As 2017 comes to a close, we’re looking back at the 10 most significant (or simply the most devastating) cybersecurity stories of the year. Read through the list below to see which attacks, data breaches, and other events left a lasting impact on the security industry and the global online community overall.
Which story meant the most to you or your business? Let us know in the comments below!
In January of this year, MongoDB suffered a severe hack that left thousands of installations at the mercy of a ransomware attack that transformed into a destructive force, by deleting thousands of data entries while still leaving a ransom note behind to taunt the victims. At its peak, this specific attack was being played out by up to 12 unique attackers, all leaving their own ransomware variant and encryption information on the systems, making it exceedingly difficult for remediation.
WikiLeaks Release CIA Vault 7
By March, an enormous national security hole was revealed thanks to a release on WikiLeaks dubbed “Vault 7”, which exposed information on CIA hacking, zero-day exploits that they had used, and finally that the lead security organization in the country is not invulnerable to security flaws. While consumer data has become less and less secure due to retail data breaches, it’s shocking that such a trove of information could be heisted from right under the noses of those whose job it is to protect some of the nation’s greatest secrets.
Shadow Brokers Divulge NSA Exploits
Just a short month after the WikiLeaks dump came the sudden flood of software exploits, all from the National Security Agency’s systems. Most of these were initially labeled as zero-day exploits that focused on older Windows operating systems that hadn’t received security updates, something which many large organizations had yet to implement. While Microsoft was quick to push out patches for these vulnerabilities, some of which were available for nearly a month prior to the actual Shadow Broker’s reveal, these exploits were later used for some of the largest ransomware attacks to date.
WannaCry Ransomware Tackles Globe
Within weeks of the last Shadow Brokers dump, organizations in over 150 different countries were dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting several largely unpatched vulnerabilities in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations struggled to roll it out to their endpoints, or couldn’t do so without rendering their proprietary software unusable. Months after the initial WannaCry campaign was launched, systems across the globe were still getting infected, including a Honda production plant in Japan, and an entire network of traffic cameras in Australia.
NotPetya Causes Global Chaos
Following closely behind the WannaCry campaign was a new variant of an older ransomware, dubbed NotPetya. The variant used similar tactics to the original Petya ransomware, though it had an entirely different agenda. By using the EternalBlue exploit made available by the Shadow Brokers back in March to attack unprotected Windows systems, NotPetya encrypted thousands of systems by booting to a fake ChkDsk to cover its actions, and then leaving the victims without a method to pay the ransom or make any attempts to retrieve their destroyed data.
NHS Database Exposes Over 1 Million Patient Records
By August, a breach had been discovered in a patient booking system known as SwiftQueue, which is widely used by several National Health Service facilities across the UK. The database in question contained patient information for nearly 1.2 million citizens, and to makes matters even worse, the attackers also claimed to have found additional vulnerabilities within SwiftQueue’s software and possessed of all 11 million records stored by the company. The breach comes just 2 months after the NHS fell victim to the WannaCry attacks that affected hundreds of industries around the world.
Equifax Sees Largest Data Breach to Date
In early September, Equifax announced that it had been compromised, leaving over 145 million Americans social security numbers and other highly sensitive information both vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page which, through simple HTML viewing, could show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number-equivalent, all stored in plain text.
Big Four Accounting Firm Breached
Using an administrative account without 2-factor authentication to gain access to their email system is the likely entry point for the September breach involving Deloitte, one of the world’s largest accounting firms. The attack appears to have only affected a limited number of the firm’s clients, though actual figures have remained quiet. In addition to the improperly managed client data, it was also revealed that the company’s entire email database, including administrative accounts, had been accessed by the attackers for an unknown amount of time. While the scale of this attack appears relatively small in comparison to Equifax, it should be known that Deloitte works with some of the largest organizations currently in operation and the sensitive nature of their information could be catastrophic if placed in the wrong hands.
Yahoo Breach Expands to All 3 Billion Users
In a mid-September statement, Yahoo announced that the initial breach that occurred in 2013 and took nearly 4 years of investigation, has impacted all the company’s 3 billion unique users. Along with this recent update, the company is still reeling from yet another data breach that happened in 2014, but pushes Yahoo into the podium as the largest data breach in current history. This update to the total affected users comes as little surprise, as the original breach left questions as to why some accounts were compromised quickly, while others remained untouched and showed no signs of malicious activity for several years.
IoT Takes Major Hit with Krack Attacks
To round off a high-profile year, a vulnerability was found within the Wi-Fi encryption currently in use by hundreds of millions of IoT devices around the world. The vulnerability has fortunately been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected ‘things’ due to the complexity and sheer quantity of devices that even one vendor can bring to market, let alone the dozens of vendors who are currently working with their partners to decide on the best methods for tackling this enormous vulnerability.