A Look Back: Reviewing the Worst Cyber Attacks of 2017 and the Lessons Learned
- Feb 12, 2018, 08:37 AM
- Ben Gane
It seems that each year that passes is worse than the last in terms of hacking and cyber attacks, and 2017 was no exception.
“Surprising no one, 2017 was marked another ‘worst year ever’ in data breaches and cyber incidents around the world,” said Jeff Wilbur, director of the Internet Society’s Online Trust Alliance.
In the trend of years passed, 2017 saw numerous, high-profile data breaches and dangerous malware and ransomware samples, each appearing more sophisticated and advanced than the last. Hackers aren’t easing up on business or consumer targets anytime soon. So the best course of action for the industry to take is to apply the lessons learned from these attacks to future protection strategies.
Equifax: Waiting to report a breach
Let’s review some of the disastrous breaches, attacks and infections that took place in 2017 and see what lessons can be learned from these impactful instances:
Hands down, Equifax was the poster child for calamitous data breaches last year. Unfortunately, this breach event included a veritable storm of worst-case scenarios – not only did the breach impact a considerable number of consumers, but it was highly sensitive data that was stolen, and the information was taken from a company that promised to help prevent the kind of fraud its breach likely supported.
According to CNN, attackers breaching Equifax systems were able to steal 182,000 sensitive documents that included customers’ personal information, as well as 209,000 credit card numbers. All told, the attack is estimated to impact as many as 143 million Americans, whose Social Security numbers, birth dates, addresses and other personal details were contained in stolen documents.
One of the most daunting issues about this attack is that hackers made off with basically everything an attacker needs to create a stolen identity profile. These packaged identities sell for $30 or more on underground black markets, and with the sheer amount of data stolen, attackers stand to make a bundle from this attack, while threatening the identities of millions.
“Data breaches involving Social Security numbers are not rare, but this is the largest ever recorded,” said Eva Velasquez, Identity Theft Resource Center CEO. “This is a unique situation because of the quality of data that was stolen along with the scale of the breach.”
A key lesson for businesses to learn from this attack is not to wait to report the breach. CNN noted that the company paused for six full weeks before making the public aware of the attack. This gave hackers a considerable head start when it came to the sale and eventual fraudulent use of stolen sensitive data.
When a breach takes place, it’s imperative to respond as quickly as possible, and ensure that those impacted by the event are aware. In this way, the breached organization along with its affected customers and partners can work in tandem to reduce the consequences.
Uber: Covering up the attack
Popular ride-sharing service Uber was breached in the fall of 2016, with the names, emails and phone numbers of 57 million users being compromised in the process. This instance makes this year’s list, however, because the breach wasn’t reported until the company’s new CEO Dara Khosrowshahi came forward in late November 2017 – over a year later.
Worse still, is the fact that it appears the company worked to actively cover up the attack instead of addressing it. WIRED contributor Lily Hay Newman reported that Uber paid a $100,000 ransom to hackers to prevent them from exposing the attack to the public.
“These actions likely violated data breach disclosure laws in many states, and Uber reportedly may have even tried to hide the incident from the Federal Trade Commission investigators,” Newman wrote. “If you’re going to be hilariously sketchy about covering up your corporate data breach, this is how it’s done.”
A word to the wise: Don’t.
WannaCry: Unpatched vulnerability
In addition to damaging attacks on businesses, 2017 also presented lessons in individual samples impacting a wide swath of organizations across the globe. In a single day, thousands of targets around the world were impacted by WannaCry, with some instances being life threatening – WIRED reported that the particularly damaging ransomware sample infected the National Health Service in the United Kingdom, and affected the daily operations and patient care in emergency rooms, hospitals and facilities.
Compounding the damages here was the fact that the ransomware leveraged a critical vulnerability now known as EternalBlue, which was made public after hacking group the Shadow Brokers breached the National Security Agency in the spring of 2017. After the attack, the Shadow Brokers released stolen NSA tools, including the EnternalBlue Windows exploit.
CNN reported that all told, WannaCry impacted targets in over 150 countries. Although a patch for EternalBlue was released before the vulnerability was highlighted by the Shadow Brokers, the number of infected organization shows the risk outdated software can pose.
“The WannaCry infections were so bad that, in an unusual move, Microsoft released a patch for Windows systems that it had stopped updating,” CNN contributor Selena Larson wrote.
Honorable mention: Misconfigured security exposes voter records
While not one of the most widespread or damaging instances of last year, there’s still a critical lesson to be learned here.
In the spring of 2017, a security researcher found open and accessible records of nearly 200 million American voters. The issue was eventually traced back to misconfigurations by a GOP data firm within its Amazon cloud storage security settings. Interestingly, CNN pointed out that this wasn’t the only event of its kind recently.
“It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored,” Larson wrote. “They are secure by default, but Chris Vickery, a researcher at cybersecurity firm UpGuard, regularly finds that companies set it up wrong.”
This instance shines the light on security settings – it’s imperative that organizations understand the services they are using and the configuration choices available to them. Any time a change is made, IT stakeholders should check that settings have been adjusted correctly and that no open doors are left for unauthorized users.
A need for robust, multi-layered protection
There are several lessons to be learned from last year’s infections and breaches. In addition to the points discussed above, it’s critical that businesses have multi-layered protection in place and consistently leverage best practices for data protection.
TechRepublic reported that the vast majority of 2017 breaches – 93 percent overall – could have been prevented with simple security processes like ensuring patches are in place, blocking fraudulent email addresses and training employees about phishing strategies.
Source: Trend Micro Blog