For the cybersecurity industry, the last couple of years have been a total nightmare. From ransomware attacks to virtual bank heists, the number of monthly cyber attacks are now in the millions.
With the rapid adoption of the Internet of Things, it’s only going to get worse. This makes it important for enterprises to learn from the mistakes of others and improve existing security protocols.
Most of these cyber attacks fall into two broad categories. The first type of attack focuses on stealing data and the second aims to take down or disable the target computer or network to knock it offline.
Bad actors usually use a mix of techniques to breach networks and these include the following:
- Phishing emails
- Man-in-the-middle attacks
- Social engineering
- Malware
- Distributed Denial of Service
There were a number of serious cyber attacks over course of 2017, let’s take a look at the top five.
1. WannaCry
The biggest ransomware attack in history happened in May 2017 and almost brought the whole world down to its knees. Known as WannaCry (WannaCrypt, Wanna Decryptor, or WanaCrypt0r 2.0), the ransomware targeted legacy Microsoft Windows operating systems.
Like previous ransomware attacks, it took control of infected computers and encrypted the contents of the hard drives that could only be decrypted once a ransom was paid. The most damage occurred across the pond in facilities run by the United Kingdom's NHS.
Ransomware is quite common, but what was different about WannaCry was the fact that it used code that was secretly developed by the United States National Security Agency. Originally called EternalBlue, the code was stolen and leaked on the dark web by a hacking group called Shadow Brokers.
The key takeaway here is that all individuals and organizations have to be highly proactive when it comes system upgrades. Microsoft had already identified and patched the vulnerability a few weeks prior to the ransomware attack, but many, like the NHS, hadn’t upgraded.
2. Petya/NotPetya
The Petya/NotPetya ransomware attack followed WannaCry (last June) and managed to infect a large number of energy firms, banks, and other enterprises mostly based in Western and Eastern Europe.
Starting in Ukraine, it spread from the government agencies, banks, Kiev’s airport and metro system and then spread across the planet.
Like its predecessor, this ransomware attack also targeted Windows operating systems and prevented them from booting unless a ransom was paid to regain access.
Petya’s origins can be traced back to 2016 when computers were infected via phishing emails, but it later evolved into NotPetya where it was modified to stop it from reverting its own changes.
This cyber attack highlights the importance of educating employees about the tactics used by bad actors to breach the system. In fact, a little awareness about phishing scams might have helped negate it altogether.
3. The Equifax Breach
The consumer credit reporting giant Equifax (that collects and aggregates data on over 88 million businesses and more than 800 million individuals around the world) reported last July that personal information of more than 143 million people was exposed in a data breach.
The personal data that was stolen included information like names, social security numbers, birth dates, and other sensitive information.
The data breach occurred when bad actors exploited a website vulnerability. However, this event was particularly bad for the company as they were made aware of it and told to fix it long before the breach.
Protecting sensitive customer data would have been as simple as implementing a tool called Apache Struts, but they failed to do it. No matter how big or small your company might be, the Equifax data breach is an example of the worst thing anyone can do.
The key takeaway here is that security warnings should be taken seriously and resolved rapidly. Ignoring it will certainly lead to a serious impact on brand value, brand reputation, and revenue.
4. Yahoo Email Data Breach
In October 2017, Yahoo announced that they recently discovered that three billion email addresses (including mine) were exposed in a data breach. However, the actual breach occurred way back in 2013.
This cyber attack accessed the following user account information:
- Names
- Email addresses
- Telephone numbers
- Dates of births
- Encrypted and/or unencrypted security questions and answers
- Hashed passwords
This event occurred as all the data was encrypted using easy-to-crack, outdated techniques. However, the stolen data didn’t include passwords in clear text, bank account details, or payment card data.
Three billion accounts basically add up to anyone who signed up for a Yahoo email account, so if you haven’t already, change your password as soon as possible (and enable two-factor authentication).
If you have been using the same answers to security questions, you should also change them wherever you have provided the same information.
The key takeaway here (again) is the fact that enterprises need to be proactive when it comes to embracing new technological upgrades. So whenever there is a better way to protect your IT infrastructure and data, you just have to go for it.
5. Delta Air Lines & Sears Holding Corp
Atlanta-based Delta Air Lines and the department store chain Sears Holding Corp recently found out that a data breach occurred between September 26 and October 12, 2017.
In this incident, sensitive customer data may have been exposed as a result of vulnerabilities in the technologies used by their third-party chat service provider [24]7.ai.
The data that might have been exposed includes the following:
- Customer payment information
- Government identification
- Passport details
However, security and SkyMiles data weren’t impacted and the second largest carrier in the U.S. couldn’t confirm if the information was accessed and compromised.
At Sears, internal systems weren’t accessed in the breach and customers using a Sears-branded credit card weren’t affected.
What can we learn from this incident?
Companies have to put third-parties through an extensive vetting process to ensure that they’re following the same high cybersecurity standards. When this is neglected, businesses risk exposing their internal enterprise networks.