Cyber attack recap
Cyber attacks have been on the rise in recent years. The year 2017 was no exception, with terms like “data breaches” an “malicious malware” seemingly making news headlines every other day. As the year 2017 comes to a close, let’s recap some of the worst cyber attacks to plague the web over the last 12 months.
In July, it became known that a Nice Systems employee accidentally exposed online the names, phone numbers and PIN codes of 6 million Verizon customers. The leaked data had been gathered over the course of six months. According to the researchers who discovered the leak, it was spawned by an Amazon S3 server set to “public.” While S3 servers typically do not show up in Google, they could be easily accessed by anyone who knew the web address. Verizon issued a statement saying no customer data was lost or stolen, while underscoring the risk of the incident.
Breaking into the new year in early January, thousands of Elasticsearch servers were infected with ransomware. Elasticsearch is a search engine based on Lucene, commonly used by sites such as SoundCloud, Wikipedia and Pandora. Those impacted by the attack were demanded to pay a ransom with Bitcoin in exchange for information. Many users — particular those launching it on Amazon Web Services — did not recognize that Elasticsearch instances are vulnerable to cyber attacks without making the appropriate security measures.
In May, Cyber criminals seized control of NHS hospitals and GP practices with the malicious malware “WannaCry,” which impacted 200,000 people in 150 countries. In England, for example, 48 NHS trusts reported issues at hospitals, GP surgeries and pharmacies. The cyber attack infected approximately 300,000 computers. The countries most heavily hit included Russia, Taiwan, Ukraine and India. The attack was reportedly designed to exploit a weakness in Microsoft systems, which were spotted by the NSA and dubbed EternalBlue.
The malware NotPetya began as an Ukranian tax software update to MeDoc, a popular accounting software in the country. The attack spread to thousands of computers in over 100 countries in a few days. The attack also impacted major firms based in the U.S. Pharmaceutical company Merk, for example, reported the attack cost the company over $300 million in third quarter revenues.
One of the country’s biggest credit reporting companies, Equifax, announced on September 7 one of the largest cybersecurity incidences not just of the year, but in history. The company reported the personal information of potentially 143 million U.S. citizens — nearly half the population of the country — were accessed by hackers between mid-May and July. The leaked data included names, social security numbers, birth dates and in some instances driver’s license numbers. The credit card numbers for around 209,000 customers and documents associated with credit reporting disputes for 182,000 people were exposed as well.