If 2016 was a watershed year for cyber security, then 2017 is the year where cyber security crossed the Rubicon. Our list of the biggest cyber attacks of 2017 were varies in scope and scale. Phishing attacks continued to evolve, spam email was resurgent, zero-day attacks were weaponized at a mass scale, and the public’s sense of data security reached an all-time low as Equifax, the agency that is entrusted to protect individual identities and mitigate credit risks, became the source of those same vulnerabilities.
While massive attacks garner all the headlines, spam, phishing, targeted phishing, business email compromise, ransomware and malicious URLs and Attachments continue to plague consumers and the businesses that employ them. While major companies get the lion’s share public attention, cyber security risks are increasingly striking closer to home.
For instance, the use of malicious URLs linking to hosted malware increased by 2200% between Q3 2016 and Q3 2017, with 64% of that malware coming in the form of ransomware and another 24% coming in the form of banking Trojans meant to steal online banking credentials. This is particularly concerning as 1 in 14 users are tricked into clicking on a malicious link or opening a malicious attachment, a quarter of which were tricked more than once.
So, it’s not only the increasingly prominent heights that cyberattacks are reaching that should cause alarm, but also the breadth of businesses and users that are affected. While large attacks should get headlines for good reason, “small” ones are still newsworthy in how dramatically they can affect more commonly-sized businesses and lead to financial, technological and legal risks that are hard to recover (discover examples of these attacks in Targeted Phishing’s Effect on the Real Estate Market).
And so, without further ado, the Biggest Cyber Attacks of 2017, Revisited:
WannaCry Heard Around the World:
Ransomware’s 2017 coming out party came and went on the back of WannaCry. This malicious software broke out on Friday, May 12th, 2017, infexting more than 230,000 computers in over 150 countries and disabling parts of the UK’s National Health Service, as well as Spain’s Telefonica, FedEx and more were hit – that is until a 22-year-old British web security researcher was able to disable the attack by registering a domain that corresponded to one used to track attack activity. While email played its part, most of the attack propagated through NSA-derived exploits of Windows XP, including EternalBlue and DoublePulsar, and is supposed to have been led by a North Korean cyber squad referred to as “The Lazarus Group” (who writes this stuff?). Because many of the affected organizations were running Windows XP and Windows Server 2003, Microsoft issued an unusual patch for these unsupported systems, while those that were already supported had patches issued months before the attack took place.
HBO’s Game of Hacks:
Think of this as ransomware without the “ware”. In May, 1.5 terabytes of data were stolen from HBO, including yet-unreleased episodes and scripts from their hit show “Game of Thrones”. Recently, an indictment for an Iranian man by the name of Bezad Mesri was unveiled in a Manhattan U.S. District Court, facing charges for computer fraud, wire fraud, extortion and identity theft. The reason being that he effectively held the data ransom for $6 million worth of Bitcoin from HBO – when HBO balked at the breach, Mr. Mesri released episodes, scripts and more. The breach didn’t have too much of an effect on the GoT season finale, however, which clocked in 16.5 million viewers when including streaming services.
No it’s NotPetya:
In June, companies throughout the U.S. and Europe were hit by NotPetya, a strain of ransomware similar to Petya which had been at the head of several outbreaks in 2016. Shipping giant Maersk was one of the most prominent victims, ultimately claiming more than $200 million in losses due to the attack shutting down terminals in four different countries and disrupting operations for weeks, but all without data lost. Merck, Fedex and even Mondelez International reported losses due to NotPetya as well, with Mondelez claiming a 5% drop in quarterly sales due to shipping and invoicing delays caused by the attack.
Facebook and Google Fall for Targeted Phishing:
What does anyone need $100 million for? Well, aside from jet-skis and lavish parties, one Lithuanian man, Evaldaus Rimasauskas, might need that much or more for his legal defense – if he can get his accounts unfrozen, of course. The 48-year-old successfully forged email addresses, invoices and contracts to swindle Facebook and Google out of approximately $100 million while posing as a Taiwanese manufacturer charging for electronics supplies. The two tech giants, with no shortage of egg on their faces, said they were able to recoup funds after detecting fraudulent activities, limiting the damage to their accounts but not to their security reputations. Rimasauskas, on the other hand, face multiple counts of fraud, aggravated identity theft and money laundering, but at least he’ll have a story to tell in prison.
