It wouldn’t be wrong to call 2017 the year of cyber-security disasters. Hacks, breaches, and ransomware have been a common occurrence. These cyber-security disasters were brought upon us by rogue groups, some of them against the common public, others against state agencies. Some have even been linked with the state against big enterprises and even the common man!
Some of the major attacks which gained notoriety are the WannaCry ransomware followed by another ransomware attack named Petya. WikiLeaks also dumped a load of information about the CIA in a major hack, French President Emanuel Macron’s party’s emails were leaked during his election campaign and a group named Shadow Brokers hacked into the NSA. If this wasn’t enough, 198 million US voter information was hacked! Similarly, the Whole Foods Market and Equifax were hacked to gain customer information.
Some details regarding these attacks are given below:
WannaCry
The WannaCry attack is probably the most famous ransomware attack so far in this year throughout the world. It mainly targeted large companies, services, and utility providers but the common man was no exception. Hospitals related to the National Health Service UK were rendered crippled. It was utter chaos for patients all over the UK.
This ransomware spread a wave of fear the world over and people started seriously questioning how safe they were online. Attributed by US officials to the North Korean government, there is no proof where it came from or who is behind it. But compared to the hue and cry it generated, this ransomware attack could not cause as much damage or make as much money. The reason basically was a flaw in the malware. Due to this flaw, the malware could be rendered ineffective and stopped from spreading thanks to security experts who found a way to stop its attack.
A shady group called Shadow Brokers in a hack revealed a weak spot in Windows. This weakness was exploited by the people behind the WannaCry attack.
Shadow Brokers
This is the group held responsible for the breach in NSA. Data, tools, and information were hacked and leaked. Information in one of these leaks led to subsequent ransomware attacks as outlined above by the name of WannaCry.
It is yet unknown as to who is behind this group. They first surfaced in 2016 and have been involved in some high-level cyber-security breaches.
Petya
This ransomware attack too benefitted from the information leaked by the Shadow Brokers. More advanced than the WannaCry attack, the Petya attack hit many big corporations and organizations around the globe. Although its payment system was highly flawed, it wreaked havoc on its targets. Especially notable are its effects on Ukraine. It seemed like a targeted attack on the country. Infrastructure was badly affected including the country’s central bank.
WikiLeaks – CIA Vault 7
WikiLeaks is an international non-profit organization that publishes secret information, news leaks, and classified media provided by anonymous sources. It publishes hacked information from various sources every now and then. The most recent WikiLeaks dump was named ‘Vault 7’ and contained stolen data from the CIA.
The leaks revealed among other things how some smart devices can be turned into listening devices, weaknesses and vulnerabilities in Windows, Android, and iOS systems, tracking the location of individuals through Wi-Fi and more. Mainly it reveals how government agencies are developing more and more sophisticated tools and software to spy on people.
These revelations are quite disturbing. Not only because they violate a person’s privacy but also because these developments pose risks to people in the event of these tools falling into the wrong hands.
Election Campaigns Hit by Hacks and Leaks
Not only was the Hillary Clinton campaign hit by hacked emails and damaging leaks, the French Presidential campaign was also attacked. Emmanuel Macron, now the president of France, faced a more or less similar situation when his party’s emails were hacked and leaked two days before the election. It was stated by the party that everything in the leaks wasn’t true or related to the party and it was all staged to affect the election campaign negatively. This attack did not affect Macron’s campaign as badly as Clinton’s.
When it comes to elections and election campaigns, a notable breach in 2017 is the voters’ records breach. About 198 million voter records were exposed. Although it wasn’t a breach per se, a researcher discovered that the voter data was available online and could be accessed publicly all because of a misconfiguration by the company hosting the data online. Although the company, Deep Root Analytics, claimed that the data had not been accessed by anyone other than that researcher, it is always possible that somebody could or already have discovered it. And in the wrong hands, this information could pose multi-faceted risks to so many individuals.
Whole Foods Market
Hacking point-of-sale-systems for customer credit card information is not uncommon. Many such breaches on a small scale keep occurring every now and then. Restaurants such as Wendy’s, Sonic and Chipotle are just a few examples of hackers attacking food chains and restaurants for acquiring access to customer credit and debit card information.
The Whole Foods Market, recently acquired by Amazon, was the target of such an attack. The hackers gained access to customer credit card information. How many customers might have been targeted is yet unknown but the company is reported to have taken action and addressing the issue. Cyber-security experts and law enforcement officials have been taken on board to investigate and address the issue.
Equifax
The most high-profile data breach in history occurred this year at the credit reporting bureau, Equifax. Almost 143 million people have been affected. Highly personal data of individuals is now at the mercy of the hackers. Not just stolen credit cards, this hack is about identity theft and is a huge concern for the people affected.
