2017 was a year where nothing seemed safe. Bombshell hacks and serious security breaches were experienced both in the Government and private sector.
2017 was hit with a high number of cybersecurity meltdowns ranging from stolen credit card numbers to global ransom campaigns that cost private companies millions of dollars. As we do more and more of our businesses online, hackers too are developing sophisticated ways of either spreading ransomware or stealing crucial data that is vital for our businesses and government operations.
In a report released by Bitdefender, it was found that ransomware payments doubled in 2017 hitting a record $2 billion as compared to 2016. According to Trend Micro, if the trend continues, there’s a high possibility that ransomware will most likely hit $9 billion by the end of 2018. With that being said, this article will outline and explain 9 of the biggest hacks and data breaches of 2017.
Credit reference agency Equifax revealed that approximately 143 MILLION of its US customers information was breached in May of 2017. This most vital information exposed by this leak was the social security numbers of its 143 million American users. Other information revealed included names, birth dates, addresses, and drivers license numbers. As many as 209,000 users had their credit card numbers exposed also.
Due to the nature of the information revealed, all of its users are now potential targets for identity theft. It was recommended that any affected by the breach put a freeze on their credit report to prevent further damage.
The hack didn’t only include American users. It was revealed that limited information was also leaked regarding British and Canadian users. Four main groups of UK users were identified, this included almost 640,000 phone numbers and 30,000 driving license numbers. 12,000 users email addresses and 15,000 Equifax membership details were also exposed.
This massive data hack led to the resignation of the company’s chairman and CEO, Richard Smith.
There was also some controversy regarding the timing of the company’s statement about the hack. Several high ranking members of the firm exercised their right to sell off stock options worth millions of dollars between the time the breach was discovered and it was revealed to the press.
Although this story started as early as August 2016, the majority of the damage caused was revealed over the course of 2017. The Shadow Broker hacking group had been releasing classified information believed to be from the NSA via Twitter and Pastebin. The information contained within asked for criminals to send bitcoin bids in return for hacking tools used by the NSA.
On April 8 2017, the group released the hacking tools they claim to have stolen from the NSA’s own Equation hacking Group. In total, they released more than one gigabyte of software used to exploit Microsoft products. By the time that the group released the NSA’s leaked hacking tools, Microsoft had already patched all of the 0-day exploits they utilized.
The hacking tools weren’t the only thing that the notorious hacking group appears to have stolen from the NSA. They have revealed other information such as the 2017 Shayrat Missile Strike, President Trump’s attack against a Syrian Airfield.
Following on from the release of the NSA’s hacking tools, we have the 12 May 2017 ransomware attack on the UK’s National Health Service. The NHS became the target of a fast-spreading ransomware called WannaCry. This ransomware encrypted the computer’s data and demanded a payment in the untraceable cryptocurrency, bitcoin. The WannaCry attack was created off the back of the exploits released by the Shadow Brokers previously.
Even though Microsoft had patched all of the 0-day exploits used in the NSA’s tools, the NHS still had thousands of computers not updated. This led to over one-third of NHS organizations being disrupted, with thousands of NHS computers infected by the ransomware. Eventually, a kill switch was found for the ransomware which meant that devices were no longer locked.
Due to the scale of the attack, thousands of appointments and operations were canceled. The effect of the attack was still being felt weeks later as a huge backlog had been created.
US Voter database
In June 2017 more than 198 Million US voters personal information was leaked. This information wasn’t hacked but instead was available to browse due to a security misconfiguration. The database was stored on Amazon S3 servers by data firm Deep Root Analytics. Although the information revealed by this leak isn’t much more than what is publicly available already, the sheer volume of aggregated data makes it valuable to would be cybercriminals.
The leak was discovered by Chris Vickery of security analyst firm UpGuard. A large part of the company’s research involves scanning the internet for any publicly accessible information. This led to the firm not only finding the US voter database but also databases relating to Mexican and Philippine voters.
Another political entry into our list is the “massive and coordinated” hacking attack on now French President, Emmanuel Macron. In the last few days run-up to election day May 2017, several gigabytes of information was uploaded to document sharing site Pastebin by an anonymous poster. The Macron campaign team revealed that tens of thousands of internal emails, along with other documents had been breached. The files were initially spread on 4chan, a site which is popular with far-right leaning posters.
