History is just a repetition in a new way. If we look at the basic things, for example when people carried money in the pouch it was a pouch that was targeted, when banking systems were implemented it was banks that were targeted. Now when all data is connected it is the internet that is targeted.
Creators of such a great idea like the internet that can bring together people from all around globe never have thought of such a security dilemma.
In 2015, the global damage costs because of varied ransomware attacks stood at $325 million. By the end of 2017, they are expected to surpass $5 billion. Ransomware episodes are growing at an annual rate of 350 percent. A written report by Cybersecurity Ventures predicts that cybercrime will cost the world over $6 trillion each year by 2021, which makes it more profitable than the global trade of all major unlawful drugs combined. Cybersecurity spending will correspondingly amount to $1 trillion over another four years.
In the first half of 2017, 1.9 billion data records were either stolen or lost through 918 cyber-attacks. Most of the episodes used ransomware, a malware that infects computers and restricts access to files in exchange for a ransom. There were also several more malicious cyber-attacks that demolished data or stole the huge amount of money. Included in this, a few stick out for the fear they pass on by revealing serious security vulnerabilities and blatant individual oversight. Here are some of the most severe cyber breaches of 2017:
WannaCry was a worldwide ransomware attack that targeted thousands of computer systems in over 150 countries. The ransomware encrypted the hard drive contents of infected computers and the WannaCry perpetrators then demanded payment in Bitcoin to unlock them. WannaCry is considered among the worst cyber episodes of its kind not only because of its widespread impact but also the reason behind its working. What worried the cybersecurity community the most was that the malware exploited a vulnerability in the Microsoft Windows operating system using a code which has been developed by the United States “National Security Agency”. This code, called EternalBlue, was then taken and leaked to the world by a group called TheShadowBrokers. Despite Microsoft having patched the zero-day vulnerability a few weeks prior to the WannaCry strike, several systems hadn’t been updated and were thus still left available to the ransomware.
In July 2017, a malware that at first seemed very similar to a 2016 ransomware called Petya began growing across computers around the world, with infection sites
Focused around Ukraine. But while Petya was a ransomware which demanded payment for unlocking the encrypted hard disks of infected systems, NotPetya was something significantly worse. Not only was it not really a ransomware, it encrypted all the files in a contaminated system, causing irreparable damage to its hard disks.
Through the use of NSA-developed Windows vulnerabilities EternalBlue and EternalRomance, NotPetya could spread from one computer to another without the need for human intervention (such as downloading it from a spam email, starting it, or giving it admin permissions). Because of its epicentre in Ukraine, NotPetya has been touted as a state-sponsored cyber assault orchestrated by Russia, which includes been in conflict using its neighbouring country since the job of Crimea in 2014.
US-based Equifax is one of the biggest credit reporting firms in the world that collects and aggregates information from over 800 million individuals. In this year September, the business made a startling announcement that a massive breach of its security got compromised the information of 143 million customers. July exploiting website software vulnerabilities in a tool called Apache Struts from May t, hackers acquired Public Security quantities, driver’s license amounts, addresses, credit cards quantities, and other information you can use to perpetrate identification theft.
’Equifax’s response to the breach which affected individuals in America, Canada, and the United Kingdom was dismal, to state the least. What’s more, it was later exposed that the business understood the vulnerability beforehand and failed to put into action a security fix regularly.
MongoDB can be an open-source NoSQL database programme that has been the main topic of several different cyber-attacks this season. By exploiting a vulnerability in unsecured MongoDB installs, several hackers contaminated over 27,000 of (December 2016 to the first week of January 2017) systems with ransomware from the last week. MongoDB promptly submitted an advisory about how users can take security procedures to avoid such ransomware episodes. Despite this, September saw a resurgence of the cyber-attacks, and this time 26,000 MongoDB directories were destroyed by three groups of hackers. Exactly like in the first assault, the hackers demanded payment by means of bitcoins in return for the data their victims got lost.
