From Vault 7 to WannaCry to Equifax, we’ve seen seemingly countless security incidents in the last year that have left sensitive data exposed. Malicious hackers have found new ways to compromise classified systems and information, and naïve users continue to put organizations at risk. As we wrap up 2017, it’s important for companies reflect on the previous mistakes made across the industry, and adjust their processes to mitigate any potential threats in the new year.
Here's a look back at the top 5 cybersecurity events that have unfolded over the previous 12 months.
In March of 2017, documents leaked out via Wikileaks that unveiled techniques the CIA had been collecting for use in cyber warfare. These documents outlined how the agency had capabilities to exploit automobiles, IoT devices, personal computers, smart phones, and more. The leak was attributed to an unknown insider, and it is believed that collection came out from contractors the agency hired. Many subsequent attacks seen throughout the rest of 2017 spawned from this leaked stockpile of vulnerabilities.
The Shadow Brokers is an underground group of hackers that appeared on the scene in August of 2016. Little is known about the origins of the group, but they are notorious for publishing several zero-day exploits. They are most notably the leak of the exploit EternalBlue. This leak led to the WannaCry Ransomware attacks and, later on in the year, the Petya attack. The group also started monthly subscription service that promised other NSA built hacking tools for the price of $64,000 a month.
In May of 2017, WannaCry was top of mind for security and IT professionals across the globe. Many organizations were affected by the notorious red screen stating that all files are had been encrypted. WannaCry is a ransomware cryptoworm that targeted Windows computers by using an exploit known as EternalBlue. This was an exploit in the SMB protocol that was released via the shadow brokers from the Vault 7 leak. WannaCry encrypted all user data on a system and then demanded payment, bitcoin, to decrypt the data as seen in the image above. Even scarier, WannaCry spread like wildfire. In one day it was reported to have infected more than 230,000 computers in more than 150 countries.
In May of 2017, Equifax suffered a massive breach in which 143 million Americans' information was put at risk. This hit occurred from a vulnerability in Apache Struts, a java web application framework. The vulnerability is identified as CVE-2017-5638, and enables hackers to execute remote code on systems leveraging Apache Struts. The breach shows the importance of patching systems; however, patching is much easier said than done in big corporations. Nonetheless, Equifax has been widely criticized for the patching gap and for taking too long to report the incident, once discovered.
Late in the year, Yahoo announced more than a billion of its users' accounts had been compromised in an August 2013 breach. According to sources, the 2013 breach investigation concluded that an unauthorized outside party stole data about users of the site such as usernames, passwords, and secret questions. This breach is regarded as the largest breach on record in terms of number of people affected. Yahoo has since taken the proper precautions to reset account passwords and we hope this record for size of breach isn't broken in 2018.
Want to learn more about preventing insider threats and data loss in 2018? Check out our getting started guide.
Subscribe to the Proofpoint Blog