In Brief
A Year in Cybersecurity
From the mass release of NSA tools to the devastating impact of WannaCry, 2017 has been a tough year for the cybersecurity community. Here we look at some of the biggest incidents to hit this year
January
Banking DoS
While the worst of the year’s cyberattacks were still to come, UK-based Lloyds Bank was hit by a sustained cyberattack in January that was designed to cripple the company’s online services. Taking the form of a Denial of Service attack that came in three-hour bursts over the course of three days, the attack was minor in that although it prevented some customers from logging in, no data was compromised.
February
Cloudflare Bleeds Out
In what was arguably the first major incident of the year, a security bug in internet infrastructure provider Cloudflare’s platform was discovered. Known as Cloudbleed, it resulted in sensitive customer data being randomly leaked, some of which was cached by search engines where it could be easily accessed. Although each snippet was small, the sheer scale of websites using Cloudflare, including major sites such as OKCupid, resulted in the amount of leaked data being vast.
March
Air Force Blunder
In March, security researchers discovered that thousands of sensitive documents from the US Air Force were freely accessible online due to a lack of password protection. The data included the personnel files of senior and high-ranking officials and other highly sensitive information. The data is thought to have been inadvertently exposed by a lieutenant colonel with poor cyber awareness, who had failed to secure a backup hard drive.
April
NSA Tools Released
Near the start of this year hackers were handed the keys to the kingdom when the shady hacking group the Shadow Brokers released a slew of NSA tools, including exploits for Windows. The tools have since been adapted by a host of different hackers, forming the basis of many of the biggest attacks over the following months.
May
WannaCry’s Devastation
In May, perhaps, the biggest ransomware incident of the year hit in the form of WannaCry. Hitting unpatched computers running older versions of Windows, the cryptoworm locked down infected computers, demanding ransom payments for victims in return for regaining access to their files. The attack infected around 200,000 computers across 150 countries, and while the perpetrator hasn’t been formally identified, multiple government agencies have pointed the finger at North Korea.
June
Petya’s Spread
Around a month after WannaCry, the world was rocked by another ransomware attack, known variously as Petya, NotPetya, Nyetya and Goldeneye. The attack disproportionately impacted businesses in one country: 80% of infected computers were in Ukraine, in part due to a believed backdoor in a popular tax program. However, some security researchers believe the ransomware was designed to mask a targeted cyberattack.
US Voters Exposed
In mid-June cybersecurity researcher Chris Vickery announced he had discovered an incredible breach that would in other times have likely been the biggest story of the year. The personal data of 198 million Americans – more or less ever US voter for over a decade – had been left on a misconfigured server by conservative data firm Deep Root Analytics. As a result, the data was openly accessible, meaning criminals could have easily accessed it.
July
Verizon’s Human Error
US telecommunications firm Verizon was in the spotlight in July, after it was discovered that the data of as many as 14 million customers had been leaked online. The breach was the result of human error at a third-party vendor, which had misconfigured a cloud-based file repository leaving names, addresses, account details and personal identification numbers exposed.
August
HBO Held to Ransom
This summer the entertainment industry was rocked by a major attack on HBO, which saw hackers steal 1.5TB of files, including scripts for the hit show Game of Thrones in July, and attempt to hold the company to ransom in August. Over the course of the month, hackers posted data dumps including scripts for upcoming episodes of Thrones in an attempt to extort millions. While the company did offer $250,000 early in the saga as ‘bounty payment’, it refused to comply thereafter.
September
Disaster for Equifax
US consumer credit reporting agency Equifax hit the headlines when it was affected by what is likely to be remembered as the worst cyberattack of the year. The incident saw the exposure of data including social security numbers and driver’s license numbers for over half the US adult population, making it one of the most severe of its kind. The incident was made worse by poor management by Equifax, resulting in plummeting consumer confidence.
Deloitte’s Tables Turn
Multinational accountancy firm Deloitte also had a bad September, after admitting that it had been hit by a cybersecurity attack that was not noticed for several months. The attack impacted the data of a small number of Deloitte’s clients, but the company was keen to stress that no consumer data was affected. The attack did draw criticism, however, as the company provides cybersecurity advice to businesses as part of its support services.
October
Bad Rabbit Bites
October saw the latest iteration of the leaked NSA exploits hit, in the form of ransomware Bad Rabbit. Disguising itself as an Adobe Flash installer, the malware locks down the infected computer and demands $280 in Bitcoin to be paid within 40 hours. At present, however, the attack hasn’t spread far beyond Russia and Ukraine.
PR nightmares: Ten of the worst corporate data breaches
LinkedIn, 2012
Hackers sold name and password info for more than 117 million accounts
Target, 2013
The personal and financial information of 110 million customers was exposed
JP Morgan, 2014
One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers
Sony, 2014
Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un
Hilton Hotels, 2015
Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data
TalkTalk, 2015
The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen
Tesco, 2016
Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts
Swift, 2016
Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve
Chipotle, 2017
Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang
LinkedIn, 2012
Hackers sold name and password info for more than 117 million accounts
Target, 2013
The personal and financial information of 110 million customers was exposed
JP Morgan, 2014
One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers
Sony, 2014
Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un
Hilton Hotels, 2015
Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data
TalkTalk, 2015
The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen
Tesco, 2016
Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts
Swift, 2016
Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve
Chipotle, 2017
Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang
Share
Share this article