In January 2017, mere times following the cybersecurity was shaken by the MongoDB ransomware attacks community, similar attacks were completed against Elasticsearch users. Thousands of Elasticsearch servers were infected with ransomware that wiped data indices and demanded a Bitcoin payment in substitution for the info. Elasticsearch is a favourite, open-source Lucene-based search engine library used by sites like Sound Cloud, Wikipedia, and Pandora. Several users, especially those deploying it on Amazon Web Services (AWS), were unaware that Elasticsearch situations are open to cyber episodes unless certain security methods are taken. Experienced programmers have been aware of this, a ransomware strike of this magnitude could never have been perpetrated.
Cloudbleed was the name of a security bug uncovered in Feb 2017 in the change proxies generated by popular website performance and security as a service provider Cloud Flare. Exploiting a glitch that caused Cloud Flare’s servers to return extra data in response to website demands, the bug leaked delicate data of affected users, including passwords, authentication tokens, and more. Found out by the team at ’Googles Task Zero, the bug leaked potentially harming information for almost six months – from Sept 2016 to February 2017 – before its discovery. Major Cloud Flare users such as Uber, dating system OKCupid, and fitness program Fitbit were affected, although the precise level of the harm is unclear.
On May 18, 2017, Indian restaurant delivery and search service, Zomato revealed that it turned out the victim of a bad substantial cyber-attack. Within a blog post, the ongoing service uncovered that 17 million consumer records have been taken from its database, making it the 6th largest data breach in the first half of 2017, according to a report by digital security firm Gemalto. Consumer email passwords and ids were stolen by code hackers. However, as Zomato stores payment related information a separate secure location, no credit or payment cards data was stolen. Zomato encouraged its users to change their passwords promptly rumours also surfaced of an online user heading by the name of “nclay” claiming responsibility for the strike and selling data from the breach on a Dark Web marketplace.
HBO hack/Game of Thrones leaks
In another of the most high-profile cybersecurity attacks of 2017 perhaps, popular television network HBO was hacked in late July by a group of hackers. The group stated to have taken roughly 1. 5 terabytes of information from the company, including scripts and shows of popular TV show Game of Thrones. After demanding money for the return of the data initially, the hackers eventually posted the shows on torrenting websites like The Pirate Bay. This strike was implemented a few weeks later by another high-profile assault on HBO’s sociable press channels, with well-known group Our Mine taking over the brand’s Twitter and Facebook feeds for short periods of time.
Cryptocurrency prices scaled new heights this full season, which only made their unlawful acquisition that a lot more tempting to certain crooks. While there have been several cryptocurrency heists in 2017, both biggest ones involve Ether, a currency on the blockchain based app platform Ethereum.
In the beginning, a hacker targeted Coin Dash’s Initial Coin Offering in which the company was selling its own tokens in exchange for Ether. By changing the pocket address on the company’s website to their own, the hacker made off with $7.4 million in the 3 minutes before Coin Dash discovered the breach and turn off the event. Even following the ICO was compromised and the news of it revealed, several investors, continuing to send Ether to the finances, which took the total reduction in theft to around $10 million. Mere days following this, $30 million well worth of others were stolen from users of the Parity finances.
From these major cyber breaches apart, 2017 also found revelations from two big companies – Uber and Yahoo – of older devastating cyberattacks. Uber arrived under a great deal of open fire after revealing it had deliberately protected up to a massive cybersecurity breach in Oct 2016 that found 57 million user records being taken. The ongoing company covered up hushed up the entire debacle, including paying $100,000 to the hackers. In another shocking piece of information, Yahoo uncovered that each single accounts in its database (all 3 billion of these) had been compromised in the 2013 security breach on the platform, which makes it one of the largest cyber-attacks ever sold.
Due to the evolving nature of cyber-attacks, today anybody could be at risk, especially tech-based start-ups that rely heavily on technology that might be exploited for harm.
If we have missed any other cyber attacks, Comment them.
Share it with your friends so that they will be informed.