A Year In Review: The Top Three Cyber Attacks of 2017

Malicious hackers are relentless in devising new ways to penetrate systems, spread nasty malware, and steal sensitive information. Numerous companies were hacked this past year, making 2017 one of the most notable to date. Here is a look back at the top three cyber attacks that happened in 2017.

Equifax Data Breach Exposed More Than 143 Million of Customer Records

In September 2017, Equifax announced that it suffered a cyber attack that impacted more than 143 million customers. According to Equifax, the unauthorized access occurred from mid-May through July 2017. The customer information accessed by the attackers included full names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. Additionally, attackers stole thousands of credit card numbers and certain dispute documents with personally identifying information. According to Equifax, attackers exploited a critical vulnerability in Apache Struts, an open-source web application framework that supports the company's online dispute portal web application. Equifax was apparently aware of this vulnerability when it was first identified and disclosed by U.S. CERT in March 2017; however, the company failed to apply the security update to its vulnerable systems in a timely manner. In response to the attack, Equifax established a dedicated website to provide information about the attack and to enroll customers in identity theft protection and credit file monitoring services. While it is difficult to patch every single vulnerability out there, companies should implement multiple layers of security controls to prevent determined attackers from gaining access to sensitive data. 

WannaCry Targeted Thousands of Computers by Encrypting Data and Demanding Ransom Payments

The WannaCry ransomware attack took place in May 2017, and only in a few days, infected more than 200,000 computers in over 150 countries as reported by Europol. The attack spread around the world by exploiting a critical vulnerability in Microsoft's implementation of the Service Message Block (SMB) protocol that allows computers to communicate with each other. While Microsoft had issued a security update for this vulnerability two months prior to the attack, many had not yet applied the update, and others were running unsupported versions of Windows for which a patch had not yet been issued until later. Once a computer was infected with WannaCry, its sensitive files and folders were encrypted, and a ransom payment was demanded in the Bitcoin cryptocurrency. The FBI advised against paying the ransom because there was no guarantee the files would be recovered. Since WannaCry, there have been several other variants of ransomware, such as Petya. The best way to protect yourself against ransomware is by implementing preventive measures and ensuring that you back up your data on a regular basis.

CIA Leak Exposed Thousands of Documents Purportedly Revealing the Agency's Hacking Efforts

In March 2017, WikiLeaks published one of the largest collection of documents that were allegedly stolen from the U.S. Central Intelligence Agency (CIA) and revealed the agency's secret hacking operations. WikiLeaks reportedly obtained the files from a current or former CIA contractor. While the authenticity of the documents has not been verified by CIA, the WikiLeaks dump contains more than 8,700 documents and files that allegedly represent "majority of [the agency's] hacking arsenal including malware, trojans, 'zero-day' exploits, malware remote control systems and associated documentation." The hacking tools apparently provide the CIA with the ability to break into a variety of internet-connected devices (e.g., smart phones, TVs, computers, and Internet routers) and turn them into listening devices. While the impact of this leak is not fully understood, it is an example of an insider threat that can come from people within an organization who have access to sensitive information. To deter insider threats, organizations must ensure that their employees are appropriately screened and monitored for suspicious activity.

Kristof Pasternak