Criminals set their sights high in 2017, leading to the theft of personal information for millions and serious financial losses. Here are the attacks that wreaked the most havoc.
Unfortunately, 2017 has been a major year for data breaches. In the US alone, personal information has been stolen for well over 100 million residents.
Here's a look at what are arguably the most damaging hacks and data breaches of 2017 so far. And while they happened in 2017, their effect will likely be felt well into 2018 and beyond.
On May 12, 2017, the WannaCry cryptoworm began propagating, demanding a ransom from victims in order to regain access to their files. The original version of WannaCry propagated for three days before a kill switch was found by security researcher Marcus Hutchins. In that time, thousands of organizations including FedEx, the UK's NHS, telecoms Telefónica and Megafon, and others were affected.
WannaCry and its variants utilize a pair of exploits called EternalBlue and DoublePulsar, which were released by an organization called "The Shadow Brokers" on April 14. The exploits were originally developed by the NSA Office of Tailored Access Operations and CIA Information Operations Center. An analysis by GCHQ's cybersecurity arm identified the authors of WannaCry as the North Korea-connected Lazarus Group, which was also responsible for the 2014 Sony Pictures hack.
Though the exploits leveraged by WannaCry have been patched by Microsoft, further variants without the aforementioned killswitch continue to propagate across the internet, targeting systems which haven't yet been patched.
- Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware (ZDNet)
- North Korea carried out the WannaCry ransomware attack, say security services (ZDNet)
- New Windows XP patch: Microsoft issues extraordinary fix to protect PCs against next WannaCry (TechRepublic)
- Video: Basic patching mistakes left NHS open to WannaCry attack (ZDNet)
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF)
Petya (or NotPetya)
While the original Petya actually surfaced in 2016, the 2017 version identified as "NotPetya" by Kaspersky Lab was used to target organizations in Ukraine. The NotPetya variant was propagated through the software update mechanism of the accounting software MeDoc. Like WannaCry, NotPetya also uses the EternalBlue vulnerability to propagate through local networks. This software is used by about 400,000 firms in Ukraine, which is about 90% of Ukrainian domestic firms, according to the BBC. Among these, several Ukrainian banks, state-owned organizations, and transportation systems were affected.
In contrast to earlier ransomware attacks, NotPetya encrypts not just the MBR of a given disk, but also encrypts individual files, as well as overwrites files, making recovery impossible. Also, the comparatively cheap ransom which NotPetya demands, combined with the single Bitcoin wallet victims are instructed to use, suggests that the aim of NotPetya was to inflict damage, rather than purely generate a profit.
- Information security incident reporting policy (Tech Pro Research)
- NotPetya cyber attack on TNT Express cost FedEx $300m (ZDNet)
- NotPetya ransomware outbreak cost Merck more than $300M per quarter (TechRepublic)
- Petya ransomware: Where it comes from and how to protect yourself (TechRepublic)
- 6 tips to avoid ransomware after Petya and WannaCry (TechRepublic)
Due to the nature of credit reporting agencies—in which companies create dossiers on individuals without their consent—these organizations are a large target for criminals looking for a one-stop shop to harvest personally identifying information (PII) on tens of millions of people at once. Equifax announced in September that their systems had been hacked, potentially impacting 145.5 million Americans. International divisions of Equifax were also affected, leaving 15.2 million residents of the UK vulnerable, as well as at least 19,000 Canadians, according to the company.
Though it's still unclear, hackers appear to have exploited a vulnerability in Apache Struts on an Equifax server in May—a vulnerability that was patched in March. However, the damage made possible by this vulnerability was made worse by poor security practices, inadequate network segmentation, and a lack of encryption for personally sensitive information. Poor security practices are prevalent throughout the organization, as an admin account with the password "admin" was discovered in Equifax Argentina. As a result of the hack, the CEO, CIO, and CSO of Equifax were replaced in September.
- Equifax spends $87.5 million on data breach, more expenses on deck (ZDNet)
- Equifax's big fat fail: How not to handle a data breach (ZDNet)
- Information Security Management Fundamentals (TechRepublic Academy)
- We tested Equifax's data breach checker - and it's basically useless (ZDNet)
- Equifax ex-chief admits responsibility 'starts at the top' for devastating data breach (ZDNet)