Five of the worst cybersecurity disasters of 2017…so far
Until the ball drops, the fat lady sings and resolutions officially begin it isn’t actually possible to compile a list of the worst cybersecurity mishaps of 2017. With the way this year has gone, as long as there is more than one literal minute left in the year, there’s still a risk of something worse occurring.
While these disasters are bad for governments, businesses, organizations of all types, individuals and the economy, the good news is they do make for interesting lists. Without further ado, then, here are five of the worst cybersecurity disasters of the portion of the year that has already passed.
The WannaCry ransomware attack in May is arguably the best known of 2017’s cyberattacks, mostly because it affected over 300,000 computers around the world, locking up files and holding them hostage for ransom demands generally ranging between $300 and $600.
It was bad enough that his malware was able to infect so many computers, but it also complicated operations for major enterprises like FedEx and Nissan, affected state-run organizations including the US’s Department of Homeland Security, and even delayed medical procedures in the United Kingdom when it impacted at least 16 organizations in the National Health Service. The malware reportedly originated with a group connected to the North Korean government.
A vote for password protection
With all the hoopla surrounding cyberattacks and alleged tampering in regards to the US election in 2016, you might think the firms storing the personal information of nearly every American voter going back ten years would be extra careful when it comes to protecting that information. Here we are, however.
A marketing firm hired by the Republican National Committee instead put that data on an Amazon cloud server that was publicly accessible and then neglected to do even the bare minimum of protecting it with a password. Just like that, the home addresses, phone numbers and birth dates of 198 million people were readily accessible. In some cases, religion, political view and ethnicity information was also available.
The Equifax facts of the matter
Already being called one of the worst data breaches of all time, the data breach inflicted on credit reporting firm Equifax compromised the sensitive information of 143 million Americans, including names, social security numbers, addresses, birth dates and driver’s licenses. A total of 209,000 credit card numbers were also exposed, and the information of residents of Canada and the United Kingdom were also affected.
For many businesses and organizations, nothing chills the spine quite like the idea of a data breach. While Equifax is living out a worst case scenario, plenty of other organizations have already joined them in their nightmare, or will before the year is up, as 2017 is expected to be the worst year for data breaches on record.
Cryptocurrency bank robbery
It used to be that bank robbers used to have to go barging into an actual brick and mortar bank wearing masks and waving guns in order to get a sack filled with money. These days it’s a lot less effort for a lot more money, as cybercriminals targeting financial institutions and cryptocurrencies have found.
It was a cruel summer for three companies with Ethereum cryptocurrency wallets when an unknown hacker managed to steal 153,000 units of Ether from them. This would be bad enough if the conversion rate were one unit to one US dollar, but at the time of the theft those 153,000 units were worth approximately $32 million USD. The hack was made possible by a critical vulnerability in the Ethereum wallet software developed by contract coding company Parity.
In not-all-hackers-are-bad news, white hat hackers used the same vulnerability to swipe $75 million worth of Ether from wallets and place it in secure holding accounts in order to protect it from active black hat hackers.
The dark web goes dark
This one probably shouldn’t be filed under disaster, but it’s a massive cyberattack and data breach nonetheless. In February a dark web hosting provider called Freedom Hosting II was targeted by an anonymous hacker, taking around 20% of the dark web down which amounts to over 10,000 websites. The hacker also copied the hosting provider’s files and dumped the database.
The dark web is a portion of the internet that can only be accessed using specialized software. It is home to much of the criminal activity that occurs on the internet, including black markets, hackers for hire, and child pornography. The hacker claimed to have targeted Freedom Hosting II because he or she found that the provider hosted many child pornography websites. The hacker indicated he or she would be turning user data over to a security researcher, who would then turn it over to law enforcement.
A year in review
To summarize, ransomware is making its mark globally, hacking groups are working on behalf of nation states, major organizations are so lacking in cybersecurity professionals they’re failing to protect the data of hundreds of millions of people in the most basic of ways, data breaches are worse than ever, tens of millions of dollars in cryptocurrency can be stolen in minutes, and cybercriminals are even taking aim at other criminals. Though, again, there are many people who are not at all sad about that last point.
All in all we are living and computing in a state of cyberinsecurity, one where many businesses, organizations and even governments are failing to adequately protect against the ever-growing scourge of online threats. But hey, there’s still a little time left in the year. Let’s see how it all plays out.