After the trick or treating and pumpkin carving of Halloween last week, I thought we’d continue with the spooky theme and look back at the scariest security incidents of 2017. This year has been a busy one for the cybersecurity industry, with large-scale ransomware attacks such as WannaCry and NotPetya hitting the headlines, as well as the reputation-damaging Equifax breach. Below is a summary of what we believe to be the five scariest security incidents of the year so far.
Number 5 – Macron Campaign Hack
In the lead up to the French election in May of this year, Emmanuel Macron was the victim of a coordinated hacking operation suspected to have been organised by Russian hacking group, Fancy Bear. Tens of thousands of internal emails and other documents, some false, were released online after the deadline to halt campaigning had passed. Macron’s En Marche! Team said it was a clear attempt to destabilise the election. Following this, on the 31st July WikiLeaks published over 70,000 hacked emails, out of which 21,075 carried signatures of individuals and addresses associated with Emmanuel Macron’s presidential campaign team. Ken Spinner, VP of Global Field Engineering at Varonis shared insight into how cyber security has become a focal point of any major election in a wider piece by TEISS.
Number 4 – Verizon
In July of this year telecommunications provider Verizon suffered a data breach leading to the data of at least 14 million subscribers, including phone numbers and account PINs, being exposed. A third-party vendor, Israeli technology company NICE systems, left these sensitive users’ details open on a server. The exposed data contained records of customers who had called Verizon’s customer services between January and June 2017.
Number 3 – NotPetya
One of two ransomware attacks of the summer 2017, NotPetya, originated in the Ukraine, later spreading to Spain, France, and the US. Originally believed to be the year-old Petya ransomware, security researchers, were quick to point out its differences, resulting in it becoming known as NotPetya. For a concise summary of how the attack unfolded read this insightful article from Allan Liska, Intelligence Architect at Recorded Future, which outlines how the cyber attack unfolded, and what the initial perceptions were vs. what was later discovered.
Scarily, the developers of the NotPetya ransomware did not build a “kill switch”. However, Cybereason’s Amit Serper discovered that by locating the C:\Windows\folder and creating a file named ‘perfc’, users could kill the application before it began encrypting files, and causing the spread of this ransomware to grind to halt.
Number 2 – Equifax
Reputation wise, the scariest data breach of 2017 has to be the one suffered by Equifax in September. Despite becoming aware of the hack on 29th July, it wasn’t until the 15th of September that Equifax admitted to the public that it had suffered a data breach affecting 143 million US customers, as well as hitting 400,000 of its British customer base. More recently, however, Equifax has admitted that a file containing 15.2 million UK records dated between 2011 and 2016 were exposed.
Number 1 – WannaCry
On Friday 12th May 2017, Britain’s National Health Service suffered a life-threatening ransomware attack, previously hitting the likes of Telefόnica, as well as computers across Russia and the Ukraine. The infamous WannaCry attack was a so-called ransomware also known as Wanna Decryptor or WCRY.
Two weeks ago the famous WannaCry ransomware attack on the NHS was in the news again, this time pointing out that the NHS could in fact have prevented it. According to the National Audit Office, when WannaCry hit in May, NHS trusts were left vulnerable because cybersecurity recommendations were not followed. It is times like this when the only comment we expect from the cybersecurity industry is we told you so.