Every year cyber criminals devise new high profile and sophisticated attacks against organizations worldwide. 2017 is no exception: from complex ransomware attacks to large data breaches, it is obvious this year’s cyber-attacks have caused major damage. Below you will find the most prominent cyber security news so far and the lessons they’ve left behind.
LLOYDS BANK HIT WITH DDoS ATTACK FOR SEVERAL DAYS
Date: January 2017
Lloyds Bank, the largest lender in United Kingdom, started the year reminding people around the globe that cyber threats are real… and sometimes for no apparent reason. The bank became a victim of a DDoS attack that started on January 11 and ended Friday 13. During that time, hackers tried to crash the bank’s website, which caused outages on their personal banking websites. Many customers’ attempted to access their accounts but were unsuccessful, thankfully there were no economic losses.
CLOUDBLEED BUG EXPOSES SENSITIVE DATA OF MILLIONS
Date: February 2017
The internet company Cloudflare suffered a major security breach resulting in sensitive user information being leaked, including passwords, messages, cookies and more. Cloudfare managed to act fast after security researcher Tavis Ormandy identified the vulnerability, but it was not all good news – they also discovered that Cloudflare-backed websites have been leaking data since September 2016. The company’s clients like FitBit, Uber, and OKCupid use Cloudfare services to keep their user data safe.
1.5M DOWNLOADS OF INFECTED APPS
Date: March 2017
Credential stealers targeted Instagram users with malicious apps promising followers, likes and comments to users who would download them. Altogether, 13 malicious apps were discovered in the Google Play store which had already been installed by 1.5 million users. The users would download the malicious app, enter their personal information, and shortly thereafter received an “incorrect password” error, blocking them from logging back in, a result of the perpetrators changing their passwords and making their accounts inaccessible.
CYBER ATTACK SETS OFF 156 EMERGENCY ALARM SIRENS IN DALLAS
Date: April 2017
Hackers triggered emergency hurricane/tornado alarms in Dallas, Texas, causing unnecessary panic for hours among the city’s 1.3 million residents. All 156 sirens, usually used for severe weather warnings, were activated several times over 95 minutes in the early morning, which resulted in the 911 emergency system being flooded with phone calls by sleepy people worried it was an alert for something much worse, like a bomb threat.
WANNACRY RANSOMWARE STRIKES COMPANIES WORLWIDE
Date: May 2017
The ransomware attack infected more than 230,000 computers in over 150 countries. The cyber criminals seized control of the affected organizations computers and demanded $300 in bitcoin to unlock the information being held hostage. Cyence, a cyber security firm, estimated that the monetary impact from the hack that lasted 4 days was up to 4 billion USD due to businesses shutting down operations during the attack
PETYA “NOT A RANSOMWARE” ATTACK
Date: June 2017
Many believed Petya was a type of ransomware when the attack that started in Ukraine spread across the globe. The malicious software spread through the networks of hundreds of companies, including well-known food company Mondelez, and Danish shipping and transport firm Maersk, and demanded payment in order unlock the infected computers. Subsequent investigations demonstrated that the attack was intended to wipe information regardless if companies already paid the ransom.
How to be prepared for a cyber security threat going forward?
There is no way of knowing when an online threat will surface next but you can certainly take steps to proactively mitigate the risk of a potential attack.
Lesson 1: You snooze, you lose (data)
Proactivity is key; users should always be alert and continuously check for vulnerabilities in your system by keeping your antivirus software up to date, changing your passwords periodically and most importantly by backing up valuable data! Organizations should consider implementing services specializing in monitoring, detecting and mitigating cyber threats such as threatSMART.
Lesson 2: Don’t panic. Recover.
It’s impossible to control everything happens on the web, if you’re a victim of a cyber-attack there’s always ways to mitigate the negative impact. Keep calm, contact authorities and quickly implement your disaster recovery plan.
Subscribe to the weekly cyber digest to keep up to date with the latest news in the world of cybersecurity.