Some Of The Major Cyber-Attacks Of 2017
This year many cyber-attacks made news, here a list of the biggest cyber-attacks of 2017
WannaCry was a ransomware attack that spread rapidly in May of 2017. It infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them.
An system weakness (exploit) discovered by the NSA, called “EternalBlue” was the one used by the WannaCry Trojan and it took advantage of a vulnerability in the Microsoft Windows operative system. Later a group of hackers called Shadow Brokers released the details of the exploit to the public. Microsoft had already patched the vulnerability, but many systems hadn’t upgraded. Microsoft regrets the fact that the U.S. government had built a weapon to exploit the vulnerability rather than share information about the hole with the InfoSec community.
Petya is just another ransomware that prevents Windows from booting and subsequently demands that the user make a payment in Bitcoin in order to regain access to the system. It started circulating in 2016 via infected e-mail attachments (phishing, spam).
Then, in June of 2017, a much more virulent version of the malware started spreading. It was used for a global cyber-attack, primarily targeting Ukraine. The new variant propagates via the “Eternal Blue” exploit. Kaspersky Lab referred to this new version as NotPetya to differentiate it from the 2016 version. Although it purports to be ransomware, this variant was modified so it is unable to actually revert its own changes.
3. The Equifax Hack.
Is a consumer credit reporting agency that collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In July of 2017 was announced that “criminals exploited a U.S. website application vulnerability to gain access to certain files, due this data breach, the personal information of more than 143 million consumers was exposed, getting personal information like names, birth dates and social security numbers, among other sensitive data. The Equifax breach is particularly bad because they had already been told about the fix, it needed to be implemented in a tool called Apache Struts that they use, but they failed to do so fully in a timely manner.
An ethereum-based company has suffered an attack that resulted in more than $156 million in digital currency being frozen and inaccessible. The company manages a network of digital wallets which hold tokens that can be sold as needed by their owners and turned into cash. This crypto currency is called ethereum.
A “user” managed to access a smart contract, an ethereum blockchain feature that acts as a binding and immutable record of a transaction. By breaching the wallet, the hacker became its owner. The hacker then wiped out the smart contract underlying the wallet, which affected other wallets. The company claims the funds remain in the wallets, though frozen.
5. Emails data breach from Yahoo.
3 billion Yahoo email addresses where affected, in the data breach of 2013. This data breach only became clear until October of 2017. The hacking exposed user account information, including names, email addresses, telephone numbers, dates of births, hashed passwords, and, in some cases, “encrypted or unencrypted security questions and answers,” this is what Yahoo said in 2016. This information was encrypted using outdated, easy-to-crack techniques, which is the kind of information attackers can use to breach other accounts.
The recent announcement by Yahoo makes it clear that if you had an email account on Yahoo, you were part of the data breach.
Yahoo notified to the affected account holders, asking them to change their passwords immediately, and assuring them that the stolen data “did not include passwords in clear text, payment card data, or bank account information.”
So if you have a Yahoo account and you did not change your password, you should now change your passwords immediately and enable two-factor authentication (2FA). And, if you are using the same answers to security questions, you should change them too.
Some other cyber-attacks of this year
·Freedom Hosting II, a dark web hosting service, had its database of users hacked and exposed.
·The Cloudflare content delivery service accidentally leaked sensitive information about users of its customers’ sites.
·Hackers leaked internal emails from the campaign of French presidential candidate Emmanuel Macron just days before the election.
·Some downloads of Handbrake, a popular macOS program for converting video files, were infiltrated with malware
·Nissan New York says it has been the victim of a data breach that has exposed the personal financial information of 1.13 million customers of its vehicle-financing arm.
Cyber attackers are finding different ways to take advantage of system vulnerabilities, human error or technology failures, to steal and expose critical information. Having proactive protection of your systems and your customer’s information is vital.
Using Artificial Intelligence (AI) to discover suspicious sites, have a managed Backup that will keep safe and sound your files, a superior managed Antivirus and patching is what really can help you avoid the data breaches and be prepare to face any attack.
All this is easy and affordable for small business with our help.
Get some help now from our experts through a free Cyber Security audit of your business.