The En Marche! campaign team claimed that this was no the first time that they had come under attack. A statement claimed they had “consistently been targeted by such initiatives” during the entire presidential campaign of 2017. They also claim that many false documents had been added to the leak in an attempt to spread disinformation.
Due to the timing of the hack, neither presidential candidate could comment on the subject. This was due to Frances laws on presidential campaigning, which ban communications before the polling stations opened.
February 2017 saw a security bug in the popular content delivery network, Cloudflare, expose millions of users data. The leak, named Cloudbleed after the infamous Heartbleed bug discovered in 2014, exposed data such as passwords and security tokens.
The cloudbleed bug was discovered by Google Project Zero research, Tavis Ormandy. He discovered a buffer overflow issue in Cloudflare’ servers that meant that sensitive data could be returned by the proxy servers accidentally. This data was then being cached by search engines such as google.
In response to the bug, Cloudflare disabled several of its features – Email obfuscation, server-side Excludes and HTTPS rewrites to stop the leak. The company didn’t notify its users by itself, Ormandy followed policy and waited seven days before releasing his findings publicly. Following this public release Cloudflare confirmed the security flaw whilst also reassuring customers any information would now have been flushed from search engine caches.
Chris Vickery of UpGuard pops up again after discovering a Verizon customer database unprotected from public access. This database was stored on Amazons S3 cloud servers by a third party vendor used by Verizon, NICE systems. The database contained sensitive information for up to 6 Million Verizon customers. Information such as PIN codes to verify customers were listed, alongside the customers’ phone numbers. This information is enough for anyone to access any of the Verizon customers accounts, even with two-factor authentication enabled.
With access to a customers account, cybercriminals could potentially add extra lines to a Verizon account leading to extra unwanted charges. The database was created from information gleaned when people contacted customer service over a 6 month period. Both business and residential customers data was exposed in the leak.
It turned out that the leak by NICE System had occurred when they uploaded the database to the S3 service and marked it as public. Verizon did not offer a way to check if a users PIN was exposed, although it did recommend that all users change their PIN as a precautionary measure.
One of the biggest hacks of 2017 technically took place in 2016. Ridesharing app Uber concealed the breach of 57 million customers personal data in October 2016 by failing to notify both its users and also regulators.
Like other hacks we saw in 2017, the information taken was stored on a third-party cloud service. This information was reportedly accessed by two hackers and in a surprising move, Uber decided to pay the hackers a ransom of $100,000 (£75,000 at the time) to delete the data and keep quiet about the information.
The information stolen included users names, phone numbers, and email addresses. Drivers for the firm had more sensitive information taken including their driving license numbers. Uber confirmed that highly sensitive information such as date of birth and social security numbers were not revealed during the hack.
Ubers chief executive Dara Khosrowshahi stated, “None of this should have happened, and I will not make excuses for it”. Uber stated at the time that it was actively monitoring the situation and Uber’s then chief security officer Joe Sullivan was forced to resign.
2017 saw the acquisition of internet giant Yahoo by Verizon Communications. Unfortunately, it also saw Yahoo release information about the biggest data breach in history.
Yahoo had revealed information about a data breach before it’s acquisition which lead to a drop in the acquisition price of over $300m. Verizon then went on to hire external forensic investigators and new information came to light.
Verizon revealed in October 2017 that information from over 3 billion Yahoo accounts had been stolen in August 2013. Data taken included names, email addresses, and hashed passwords but no financial information of its users. Unencrypted user security questions were also breached. Yahoo sent emails to affected accounts and prompted all users to update their passwords at the time.
Experts have stated that it is common for data security breach estimates to be initially on the lower end, but I do not believe anyone would have guessed that 3 billion accounts could be breached at one time.
Apart from the 9 biggest hacks of 2017 listed in this article, there were many other major security breaches that took place in the past year. Among these we didn’t mention include the HBO data leak, the Kaspersky controversy, the River City Media leak, the LastPass hack and finally, the Sony Pictures hack.
Looking at a majority of these security breaches, you’ll discover that data was lost through rather straight forward exploits. Unfortunately it doesn’t matter how vigilant you are with your data, until big business takes security seriously then we are all at risk. Lets hope for a safer 2018.