Video


Let's learn from mistakes - most notorious cyber attacks in 2017

Posted: by Jan Nawrot

Category: cybersecurity

Year 2017 abounded in spectacular, international cyber attacks, which resulted in large losses, not only financial ones. Technological progress allows cybercriminals to access key company resources. What should we pay attention to in 2018?

In article you can read about:

  • WannaCry, Petya,
  • CIA data leak through Wikileaks,
  • MacronLeaks i Equifax,
  • Yahoo and Uber problems with security,
  • and about difficult beginnings of 2018.

In addition to the most notorious ones, the number of smaller targeted attacks has also increased. Technological progress increases the number of gates that cybercriminals can gain access to key company resources. We live in times when digital security threats become much larger than physical ones (European Cybersecurity Market). Unfortunately, forecasts for the coming years show that there will still be a race between cybercriminals and security specialists, and the first ones are still a step ahead. Fortunately, from year to year we are smarter about the experience from previous years. Let's take a look at what 2017 has brought us.

WannaCry

Almost everyone has heard about WannaCry, one of the loudest cyberattacks of the past year. This malicious ransomware in a very short time infected over 300,000 computers in about 100 countries, encrypting disks, blocking access to hardware and demanding a ransom. Its huge reach and spread rate was mainly due to the exploit stolen from the NSA by a group of hackers from Shadow Brokers, which allowed it to spread in search of vulnerabilities in the software of the network.

Petya

The Petya virus hit Ukraine before the world could recover after WannaCry. Seemingly, it was an ordinary ransomware (software demanding a ransom), but there are still speculations about its true character. Subsequent analyzes indicated that the attackers' goal was destruction, not ransom, and the victims never had a chance to regain their data. The main objectives of the cyberattacks were government institutions, financial organizations, energy or telecommunications companies.

Wikileaks reveals CIA files

The scandal began in March 2017, when the WikiLeaks Portal published nearly 9,000. files and documents from the CIA cyber intelligence center. The revealed files showed that the US Intelligence Agency has for a long time worked on the creation of tools that allow hacking into most of the most popular electronic devices. It is not so much the creepy that the services had the theoretical possibility of making cyberattaks and eavesdropping on every average user of electronic devices, but the mere fact of the existence of software allowing such a detailed surveillance.

MacronLeaks

The aim of the cyberattacks, just before the second round of the presidential election in France, became the candidate of the En Marche! group Emmanuel Macron. The result of the attack was the publication of nearly 9 GB of documents and internal data from the course of the campaign, including e-mails and financial settlements in public websites.

Equifax

One of the largest US economic information offices fell victim to cyberattacks, which the public was informed at the end of June 2017. Hackers have access to data of 143 million Americans, including their credit card numbers, driving licenses, insurance and names, names, addresses and dates of birth. The threat was rated very high, mainly due to the possibilities related to identity theft.

Yahoo

The case concerning the theft of Yahoo users' data took place much earlier, but information on this subject came to light at the turn of 2016/2017.At that time, the public was informed about the leak taking place several years earlier. As a result of the attack, hackers gained access to data of up to 3 billion people. The company admitted that the theft was, among others, dates of birth, phone numbers or passwords. According to later information, among them were also payment card or bank account details.

The attackers used cookies files, thanks to which they could gain access to user accounts to impersonate them. Then they selected the users who were interested in them. In this way, the direct victims of this attack fell about 6.5 thousand people, including politicians, journalists, representatives of foreign interviews, employees of companies, banks and institutions.

Uber

Although the attack took place in 2016, the company waited a year with its disclosure. In the meantime, they managed to pay the criminals a ransom for deleting data. As a result of the attack, criminals obtained data from 57 million users (including 7 million drivers), all thanks to the theft of passwords posted in the Github company repository.

The year 2018 has already begun...

...and it started with Meltdown and Spectre, the gaps in the Intel, AMD and ARM processors. Patching these vulnerabilities is not so simple, and the greatest risk of their use in order to attack are subject to any Internet service provider.

A more spectacular threat was the attack of hackers on the Olympic Games in Pyongsang. Although the attackers failed to disrupt the course of the opening ceremony, they effectively hampered the lives of many people by hacking the servers, disabling Wi-Fi at the stadium or TVs in the press center and blocking the Olympic website, which many fans could not print tickets.

At the beginning of February, the Swiss mobile operator Swisscom announced a data leak of approximately 800,000 users. The leakage was most likely through one of the trading partners, and among the data to which the offenders gained access were the names, addresses, birthdays and telephone numbers of Swisscom customers.

An endless arms race...

All previous experiences indicate that in the coming years cybercriminals will not be more gracious. Experts of the European Cybersecurity Forum – CYBERSEC indicate the biggest challenges that await us in 2018, among them rising tension on the cyber crime front. Recent hacking trends include cyberattacks on a mass scale, gaps in devices connected to the network and the Internet of Things. It is also projected increase in the number of fake news and cases of hacking methods used by legitimate organizations.

What is essential for entrepreneurs seems above all to raise awareness that digital security issues are not just a problem for IT departments, and that real threats apply to all companies. We have good sense, reliable knowledge and a responsible approach to security.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Udostępnij
Read more:
Step-by-step preparation for GDPR - checklist
GDPR

Step-by-step preparation for GDPR - checklist
An overview of the Regulation and its most frequently discussed issues
GDPR

An overview of the Regulation and its most frequently discussed issues
How was GDPR introduced? Facts.
GDPR

How was GDPR introduced? Facts.
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to [email protected], or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: [email protected].

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact