The 3 Biggest Security Hacks of 2017: Is Your Data Safe?
As technology changes, so do the type of threats to data stored online. Unfortunately, 2017 has been a banner year for security hacks and breaches. As we enter the final quarter of the year, it helps to review the unexpected attacks that have caused individuals, companies and public institutions so much grief this year and evaluate if our security is up to the challenge.
Equifax Data Breach
Potentially the hack with the furthest reach, the Equifax data breach, exposed the personal information of as many as 143 million customers. Even people who have never worked with Equifax directly were affected, as the company is one of the three big powerhouses for credit checks and score information.
Attackers used a flaw on the company’s website to gain access to all of the information included on a credit application or report. This includes individual and business names, addresses, social security numbers, and birth dates. In cases where the company had previously reached out to customers for additional information, even drivers’ license data was at risk.
The exploit was patched quickly, but the damage had already been done, as access began in May and the error was reported in late June of this year. Top security organizations, including cybersecurity solutions provider Bitdefender, warned customers about the breach and how they can secure their own websites to prevent similar attacks.
Ransomware attacks seize computers and require a payment to the virus designer to unlock the devices. The number of ransomware attacks was up 300 percent last year, according to Bitdefender, and one of the biggest attacks of the year used the WannaCry ransomware to a startling effect.
WannaCry used an exploit identified but unreported by the United States National Security Agency to infect over 200,000 computers. Major corporations were the primary target of this ransomware, and the attackers demanded payment in Bitcoin cryptocurrency. Due to its worm nature, the ransomware cryptoworm replicated itself on both internal systems and anything it could reach online, expanding very quickly once released.
Many companies rely on cybersolutions like Bitdefender’s anti-ransomware tool to prevent unwanted encryption of files and stop many ransomware attacks even if the software infects a system. This provides an effective defense against the majority of ransomware attacks, giving companies an added peace of mind that they won’t lose business or be forced to pay attackers.
Rasputin SQL Injection
A lone hacker supposedly from Russia, lies at the heart of the third top hack of 2017. The hacker, dubbed Rasputin, used SQL injections to access and manipulate or download files from top universities and government institutions in the United States and the United Kingdom. Some of the attacks targeted Cornell, New York and Purdue Universities, along with the Universities of Cambridge, Oxford and Edinburgh.
Even HIPAA-protected patient information was at risk as Rasputin hacked into the United States Health Resources and Services Administration, the Department of Housing and Urban Development and the National Oceanic and Atmospheric Administration. Security officials believe Rasputin sells stolen data to interested parties who are primarily located in the Middle East. SQLi remains one of the top methods of compromising systems, used by both new hackers and the elite alike, due to the prevalence of relatively unprotected or poorly designed systems.
They are also one of the easiest attacks to prevent, but larger institutions with multiple points of access may have to entirely rework login pages, feedback forms and other areas where users can share information with computer systems, making it a costly endeavor for many organizations. Smaller companies may only need to update firmware on key systems, as developers are usually responsible for keeping applications safe from SQLi, but mixing and maxing security or application providers can introduce more problem areas over time.
The wide-range nature of many of this year’s top attacks proves that everyone is at risk. East Coast Polytechnic Institute notes that cyberattacks may actually be harder on small businesses, preventing access to key systems and possibly preventing operations entirely. Businesses of all sizes must spend considerable resources to recover and appropriately notify customers or address concerns, further increasing the costs associated with hacks. Preventive care, including real-time monitoring against intrusion, is typically the most cost-effective method of thwarting the myriad of hacks out there.
Learn about the Cloudbleed cyberattack.
We hope you like our posts, promoted or not. Since the above is promoted, it’s extra special!