THE Equifax Breach:
September 7th was perhaps a day that will live in cyber security infamy. Equifax, one of the U.S.’s “big three” credit agencies, announced a breach that may have affected 143 million consumers, losing data as sensitive as Social Security and driver’s license numbers. A vulnerability present in one of their web interface tools, Apache Struts (which had been patched months prior) allowed hackers to work their way towards sensitive information from within Equifax’s software systems. Taking place between May and July, and with the attack announced in September, it certainly raised a few eyebrows that some Equifax executives had sold stock options between the announcement and the time at which the attack actually took place.
Tied for Most Ironic – Deloitte:
On September 25, Deloitte announced that it had been hacked in March, despite the global professional services firm being named one of “the best cyber security consultancies in the world” by Gartner. Missing the gimme of cyber security, two-factor authentication, the firm gave up access to all areas of its email system when attackers were able to acquire a single password from one administrator. With 244,000 staff members, apparently only 6 clients had highly sensitive information violated, but the breach certainly serves as a thumb in the eye of some of the highest-flying cyber security “experts” out there.
On October 9th, Yahoo followed up on a 2016 announcement that more than 1 billion user accounts may have been compromised in a 2013 breach. As it turns out, every single Yahoo customer was impacted by that breach: 3 billion accounts across email, Tumblr, Fantasy Sports and Flickr were stolen, still without resolution as to the perpetrators. This is the same breach that ultimately cost Yahoo shareholders $350 million from Verizon’s purchase of the company this year, though the effect of the updated breach figures are undisclosed (if there were any).
Earlier in November, reports began to spread that the National Security Agency, the chief “Cyber Warfare” arm of the United States and the same agency whose leaked methods allowed the WannaCry attack to reach the breadth that it did, experienced a breach in which “The Shadow Brokers”, a group presumed to be of Russian, Chinese or North Korean origin, uncovered a trove of methods and exploits used by the NSA’s “Tailored Access Operations” Group. Thus far, the source of the breach is publicly thought to be an insider leak, but the breadth and completeness of the leak continues to provide major concerns across the cybersecurity community.
Honorable Mention: The Email Prankster
While most cyber attacks are about the money, some are simply about causing distress among the rich and powerful. That was at least the stated goal of the Briton James Linton, who gained fame on Twitter and away from the keyboard as “@Sinon_Reborn”, an email prankster who fooled many among the British political and banking elite, Harvey Weinstein, Eric Trump, Anthony Scaramucci and more. Using nothing more than an iPhone out of his bedroom in a semi-detached Manchester home he shares with his girlfriend, he spoofed email addresses and display names, posing as associates of and starting email conversations with those mentioned above, as well as Goldman Sachs CEO Lloyd Blankfein, Morgan Stanley CEO James Gorman and Citigroup CEO Stephen Bird (who even mentioned in their conversation that they had a “filtering system” to protect against these very attacks). The list of James’s exploits goes on, but hopefully he can find a job and pay down his debts now that his identity is revealed.
What have we learned from this year of cyber security disasters?
Well, nothing… at least for most of us, but this always seems to be the discourse in the security industry. Too few are affected by the data breaches, not enough people with stolen identities actually experience and understand the consequences of their data being compromised, and the data apocalypse still hasn’t come (though some say it’s coming soon, though we’ve got more on how you can address GDPR and Email Compliance).
Ultimately, to extend the metaphor of “crossing the rubicon”, it was years before that famous event led to disaster for the masses, but by the time those disasters started happening, nothing could be done. Fortunately, most businesses can take this protection into their own hands without having to rely on their existing partners to protect their data or that of their customers by deploying spam filtering, phishing protection, URL and Attachment Defense, Secure Email Encryption, Data Loss Prevention, Email Archiving and more to ensure you won’t be left holding the bag when the data thieves (or actual thieves) come.
If you’re not going to take these efficient steps to protect your data and that of your customers, at the very least make sure you update your software – for most part, the patches you need are already there.