As far as crazy years go, 2017 proved to be absolutely bananas for a variety of reasons.
The things that happened in the field of cybersecurity represent many of those reasons.
Hackers negatively impacted institutions of all sorts around the globe.
All the while they also affected the billions of people who trusted these institutions with their sensitive data.
How did they do it?
Well, the usual stuff.
Hackers breached, exploited insecure databases and carried out critical infrastructure attacks almost every month of the year.
They also leaked information at an unprecedented scale.
Our list here will include some of the worst hackers that the media disclosed in the year 2017.
With that said, readers should note that many of the attacks actually took place much earlier.
But the “affected” parties hid them all.
Until the year 2017, that is.
And speaking of cyber attacks, one knows that 2017 represents one heck of a bad year when a company as big as Yahoo reveals that it managed to leak information belonging to around three billion accounts but it still didn’t make it to the number one spot as the clear-cut winner of the worst hacks in 2017.
In other words, hackers have set an unrelenting pace throughout the past year.
But media outlets will continue to forge on.
And here is Security Gladiator’s official look back at some of the biggest cyber hacks in the year 2017.
Triton And Crash Override
Hackers like to target critical internet infrastructure.
Everybody knows that.
Security doomsayers have worked really hard to relay the potential dangers and warnings that these critical infrastructures pose as hackers try to take them down.
This is where the Stuxnet worm comes in.
The internet first discovered this malware in 2010.
At the time, security experts considered Stuxnet worm as the only known malware code that hackers had built specifically to target all kinds of industrial equipment.
Stuxnet worm could also damage industrial equipment physically.
That changed a bit in 2017.
Multiple security groups put their researchers together in a room.
And they came up, that is published, their findings on around two of such known digital weapons.
The first one of these digital weapons came in the form of Crash Override.
It was a grid-hacking tool.
Security firms such as Dragos Inc and ESET first revealed this digital weapon.
Hackers used this digital weapon to target Ukrenergo, a Ukrainian electric utility.
After using it, they managed to cause a huge blackout in Kiev.
That happened towards the end of the year 2016.
Next up we had Dragos and FireEye, both security firms, discovering another suit of malware.
They called this piece of malware as Triton.
Triton followed other malware code like Crash Override closely behind.
And just like Crash Override, Triton targeted and damaged industrial control systems.
Security researchers have also found out that Triton and Crash Override don’t have a connection between them.
With that said, experts say that they both use similar conceptual elements.
And these elements speak to the specific traits that are absolutely critical when it comes to cyber infrastructure attacks.
Both malware codes infiltrate important and complex targets.
Hackers can potentially rework these malware codes to launch other operations as well.
Security researchers have also found out that both these malware codes include elements which can enable hackers to automate them.
In other words, hackers can simply put the attack in motion.
Then, the attack (with its automation properties) would play out well and truly on its own.
Hackers have very specific aims when they try to carry out cyber attacks.
But in using these two digital weapons, security researchers have found out, they didn’t only want to degrade infrastructure.
They also wanted to target the installed safety mechanisms along with the fail-safes that companies usually use to harden their systems against all sorts of cyber attacks.
Among the two digital weapons, Triton has the capability to target equipment that is used across several industrial sectors.
These industrial sectors include the likes of,
- Oil and gas
- Nuclear energy
Though, everyone needs to understand that not every single electric grid intrusion along with infrastructure probe should cause panic.
Of course, hackers who come up with more malicious and sophisticated attacks do have something that affected industries should take notice of.
And now we come to the unfortunate part:
Hackers have become very skilled at coming up with more concrete and sophisticated industrial control attacks.
And Triton along with Cash Override illustrate that reality almost perfectly.
A security researcher at ESET, Robert Lipovsky, talked to the WIRED magazine back in June last year.
He said that the potential impact of these cyber attacks was huge.
Moreover, he said, that the industry should take these attacks as a wakeup call.
If they don’t, then hackers could seriously damage some more critical internet infrastructure and hurt even more industries.
The Equifax hack was probably the worst hack in 2017.
It was really that bad.
Equifax, a credit monitoring firm, disclosed that hackers had managed to cause a massive breach.
They did so at the beginning of last year’s September.
The hack exposed the personal information that belonged to more than 145.5 million users.
That personal information includes details such as,
- Birth dates
- Driver license numbers
- Credit card numbers of more than 209,000 users
- Social security numbers
What do these numbers really mean?
According to most media reports, the Equifax hack potentially exposed almost half of the US population.
In other words, Equifax let hackers expose their crucial secret identifier.
There is no doubt about the fact that the information Equifax had to cough up to hackers was very sensitive.