Equifax has not exactly revealed who has been affected by this breach. It did not even notify the individuals. But concerns are rising and has left millions vulnerable. Although Equifax has taken some measures and has launched a program to protect those who might have been affected, there are other things people who think are exposed are doing. Checking your credit reports is the first thing to do.
Thoroughly check all your credit reports for fishy activities, things that might be popping up that you did not initiate such as opening bank accounts or taking a loan. Report it in a timely manner so that authorities can take timely action to save you from further trouble. Freeze your credit or set up a fraud alert or do both in order to protect yourself from identity theft related issues that might follow this breach.
HBO
The most popular breach this year should be the HBO data hack. The entertainment firm’s accounts including its Facebook and Twitter accounts were hacked. The group called OurMine took responsibility for the attack and posted several messages from the hacked accounts.
Company data and HBO shows scripts were accessed and even leaked on the internet. Many episodes from the popular show Game of Thrones were leaked online. Un-broadcast episodes of some other shows were also leaked. OurMine is the same group that hacked high profile twitter accounts last year including Mark Zuckerberg and Sundar Pichai’s accounts.
E-Sports Entertainment Association (ESEA)
ESEA is one of the largest video gaming communities. It too suffered an attack from hackers earlier this year. When the breach was discovered, players were given a warning regarding the attack. The stolen data included private information of the players. It could not be ascertained how many people were affected but the stolen data included phone numbers, email addresses, date of birth and city and state information among other things which can all be used to the detriment of the players.
America’s JobLink Breach
America’s JobLink is an online platform that connects employers and job seekers. It is used in ten states in the United States. Due to a code misconfiguration, a hacker was able to get into the system and access personal information of 4.8 million job seekers. Breached data included social security numbers of the individuals who were exposed to the attack.
Although the misconfiguration has since been eliminated, millions of people who had an account on the system before this fix are vulnerable and their personal information compromised.
UNC Health Care
The University of North Carolina Health Care System too warned patients of a breach earlier this year. Any patients between 2014 and 2017 may have had their personal information compromised including social security numbers, addresses, and health-related information.
Gmail
Although this attack was curbed in a record one hour by Google security experts, it still may have affected millions of users. The attackers sent emails to Google users and made them look like emails from contacts you trust. The emails prompted the users to open a Google Doc. Once clicked, it landed users on Google’s security page and asked users to allow an app to manage their accounts thus gaining access to their accounts.
The incidence of cyber-attacks will rise with time. Although many government agencies are working actively to curb this plague and cyber-security experts are on the look-out at all times, these attacks cannot be effectively and completely eradicated. The vulnerability is on the rise because of our increasing dependence on technology. More and more services and businesses are relying on technology for streamlining their processes. But with this comes the risk of cyber-attacks. Availability of a service online makes our life easier without a doubt. But it also makes it equally easy for criminals to gain access to our personal information.
Many services gathering information of users may help with better service provision to its users but this data storage also puts users in danger of a cyber-attack. Hackers can then manipulate and use the data to their discretion and potentially harm individuals. With the advancement in technology and the introduction of the Internet of Things, these vulnerabilities and risks have increased.
Machine-to-machine communication gives hackers the leverage to destroy infrastructures such as transport, power generation, and other utilities of any city or a whole country in seconds. The hacking of infrastructure in Ukraine is an eye opener for all of us. Therefore, with increased dependence on advanced technology and the internet, enhanced security is also required.
Cyber-crime attacks not only result in losses to the economy, they create an air of mistrust regarding the use of advanced technology. Rather than feeling comfortable, people view technology as a threat and a risk to personal security and safety. Other than that, the disruption in operations of important services creates chaos and a sense of constant fear. It may also endanger people who are in urgent need of the services in case of an emergency.
The need of the hour is to set some standards and best practices for all organizations across the world in order to manage the situation in the event of a cyber-security attack. Last year, United States National Institute of Standards and Technology (NIST) devised and issued a Framework for ensuring the security of critical infrastructure in the wake of a cyber-attack.
Critical infrastructure includes energy supply networks, telecommunications, retail facilities, and financial services. These measures need to be taken all around the globe because we are living in the age of the internet and no organization anywhere in the world is safe from an attack if it uses the internet for running and providing facilities to its users. Anyone sitting in one part of the world can launch an attack with a single click on an organization operating in another part of the world.
Embracing technology comes with its downsides. Therefore, in order to get the full benefit out of emerging technology advancements, the downsides need to be addressed pro-actively before-hand. Cyber-security is an important issue. Security measures should be in place to tackle the situation in the event of a cyber-security breach. And maximum efforts must be employed in order to protect the sensitive personal information of users and customers.