A Year of Hacks in Review

2017 was a year filled with one hack after another, from an Equifax breach to global ransom campaigns that cost companies millions of dollars. The cyberattacks highlighted the alarming vulnerability of our personal information.

More tools used by government hackers have become public, and with many companies failing to patch security flaws, it’s easier than ever to create sophisticated ways to spread malware and ransomware or steal data from companies.

Here’s a look back at the major hacks of 2017:

Leaked government tools

In April, a group called the Shadow Brokers leaked hacking tools that were believed to belong to the National Security Agency. The tools allowed hackers to compromise a variety of Windows servers and operating systems. Microsoft said it had released patches for the security holes in March, but many businesses had not patched their software. The tools Shadow Brokers leaked were used in the year’s biggest global cyberattacks, including WannaCry.

WannaCry

In May, this ransomware hack that has been linked to North Korea, utilized some of the leaked NSA tools. It targeted businesses in over 150 countries and across numerous industries running outdated Windows software. Hackers locked down companies’ computer systems and demanded money to unlock the files. The WannaCry infections were so bad that Microsoft released a patch for Windows systems that it had stopped updating.

Equifax

In what is considered among the worst breaches of all time, cybercriminals stole personal data, including Social Security numbers, of 145 million people. The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.

NotPetya

In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses by leveraging a vulnerability leaked by the Shadow Brokers.

Bad Rabbit

In October, another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on websites that had been compromised by hackers. Once it infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.

It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.

Voter records exposed on Amazon server

In June, it was discovered that almost 200 million voter records were exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service. It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but companies, including Verizon and the U.S. Department of Defense, regularly set it up wrong and have data exposed.

Yahoo

In October, it was announced that every one of Yahoo’s 3 billion accounts was hacked in 2013. In November, the former Yahoo CEO told Congress that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked. The company still does not know who was responsible.

Hacks target school districts

The U.S. Department of Education warned teachers, parents, and K-12 education staff of a cyberthreat that targeted school districts across the country in October.

In Montana, a hacker group called The Dark Overlord sent threatening text messages as a part of an extortion campaign. They stole information on students, teachers and other district employees and asked for money to destroy the files. 

The same group was responsible for stealing information and leaking episodes of Netflix’s “Orange is the New Black” after the company refused to pay ransom.

Uber

In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November, when it was revealed by the new Uber CEO. Now, Uber is facing questions from lawmakers and a bill was introduced that could make executives face jail time for knowingly covering up data breaches.

Looking forward to 2018

If we can take something positive away from this year’s breaches, it’s that businesses and people are at least more aware of security risks.

To prevent future hacks and data loss, here are some important tips:

  • Make sure all computers and systems are updated with the latest software and security patches.
  • Install a network level UTM firewall.
  • Install business grade antivirus that is updated and maintained.
  • Be wary of phishing scams and make sure to not click on any pop-up adds or suspicious links.
  • Unless absolutely necessary, do not connect to public WIFI networks.
  • Make sure you have backups of important files and a way to recover them in the event of data loss.

Readers Comments

A Year of Hacks in Review

2017 was a year filled with one hack after another, from an Equifax breach to global ransom campaigns that cost companies millions of dollars. The cyberattacks highlighted the alarming vulnerability of our personal information.

More tools used by government hackers have become public, and with many companies failing to patch security flaws, it’s easier than ever to create sophisticated ways to spread malware and ransomware or steal data from companies.

Here’s a look back at the major hacks of 2017:

Leaked government tools

In April, a group called the Shadow Brokers leaked hacking tools that were believed to belong to the National Security Agency. The tools allowed hackers to compromise a variety of Windows servers and operating systems. Microsoft said it had released patches for the security holes in March, but many businesses had not patched their software. The tools Shadow Brokers leaked were used in the year’s biggest global cyberattacks, including WannaCry.

WannaCry

In May, this ransomware hack that has been linked to North Korea, utilized some of the leaked NSA tools. It targeted businesses in over 150 countries and across numerous industries running outdated Windows software. Hackers locked down companies’ computer systems and demanded money to unlock the files. The WannaCry infections were so bad that Microsoft released a patch for Windows systems that it had stopped updating.

Equifax

In what is considered among the worst breaches of all time, cybercriminals stole personal data, including Social Security numbers, of 145 million people. The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.

NotPetya

In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses by leveraging a vulnerability leaked by the Shadow Brokers.

Bad Rabbit

In October, another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on websites that had been compromised by hackers. Once it infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.

It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.

Voter records exposed on Amazon server

In June, it was discovered that almost 200 million voter records were exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service. It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but companies, including Verizon and the U.S. Department of Defense, regularly set it up wrong and have data exposed.

Yahoo

In October, it was announced that every one of Yahoo’s 3 billion accounts was hacked in 2013. In November, the former Yahoo CEO told Congress that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked. The company still does not know who was responsible.

Hacks target school districts

The U.S. Department of Education warned teachers, parents, and K-12 education staff of a cyberthreat that targeted school districts across the country in October.

In Montana, a hacker group called The Dark Overlord sent threatening text messages as a part of an extortion campaign. They stole information on students, teachers and other district employees and asked for money to destroy the files. 

The same group was responsible for stealing information and leaking episodes of Netflix’s “Orange is the New Black” after the company refused to pay ransom.

Uber

In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November, when it was revealed by the new Uber CEO. Now, Uber is facing questions from lawmakers and a bill was introduced that could make executives face jail time for knowingly covering up data breaches.

Looking forward to 2018

If we can take something positive away from this year’s breaches, it’s that businesses and people are at least more aware of security risks.

To prevent future hacks and data loss, here are some important tips:

  • Make sure all computers and systems are updated with the latest software and security patches.
  • Install a network level UTM firewall.
  • Install business grade antivirus that is updated and maintained.
  • Be wary of phishing scams and make sure to not click on any pop-up adds or suspicious links.
  • Unless absolutely necessary, do not connect to public WIFI networks.
  • Make sure you have backups of important files and a way to recover them in the event of data loss.


backtotop