As expected, bombshell hacks were revealed one after another in 2017. From the devastating Equifax breach to the dozens of ransomware campaigns, these cyber-attacks highlight the increased vulnerability of our personal information.
Let’s highlight the some of the biggest security incidents of 2017, starting with the notorious Equifax breach.
The Equifax hack is one of the largest breaches of consumer private financial data in history, with details leaked on over 145 million consumers and access to the credit card details on 209,000 consumers. Hackers were able to exploit a security vulnerability at Equifax two months after an industry group discovered the coding flaw and offered a solution for it. The CSO and CIO of Equifax announced their retirements following the breach, many believing they were forced as a result of ignoring the vital security patch 2 months prior to the attack.
Back in August Yahoo admitted that every single Yahoo account, 3 billion in total, were affected by the 2013 data breach. It was originally believed that 1 billion accounts were hacked, but further investigation concluded differently.
Leaked Government Tools
A hacking group called the Shadow Brokers leaked a slew of hacking tools widely believed to belong to the NSA. These tools include exploits like Eternal Blue, an exploit of Microsoft Windows that attacks SMB file sharing services. These tools were subsequently used in some of this year’s biggest cyber-attacks, including the WannaCry ransomware attack.
The notorious WannaCry attack infected over 300,000 machines in more than 150 countries. This attack was made possible by a flaw in Microsoft Windows, which was originally discovered by the NSA and then used to build a hacking tool for its own use. The US just recently publicly announced that the attack was carried out by North Korea, but North Korea has admittedly denied responsibility for the attack.
The NotPetya malware outbreak impacted tens of thousands of individuals across over 65 different countries, targeting huge organizations like Ukraine’s central bank, WPP, DLA Piper, and Maersk. It was originally believed that NotPetya was a piece of ransomware, but with closer analysis, researchers were able to conclude that NotPetya was actually a wiper. The attack cost FedEx over $300 million in losses, with its subsidiary, TNT, left to suspend business.
In 2016, hackers stole data on 57 million Uber customers and Uber ended up paying the hackers $100,000 in hush money to cover it up. The breach was finally made public in November and the reaction has been intense. Jail time for concealing a data breach has been proposed by US Senate Democrats under the Data Security and Breach Notification Act and consumers have looked to other ride-hailing services that will better protect their information and know how to admit when they are wrong.
Read the article on CNN