The Top 3 Security Hacks that Have Happened this Year
It’s been a monster year for cybersecurity so far in 2017. At the end of 2016, we thought we’d seen it all – from the series of hacks on the Democratic Party to the costly hacks on Yahoo, LinkedIn, and Dropbox. But, if anything, these were just signs that things would get a lot worst for cybersecurity, especially with advances in the IoT, the cloud, and other disruptive technologies that offer platforms for hackers to become better at their trade.
Indeed, with only a few months to the end of the year, things have gotten worse. 2017 has seen some of the worst hacks in recent times, with most of them targeting confidential data and information that is then either exposed or sold in the black market.
As the year comes to an end, check out three of the worst hacks so far this year.
1.) Equifax Breach
The Equifax data breach went into record books as one of the worst hacks in recent history, largely because of the amount of data that was compromised. Earlier in the year, Equifax, a major credit reporting agency in the US, reported that sensitive personal information belonging to about 145 million consumers had been hacked.
The breach, which took place between May and July, saw hackers steal Social Security numbers, names, addresses, birth dates, and driver’s license numbers within the 2-month window. About 209,000 consumers even had their credit card information stolen in the breach.
The breach also crossed borders into Canada and the UK, with consumers in these countries also losing their personal information to the hackers.
Even worse, details later emerged that the hack could have been prevented if Equifax applied a security patch that was available months before the breach. The patch would have fixed the security vulnerability in Apache’s Strut platform that was running systems at Equifax.
Earlier in the year, Cloudflare, an internet services company, reported a bug in its system that randomly leaked sensitive information into the internet. The leak, which was later called Cloudbleed, was identified in February and potentially affected close to 6 million websites that are hosted on Cloudflare, including OKCupid and Fitbit.
And even though the leak was patched within a couple of hours, the leaked data could be found on search engine results from Google and Bing a few hours later – though Cloudflare worked with these search engines to remove the cached data too.
In the end, the Cloudbleed incident served as an important reminder of risks associated with large internet companies like optimization service providers, web hosting and VPN service providers.
3.) WannaCry Ransomware Attack
In May, the world was treated to a series of ransomware attacks that took hundreds of thousands of computers hostage. Out of these, WannaCry was the most destructive. Hackers used this strain of ransomware to hold large corporations, public utilities, and government institutions across the globe hostage by encrypting their data and denying them access until they paid ransom in the form of Bitcoin.
The powerful ransomware spread quickly, and in just a few days, it had crippled major organizations such as the National Health Service in the UK and the telecom company Telefonica in Spain. Other countries that were affected include Russia, France, Taiwan, Japan, and dozens of other countries around the world.
Like the Equifax breach, hackers leveraged the delayed application of security patches by a software vendor, in this case, Microsoft, to inflict damage. Hackers exploited a security vulnerability within Windows called EternalBlue that could have been fixed by applying a security patch that was already available from Microsoft.
Plus, even though the hackers only managed to net about $130,000 worth of Bitcoin, the incident serves as a practical example of what could happen when organizations overlook cybersecurity protocols.
With 2018 right about the corner, security experts are preparing for fresh rounds of cyber attacks, which seem inevitable at this point as hackers become bolder and better equipped. As more organizations adopt the blockchain, advanced cloud solutions, and other elements of modern networked technologies, it’s highly likely that more sophisticated attacks are in the making.