they’ll find a page that seems to be full of untranslatable information and the message “Enable macro if data encoding is incorrect.” As soon as the user enables the macros, they are saved to the computer and a file begins to run, downloading a Trojan into the computer.
In order to remove the Trojan, individuals are forced to pay in bitcoin currency somewhere between 0.5 and 1 bitcoin – with 1 bitcoin equaling nearly $10,000 USD. In order to avoid this kind of cyber-attack, it has been suggested that users keep all of their security programs updated and that they only open information from trusted companies.
Jaff is a ransomware program similar to Locky, so it is suggested that users follow the same kind of protocol to avoid being exposed. Jaff came about in May of 2017 and quickly started to infect millions of computers all across the globe.
The company seems to target bigger names and companies, since its monetary demand is so high. To remove the virus from a computer, Jaff demands that users pay 1.79 bitcoin, which is equal to more than $6,000 USD.
Bell Canada Hack
When it comes to the big companies, hackers don’t always get what they want. Bell Canada was recently faced with some threats from a hacker who explained that they would release the personal information of more than 1.9 million user accounts if they didn’t pay up.
The hackers didn’t get what they wanted, however, as Bell refused to pay the organization. As a result, some information was leaked online, but it wasn’t enough to be much of a problem for Bell who seems to have made the right decision.
TigerSwan is a US-based, private security firm that recently had to deal with their own hacker problem. The firm made headlines after the resumes of their potential, existing, and past employees were released online to the public on an unlisted Amazon Web services storage platform.
The problem with the giant breach was not that the hacker demanded too much money, but that the data that was leaked included personal information of all of the mercenaries dating back to 2008.
Some of the personal information made public included individuals’ home addresses, phone numbers, passport numbers, and social security numbers. They also had the potential to include individuals’ past duties and intelligence roles. Some of the individuals who had the most to lose if exposed included Afghan and Iraqi nationals who had worked with the US forces and could now be endangered by the exposed information.
TigerSwan explained that the resumes were left unsecured by a recruiting vendor that the company had previously fired in February of 2017. This discovery only strengthens the argument for hiring highly-qualified individuals when dealing with sensitive information.
Travel-giant Sabre announced this year that it had, in fact, been hacked after hiring a security firm who confirmed the incident. At some point, an unknown organization obtained the credentials for the Sabre Hospitality Solutions’ SynXis Central Reservations System and was granted access to all of Sabre’s customer data.
The cyber-attack was one of the wildest of 2017 because Sabre processes reservations for customers of than 100,000 hotel chains and more than 70 airlines across the world. Fortunately for Sabre, only one database was exposed, which accounts for only 35,000 of its hotels, and less than 15 percent of the daily bookings were actually viewed by the hackers.
Even though the breach wasn’t as bad as expected, the hackers still gained access to customers’ credit card information, phone numbers, and home addresses. In order to fight the breach, Sabre immediately started reaching out to those that may have been a part of the breach, and starting updating and improving its security programs.
The tax and auditing firm, Deloitte, recently experienced a rough cyber-attack that saw the theft of a large number of confidential emails and documents. The attack may have actually occurred sometime near the end of 2016, but the breach wasn’t caught and exposed until the spring of this year.
Although Deloitte informed at least six clients about the breach of their information, there was suspicion that the company had suffered a much worse breach than they were admitting to. The attackers actually managed to hack into an administrator’s account, which was hosted on Microsoft’s Azure cloud, giving the hacker access to a wide range of data.
The giant problem with this breach was that the administrator’s account was only protected by a single password, as opposed to a two-tier security wall, making it so easy to break into. Hackers were able to get their hands onto information that may have included health data, usernames, passwords, and other sensitive information. Considering the company made more than $37 billion last year, one can expect that they’ve put some stronger security practices into place, starting with two-tiered passwords.
What it comes to cyber-attacks, it’s fair to say that no one is truly safe. Every day, hackers are working to find faster, easier ways of getting past firewalls and security programs to access the valuable information they want so badly. It’s wrong to assume that you will never turn the head of a hacker; whether you’re a part of a huge corporation or a private citizen checking your e-mails, there is always the potential to be hacked and exposed.
To avoid cyber-attacks, take extra precaution throughout the year by changing passwords, updating your security programs, and keeping up-to-date with current breaches. Knowing what kinds of viruses are out there right now may give you some heads-up to what kind of action you need to take and what you can warn your family and employees to look out for.