Cybersecurity, New

The Worst Cybersecurity Attacks and Leaks of 2017

We are a little more than halfway into 2017, and already we’ve seen a tremendous amount of cybercrime. We have seen attacks not only on home users but also hospitals, major corporations, governments. While there is a broad range of estimates as to how much each attack cost the world, one this is for certain: security needs to step it up.

Here’s a timeline of some of the biggest cybersecurity disasters of 2017, thus far:

February 2017: The Cloudbleed Security bug was discovered to be leaking information of CloudFlare customers

April 2017: ShadowBrokers released their fifth leak entitled “Lost In Translation” It included the EternalBlue exploit and was considered to be the most damaging leak to date.

May 2017: WannaCry, based on the EternalBlue exploit, was released and spread to around 200,000 computers before its kill switch was found accidentally. The ShadowBrokers also threatened to begin a “data dump of the month” membership service.

June 2017: NotPetya ransomware attack was infecting airlines, banks, and utilities across Europe and the US.

July 2017: Verizon leaked data of 6 million customers was leakedonline.

The Shadow Brokers

This secretive group first stole NSA intelligence secrets and hacking exploits in 2013. They have been behind many data leaks since then. The data leaked in April of 2017 included the exploit ‘EternalBlue.’ This allowed for both the WannaCry and NotPetya to spread across networks infecting hundreds of thousands of devices.

The group even threatened to begin a “data dump of the month” service. This would be similar to a “wine of the month” subscription. Subscribers would receive a members-only data dump each month, in exchange for a membership fee. According to tweets from the group, the data would include NSA exploits for Windows 10, routers, and web browsers.

They also said it would include compromised data from Russian, Chinese, Iranian, and North Korean nuke programs. Allowing this kind of dangerous information into the hands of the highest bidder, be it a corporation or a criminal hacker, is dangerous.

As you will see in this article, the exploits leaked by the Shadow Brokers did get into the hands of criminal hackers. They were then used to wreak serious havoc and show the world how dangerous these kinds of leaked tools can be.

Cloudbleed

Cloudbleed was first discovered in February. It is a security bug that affected CloudFlare, one of the largest internet infrastructure companies in the world. Their clients include Uber, Fitbit, and OKCupid. Data from Cloudflare customers could have been leaking beginning as early as September of the previous year. It made one customer’s data available to any other customer that was in the server’s memory at the time. Some of the data was even cached by search engines, including sensitive cookies, login credentials, and other valuable authentication tokens.

WannaCry/WanaCrypt0r/WCry

This was a worldwide ransomware attack that occurred in May 2017. It exploited a vulnerability in the Windows operating system. When WannaCry infected a computer, it encrypted its documents. Now, the hackers had exclusive access to the documents and were able to demand a ransom for the user to be able to regain access. It targeted the National Health Service (NHS) in the UK, as well as businesses, government offices, banks, and telecommunications companies.

The WannaCry exploit was made possible by the leaked NSA hacking tools shared globally by the ShadowBrokers. Although the hackers only made an estimated $50,000 in ransom, CBS News estimates that the attacks cost the world up to $4 billion in losses.

Often with ransomware, the money made in ransom is negligible compared to the cost of disruption of services. Many experts recommended not paying the ransom, to discourage hackers from utilizing ransomware. However, the WannaCry fiasco succeeded in spreading panic.

As powerful as it was, WannaCry had some serious flaws and experts were able to find a kill switch pretty quickly.

Petya/NotPetya/GoldenEye

The NotPetya attack had much fewer flaws than its WannaCry predecessor. Petya is another type of ransomware that was originally utilized in 2016. On June 27 of 2017, another global cyber attack began. Kaspersky Lab named it “NotPetya” due to its similarities with many key changes that experts noticed.

The malware the EternalBlue exploit to spread throughout a network. It takes advantage of the way administrative access on most business networks is set up. These series of attacks were particularly scary because of its similarity to WannaCry. Similarly to WannaCry, it encrypts the user’s data and asks for ransom in exchange for restoring your documents.

According to various sources, the attackers gained access to the M.E.Doc update servers and sent out a malicious software update. Most of the victims were located in Russia and Ukraine, however, major companies in the West have also suffered from this attack. The list includes global law firm DLA Piper and shipping giant Maersk. In Ukraine, public services were affected. Even the Chernobyl nuclear power plant fell victim to the attack.

The scary part is is that a security solution existed months prior to the ransomware attacks. Microsoft released a patch to the EternalBlue exploit in March. However, based on how quickly WannaCry was able to spread in May, it was clear that many still had not updated their systems. Furthermore, when NotPetya began to spread in June, via the EternalBlue exploit, companies still had not learned their lesson.

Verizon Data Leak

Finally, on Wednesday of this week, the data of 6 million Verizon customers was leaked online. The leaked data has been collected over the last six months and includes customer phone numbers, names, home addresses, and PIN codes. According to the researchers who uncovered the leak, it was caused by a misconfigured security setting on a cloud server due to human error. Anyone who knew the web address could access the files. Verizon released a statement that none of the customer information was lost or stolen, however, this is a serious risk to take.

So, what does this mean to you?

This epidemic of hacking does not show any signs of stopping anytime soon. As the world grows more interconnected via technology, so grow the security risks. The problem is that manufacturers continue to produce devices with serious security vulnerabilities.

In these major attacks, it is easy to distance yourself because of the sheer scope of the problem. It is natural to think that this is happening to others but cannot affect you. In reality, home users are very much at risk. In fact, your home today is more likely to be hacked than robbed. The average home can house dozens of internet connected devices on its networks, such as smart TVs, refrigerators, and cameras.