It was the year nothing seemed safe.
Bombshell hacks were revealed one after another in 2017, from an Equifax breach that compromised almost half the country to global ransom campaigns that cost companies millions of dollars.
The cyber attacks highlighted the alarming vulnerability of our personal information.
More tools used by government hackers have become public, and it’s easier than ever to create sophisticated ways to spread malware or ransomware or steal data from companies. Companies also frequently fail to patch security flaws in a timely manner.
And there's more to come.
“As we do more and more of our business online, and as criminals realize the value of the data that organizations are protecting, we are seeing more big-name breaches, more high-profile breaches,” says Mark Nunnikhoven, vice president of cloud research at the security company Trend Micro. Mr Nunnikhoven was quoted on CNN.
In particular, ransomware – when hackers demand money to unlock files – is becoming more common.
An analysis from anti-virus software firm Bitdefender found ransomware payments hit $2 billion in 2017, twice as much as in 2016. Meanwhile, Trend Micro predicts global losses from another growing trend, compromised business email scams, will exceed $9 billion next year, the news channel reported.
Here’s a look back at the major hacks of 2017.
In July last year, a group of hackers penetrated Equifax, one of the largest credit bureaus in the world, and stole personal data of 145 million people.
The Equifax breach is considered one of the worst incidents of hacking ever because of the sensitivity of information stolen (which included credit card numbers, birthday details, social security numbers). The information could easily be used for identity theft or misrepresentation.
The company drew a lot of flak after it took two months to reveal that a breach had taken place.
The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details.
The most infamous ransomware attack of 2017 was a strain of ransomware called WannaCry that spread all over the globe.
The ransomware targeted numerous public utilities and large corporations, most notably National Health Service hospitals and facilities in the United Kingdom, hobbling emergency rooms, delaying vital medical procedures, and creating chaos for many British patients.
Though the origin of WannaCry is not yet known, the US government has blamed the Kim Jong-un-led North Korean government for initiating the attack.
NotPetya was seeded to victims through a hacked version of a major accounting program widely used in Ukraine. It still took out companies far and wide, from shipping firm Maersk to pharmaceutical company Merck – multinationals whose internal networks were large enough that the infection could travel quite far from Ukraine.
NotPetya had another oddity: it didn’t actually seem created to make money. The “ransomware” was coded in such a way that, even if users did pay up, their data could never be recovered. “I am willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” UC Berkley academic Nicholas Weaver told the infosec blog Krebs on Security.
Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised.
Once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.
The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany.
It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.
This anonymous group of hackers first surfaced in August 2016 when they breached the spy tools of a National Security Agency (NSA)-led program known as the Equation Group, MoneyControl reported.
However, the group’s most impactful release came in April 2017 – a trove of NSA tools, including a windows defect called EternalBlue (NotPetya and WannaCry hackers have since exploited this defect to infect targets with ransomware). The tools were auctioned off on the dark web.
This one happened closer home than the others. Zomato, which is one of the largest restaurant aggregators in India, was hacked and some of its user accounts were being sold on the dark web.
A post on a blog called Hackread cited how accounts of 17 million users were being sold on the dark web. The vendor had also shared a trove of sample data to prove that the data is legitimate.
Luckily, as Zomato stores its users’ payment details at a separate location, none of the users encountered a financial loss.
Expect even more of this in 2018.
Mr Nunnikhoven predicts attacks on the Internet of Things will keep hitting industries including airlines, manufacturing and cars as they rely more on so-called smart technology.