From the spread ransomware attacks to targeted data breaches, this year has seen the number of successful hacks skyrocket as businesses across industries fail to protect themselves and their customers data.
As a result of this increase in malicious traffic, this article takes a look back at 2017 to uncover some of the biggest and most shocking cyber attacks on some of the world’s largest companies.
The year of the hacker
More than any other, 2017 has been the year of the hacker. Cyber security breaches have hit high profile businesses worldwide opening the public eye to the risk that cybercrime poses today. Highlighting the prevalence of these attacks, online security firm – vpnMentor – has created a timeline of 2017’s biggest data hacks on major companies.
The graphic identifies just how widespread a problem this is. The timeline details not only the ten biggest business data hacks that took place this year, but also the hacker or malware responsible and the steps the companies have taken to resolve the problem.
Rage against the machine
Covering every industry from UK healthcare through to US national security, the graphic is an inventory of 2017’s most malicious hackers and means of assault.
1. The CIA – Despite being dedicated to securing America’s safety from overseas threats, the CIA themselves fell victim to a cyber attack, with many confidential documents being released on WikiLeaks. They were subsequently criticised for withholding information that could improve the public’s digital security.
2. Cellebrite – Cellebrite is a company that produces devices that can pull personal data from mobile phones for military and government use. However, the company fell victim to their own game when their external web server was hacked and 900GB of customer information and technical product data was taken.
3. NHS – Though not targeted specifically at the NHS, the WannaCry Ransomware most notably struck the UK health service, preventing workers from accessing their computers and delaying vital medical procedures. Fortunately, a flaw in its mechanism allowed experts to create a kill switch.
4. After WannaCry the previous month, a strain of the Petya ransomware was spread to a number of businesses across the world demanding a BitCoin payment for access to the computers attacked. Unlike WannaCry, NotPetya tries to spread through internal systems once it takes hold of an administrator, but does not try to seed itself externally – which limited its spread.
5. Deloitte – Embarrassingly for the accounting firm who pride themselves on their Cyber Intelligence Centre, Deloitte fell victim to a cyber attack in March. Poor cyber security practices gave way to the breach, as only one password was required to access the administrator account, and subsequently the company’s internal email system.
6. The City of Dallas – Hackers waited until an emergency test signal was sent out to activate local sirens and recorded the signal. They then played it back at a later date and set off every one of the 156 outdoor emergency sirens in the city for multiple hours.
7. Virgin America – In a letter to employees, airline Virgin America revealed that a hacker had successfully entered their corporate network gaining access to login information and passwords used by employees to access the network. A spokesperson from the company confirmed that 3,120 employees had their logins compromised while an additional 110 employees may have had personal information stolen. This data included addresses, government-issued IDs, social security numbers and health information.
8. Verifone – Credit and debit card payments company Verifone experienced a cyber security breach affecting internal systems. The company’s security team noticed evidence that there had been access to their internal corporate network, though the cyber attempt was limited to controllers at approximately two dozen gas stations and no other merchants were targeted. The company believes the duration of the attack was short and are yet to see any evidence of the data being misused. It is currently unclear what data was breached.
9. Dozens of universities and US Federal Agencies, including Oxford, Cambridge and NYU – A Russian hacker targeted over 60 UK and US educational and government institutions, taking advantage of poorly programmed web applications and third-party software to commence an SQL Injection attack.
The attack leaves the systems vulnerable if the hacker responsible decides to sell on the access to their private data and potentially sensitive government records.
10. Interfax – Russian media outlet Interfax, among other outlets across the globe, was targeted by a ransomware named BadRabbit. The self-propagating ransomware appears to have been spread through fake Flash updates from watering hole attacks on popular domains.
Cyber security experts Kaspersky said there were around 200 targets of the attack which demands a Bitcoin payment in exchange for the release of hostage files. BadRabbit (ransomware) was the malware responsible, it is unknown who is behind the attack. Kasperky released some tips to avoid the spread of BadRabbit, including avoiding certain files from executing and limiting the number of administrators on a network.
N.B. Information Age also believes the Equifax data breach in 2017 should get a special mention