Thursday, 27 July 2017

The Biggest CyberSecurity Incidents Of 2017 At A Glance

It's only July, and already there's been viral, state-sponsored ransomware, leaks of spy tools from intelligence agencies, and full-on campaign hacking. And that's just the beginning. The first six months of 2017 have seen an inordinate number of cyber security meltdowns. And they weren't just your standard corporate breaches. 

Let this recap of 2017's biggest cyber-incidents so far serve as a reminder of just how chaotic things have already gotten–and the year's only halfway done.

SHADOW BROKERS
The mysterious hacking group known as the Shadow Brokers, claiming to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. The identity of the Shadow Brokers is still unknown, but the group's leaks have revived debates about the danger of using bugs in commercial products for intelligence-gathering. Agencies keep these flaws to themselves, instead of notifying the company that makes the software so the vendor can patch the vulnerabilities and protect its customers.

WANNACRY
WannaCry spread around the world, walloping hundreds of thousands of targets, including public utilities and large corporations. Though powerful, the ransomware also had significant flaws, including a mechanism that security experts effectively used as a kill switch to render the malware inert and stem its spread. In total, WannaCry netted almost 52 bitcoins, or about $130,000—not much for such viral ransomware. Microsoft had released the MS17-010 patch for the bug in March, but many institutions hadn't applied it and were therefore vulnerable to WannaCry infection.

PETYA
This malware, called Petya, NotPetya and a few other names, was more advanced than WannaCry in many ways, but still had some flaws, like an ineffective and inefficient payment system. Researchers suspect that the ransomware actually masked a targeted cyber-attack against Ukraine. The ransomware hit Ukrainian infrastructure particularly hard, disrupting utilities like power companies, airports, public transit and the central bank.

WIKILEAKS CIA VAULT 7
WikiLeaks published a data trove containing 8,761 documents allegedly stolen from the CIA that contained extensive documentation of alleged spying operations and hacking tools. Revelations have detailed individual tools for things like using Wi-Fi signals to track a device's location, and persistently surveilling Macs by controlling the fundamental layer of code that coordinates hardware and software. Wiki Leaks claims that Vault 7 reveals "the majority of hacking arsenal including malware, viruses, Trojans, weaponize 'zero day' exploits, malware remote control systems and associated documentation.

CLOUDBLEED
The internet infrastructure company Cloudflare announced that a bug in its platform caused random leakage of potentially sensitive customer data. Cloudflare worked with search engines ahead of and after the announcement to remove the leaked data from caches, and experts noted that it was unlikely that hackers used the data malevolently; the random leaks would have been difficult to weaponize or monetize efficiently. A bug or a damaging attack affecting a company like Cloudflare can impact, and potentially endanger, a significant portion of the web.

198 MILLION VOTERS RECORDS EXPOSED
Unfortunately, it's not uncommon to hear that a trove of voter data was breached or exposed somewhere in the world. But on June 19, researcher Chris Vickery discovered a publicly accessible database that contained personal information for 198 million US voters—possibly every American voter going back more than 10 years. The group had misconfigured it, though, such that some data on the server was protected, but more than a terabyte of voter information was publicly accessible to anyone on the web. Misconfiguration isn't a malicious hack in itself, but it is a critical and all-too-common cybersecurity risk for both institutions and individuals.

MACRON CAMPAIGN HACK
Hackers dumped a 9GB trove of leaked emails from the party of left-leaning front-runner (now French president) Emmanuel Macron. The attack was less strategic and explosive than the WikiLeaks releases of pilfered DNC emails that dogged Hillary Clinton's presidential campaign. Researchers did find evidence that the Russian-government-linked hacker group Fancy Bear attempted to target the Macron campaign in March.

No comments: