As 2017 comes to a close, we’re looking back at the 10 most significant (or simply the most devastating) cybersecurity stories of the year. Read through the list below to see which attacks, data breaches, and other events left a lasting impact on both the security industry and the global online community overall.
Which story meant the most to you or your business? Let us know in the comments below!
MongoDB Hacks
In January of this year, MongoDB suffered a severe hack that left thousands of installations at the mercy of a ransomware attack that transformed into a destructive force, by deleting thousands of data entries while still leaving a ransom note behind to taunt the victims. At its peak, this specific attack was being played out by up to 12 unique attackers, all leaving their own ransomware variant and encryption information on the systems, making it exceedingly difficult for remediation.
WikiLeaks Release CIA Vault 7
By March, an enormous national security hole was revealed thanks to a release on WikiLeaks dubbed “Vault 7”, which exposed information on CIA hacking, zero-day exploits that they had used, and finally that the lead security organization in the country is not invulnerable to security flaws. While consumer data has become less and less secure due to retail data breaches, it’s shocking that such a trove of information could be heisted from right under the noses of those whose job it is to protect some of the nation’s greatest secrets.
Shadow Brokers Divulge NSA Exploits
Just a short month after the WikiLeaks dump came the sudden flood of software exploits, all from the National Security Agency’s systems. Most of these were initially labeled as zero-day exploits that focused on older Windows operating systems that hadn’t received security updates, something which many large organizations had yet to implement. While Microsoft was quick to push out patches for these vulnerabilities, some of which were available for nearly a month prior to the actual Shadow Broker’s reveal, these exploits were later used for some of the largest ransomware attacks to date.
WannaCry Ransomware Tackles Globe
Within weeks of the last Shadow Brokers dump, organizations in over 150 different countries were dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting several largely unpatched vulnerabilities in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations struggled to roll it out to their endpoints, or couldn’t do so without rendering their proprietary software unusable. Months after the initial WannaCry campaign was launched, systems across the globe were still getting infected, including a Honda production plant in Japan, and an entire network of traffic cameras in Australia.
NotPetya Causes Global Chaos
Following closely behind the WannaCry campaign was a new variant of an older ransomware, dubbed NotPetya. The variant used similar tactics to the original Petya ransomware, though it had an entirely different agenda. By using the EternalBlue exploit made available by the Shadow Brokers back in March to attack unprotected Windows systems, NotPetya encrypted thousands of systems by booting to a fake ChkDsk to cover its actions, and then leaving the victims without a method to pay the ransom or make any attempts to retrieve their destroyed data.
NHS Database Exposes Over 1 Million Patient Records
By August, a breach had been discovered in a patient booking system known as SwiftQueue, which is widely used by several National Health Service facilities across the UK. The database in question contained patient information for nearly 1.2 million citizens, and to makes matters even worse, the attackers also claimed to have found additional vulnerabilities within SwiftQueue’s software and possessed of all 11 million records stored by the company. The breach comes just 2 months after the NHS fell victim to the WannaCry attacks that affected hundreds of industries around the world.
Equifax Sees Largest Data Breach to Date
In early September, Equifax announced that it had been compromised, leaving over 145 million Americans social security numbers and other highly sensitive information both vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page which, through simple HTML viewing, could show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number-equivalent, all stored in plain text.
Big Four Accounting Firm Breached
Using an administrative account without 2-factor authentication to gain access to their email system is the likely entry point for the September breach involving Deloitte, one of the world’s largest accounting firms. The attack appears to have only affected a limited number of the firm’s clients, though actual figures have remained quiet. In addition to the improperly managed client data, it was also revealed that the company’s entire email database, including administrative accounts, had been accessed by the attackers for an unknown amount of time. While the scale of this attack appears relatively small in comparison to Equifax, it should be known that Deloitte works with some of the largest organizations currently in operation and the sensitive nature of their information could be catastrophic if placed in the wrong hands.
Yahoo Breach Expands to All 3 Billion Users
In a mid-September statement, Yahoo announced that the initial breach that occurred in 2013 and took nearly 4 years of investigation, has impacted all the company’s 3 billion unique users. Along with this recent update, the company is still reeling from yet another data breach that happened in 2014, but pushes Yahoo into the podium as the largest data breach in current history. This update to the total affected users comes as little surprise, as the original breach left questions as to why some accounts were compromised quickly, while others remained untouched and showed no signs of malicious activity for several years.
IoT Takes Major Hit with Krack Attacks
To round off a high-profile year, a vulnerability was found within the Wi-Fi encryption currently in use by hundreds of millions of IoT devices around the world. The vulnerability has fortunately been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected ‘things’ due to the complexity and sheer quantity of devices that even one vendor can bring to market, let alone the dozens of vendors who are currently working with their partners to decide on the best methods for tackling this enormous vulnerability.
The WannaCry hit us because of the issues related to SMB updates – caused all kinds of Windows issues.
I’ve heard a lot about key logging tools being built into the drivers from vendors, although this has yet to become ‘breaking news’, it’s a good indication that IT is becoming more security orientated.
With all of these breaches, it doesn’t appear these large companies are doing anything to bolster their security. Equifax hacked? Let’s tell people to just freeze their credit, not fix the core issue that SSN and other verification is not designed for todays age and needs to be replaced with more secure measures.
All of these major security breaches that have occurred this year have only strengthened our company’s need to make sure we are secure. Especially in the type of business we’re in, its imperative that we are PCI compliant. Nothing seems to be safe 100% and it takes best practices and great vendors like Webroot to keep us secure.
Wannacry seems the biggest scramble this year. I don’t think many regular users grasped the potential of the massive data leaks – a much more invasive problem over the coming years.
Equifax. Even though I’m not USA based, it seems an outright scandal what power and neglect they seem to be getting away with. And the other credit agencies.
Excellent info.
WannaCry hurt my feelings this year, and I dont even have feelings 🙂
Always good to be up to date.
Excellent
Thanks to Webroot none of these were really an issue for my clients.
If I had been responsible for a breach of client data, I would have been sued, fined, etc. Equifax compromises my data and what do I get? A one (1) year free service to lock & monitor my account! Just doesn’t seem right.
Equifax and Wannacry are the scariest ones from 2017. All of these breaches reveal that the world is still not properly prepared to properly defend against attacks.
Some of these make me wonder how the business is still in business. Especially the ones that knew they were compromised and did not let their customers know.
Excellent info thanks for posting this information! Mobel attacks can be a really big problem! Safety on mobel devices is really needed. Webroot is very helpful.
What a year. GDPR next as well. going to be busy
Wannacry and equifax
I’m glad that my company wasn’t hit with any of these. It was a crazy year and I’m sure 2018 will be just as scary as this year.
I wish I could say the Yahoo breach surprised me, but given how far they have fallen it’s not too shocking
Wannacry was the thw worst for us this year. It was good to get the help we needed from Webroot support.
None of those affected my business and I hope that trend continues!
Sometimes my webroot and window defender gets turned off by a virus. How can I re-activate them? Lately, every time I seek help from Geek Squad I get message they are busy and I have to wait for hours to get help. Why can’t more techs be hired if more people are seeking GeekSquad help?
Harold, our highly-adept Technicians are based out of our H.Q. here in Broomfield, CO.
Please save & utilize their contact information when needed.
Support Number: 1-866-612-4227 M-F 7am−6pm MT
Send a Support Ticket
~JP~