Look back in horror… 2017 and the biggest hacks
Article courtesy of Steve Bell from BullGuard Antivirus.
In the world of cyber fraud and hacking just when you think things can’t get any worse they inevitably do. 2016 was widely considered to be the year in which ransomware for instance took off. PricewaterhouseCoopers also noted that there was 38% increase in phishing attacks during 2016 while hackers in general also widened their target to hit unsecured wireless medical devices, mobile devices and even cloud architecture. But 2017 looks set to make the nefarious activities of 2016 look little more than baby steps. According to Hackmageddon.com, there have been dozens of serious cyberattacks each month during 2107 affecting the personal information of literally billions of internet users worldwide. In short, cyberattacks in 2017 have been occurring at double the rate of 2016. Let’s look at the some of the biggest and most alarming.
One of the stand-out attacks of 2017 was the WannaCry ransomware. It spread through 150 countries and more than 300,000 computers were hit ranging from the UK’s National Health Service to Fedex, rail stations, universities, car manufacturers and a national telco. It spread incredibly quickly due to a worm-like component and led to media shock and horror. However, what was equally alarming was the fact that large numbers of organisations were using unpatched XP operating systems. XP is a Jurassic operating system and no longer supported by Microsoft. WannaCry exploited this. But you’ve got to ask why where so many organisations still using unprotected XP? Seriously. Haven’t these people heard of cyber security? The US has finally laid the blame for WannaCry at North Korea’s door. It doesn’t reveal how it came to this conclusion but with Gavin Williamson, the UK Defence Secretary recently warning that North Korea posed a “massive threat” and a “real danger” to the UK (absolute tosh and nonsense), the drums of war can be faintly heard, revealing that what goes on the cyber world can have serious real world consequences.
This was the mother of all hacks. Cybercriminals penetrated Equifax (EFX), one of the largest credit information companies and fled with the personal data of 145 million people. It was considered among the worst breaches of all time (until the next one) because of the amount of sensitive information that was taken. Identity theft has been a big concern following the hack and apparently unfortunate victims in the US have beginning to fall foul of identity thieves. Clearly taking a lead from other organisations that had been hacked Equifax only revealed the scale of the breach several months later. The Equifax CEO Richard Smith fell on his sword, testified to the US Congress and blamed the security failure on one person who was promptly ejected from the company with all the propulsive force of a North Korean missile.
Yahoo’s name has become synonymous with hapless cyber defence. The company dropped a bombshell in August 2017 when it announced that every one of its three billion accounts was hacked in 2013. We’ll just repeat that: ‘Every one of its three billion accounts was hacked.’ This was three times what was first thought to be the case. Former Yahoo CEO Marissa Mayer was also wheeled out in front of the US Congress (this is serious business) and said that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked. The company still doesn’t know who was responsible.
National Security Agency
This one might have passed you by but if you’re not familiar with it, it’s worth a read. The National Security Agency or simply the NSA as it’s more widely known is responsible for spying on other countries and mass surveillance if its own citizens, though this facet of its operations doesn’t make it into glossy recruitment brochures (see Edward Snowden). Like any good spy agency it has an arsenal of cyber tools for hacking into foreign banks, infrastructure, government departments, your bomb making granny; the usual stuff. However, rather embarrassingly a shadowy group of hackers calling themselves the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the NSA. These tools were then used in some of the year's biggest global cyberattacks, including WannaCry. Whoops.
In 2016, hackers stole the data of 57 million Uber customers and the company paid the hackers $100,000 to cover it up. The breach wasn't made public until this November, when it was revealed by new Uber CEO Dara Khosrowshahi. 57 million may seem like peanuts when compared to Yahoo’s mega data breach but this was a lot of personal information and most upright people were equally shocked at Uber trying to cover up the hack with a payment. However, it turns out Uber was also playing on the other side of the fence too. A former member of Uber's security team, Ric Jacobs, recently revealed details about a secretive unit within Uber. This was dedicated to stealing trade secrets, spying on competitors, using self-destructing messages and dodging government regulators. Whatever happened to corporate integrity or has it always been a bit of myth?
So what lies ahead?
These were just some of the headline cyber-attacks. There were many more that happened in 2017, far too numerous to mention and frankly enough to create a small library. So what can we expect in 2018? You don’t need to be a cyber Nostradamus to predict that the Internet of Things is going to get hit harder and more frequently including homes and industries such as airlines and car manufacturing, as the reliance on smart devices increases. Smart devices face the same cybersecurity challenges as our desktop PCs laptops and smartphones. The only difference is smart devices are attached to real things in the real world. If someone hacks a PC, personal data is at risk. But if someone hacks a robotic manufacturing arm that entire manufacturing line is at risk, if someone hacks a medical monitor a patient is at risk, if some hacks a smart lighting system that smart home is at risk. Inevitably 2018 will no doubt play host to more digital mayhem just let’s hope it’s not carnage.