That is the reason why security experts now consider the Equifax hack the worst corporate online data breach of all time.
Of course, another hack might as well come along and even surpass Equifax.
The worst part about the Equifax hack is that the company completely and comprehensively mishandled its official public disclosure.
And it also made a mess of the response it received as a result of the disclosure.
Needless to say, Equifax suffered a pretty horrible aftermath.
Security experts also found out that the site which Equifax had set up for the hack’s victims itself had major vulnerabilities.
In other words, hackers could have compromised the “help” site as well.
Moreover, the Equifax “help” site asked victims for the actual last six digits of their original Social Security numbers.
The company used those six digits to confirm if the breach had impacted those victims.
Moreover, Equifax also made the mistake of making its breach response site a standalone website.
Equifax would have handled the situation much better if it had included the response site as a part of the company’s main corporate website and/or domain.
How is that bad?
Well, since Equifax didn’t include the response site with its corporate website, it gave hackers the opportunity to set up imposter sites.
That mistake also lead to a number of aggressive online phishing attempts.
Hang around, it gets even worse.
Equifax made the horrendous mistake of mistakenly tweeting a single phishing link around four times via the company’s official Twitter account.
Fortunately enough, the case of the phishing link, security experts found the page to be just a proof-of-concept online research page rather than anything else.
Since the breach, observers have actually noticed the many indications that the company, Equifax, indeed had a tendency to have dangerously lax security procedures and a general lack of security culture in place.
Richard Smith, the former CEO of Equifax, told the US Congress last October that he generally met with the company’s IT and security representatives around once every four months.
He used those quarterly meetings to review the company’s existing security posture.
Security researchers also found the hackers gained access to the company’s systems via a breach that made use of a well-known web framework vulnerability.
Moreover, this vulnerability had a patch ready for download before the attack took place.
Add to that, Equifax employees used a digital platform in Argentina that had the protection of ultra-guessable credentials.
They used the username “admin” and password “admin”.
That is a remarkable rookie mistake.
Equifax didn’t see anything good coming out of the data breach.
But the breach may have hit the company so bad that it may have finally woken up to the dangers of the online world.
The co-founder of Casaba Security, a penetration and security testing firm, Jason Glassberg recently said that he hoped that the Equifax hack really became the watershed moment.
He also said that the Equifax hack should open up everyone’s eyes.
While talking to the WIRED magazine towards the end of September last year he said that the Equifax data breach showed him how astonishingly ridiculous was everything that Equifax did.
Hackers got to Yahoo as well.
The company disclosed to the public back in September of 2016 that the company had suffered a massive data breach back in late 2014 which impacted more than 500 million of its accounts.
But that’s nothing.
After the initial September 2016 disclosure, the company said in December 2016 that hackers had compromised user data belonging to a billion of Yahoo users.
This data breach took place in a separate attack around August of 2013, the company said.
No one needs to tell anyone how big a number is one billion.
These are truly staggering numbers.
But even a billion could provide no competition to the updated numbers that Yahoo released back in October of 2017.
The company disclosed that the latest breach, which occurred in August of 2013, actually compromised all of the companies user accounts.
In other words, all the accounts that users had made with Yahoo at the time.
So exactly how many accounts did the hackers compromise?
According to Yahoo, three billion in totality.
That is one heck of a correction from Yahoo.
To its credit, the company did start to take security steps in order to protect the company’s users.
The company initiated a program in December 2016 which involved Yahoo resetting user passwords along with unencrypted security questions.
As a result of these actions, Yahoo avoided a complete frenzy which could have occurred because of the revelations.
That shouldn’t lead us away from the fact that three billion accounts are a lot of accounts.
Who are the Shadow Brokers?
They are a hacking group.
The first made their appearance on the internet back in August of 2016.
And subsequently published a neat simple of their spy tools.
The hacker group claimed that they stole it from the very elite National Security Agency, NSA, Equation Group.
What is the NSA Equation Group?
It was a hacking operation that was carried out by the NSA as a part of its international espionage campaign.
Not intense enough?
Well, hackers did notch it up a bit when in April 2017 the group decided to release a real trove of National Security Agency tools.
Those spy tools included individual tools such as EternalBlue, a Windows exploit.
What does that tool do?
Well, Eternal Blue actually takes advantage of a very rare vulnerability that exists in virtually each and every copy of Microsoft Windows operating systems.
That is, until Microsoft managed to release an official patch for it at the request of the NSA back in March of the same year.
The NSA made the request just before the hacker group, Shadow Brokers, made the Windows vulnerability tool EternalBlue public.
Let’s talk a bit more about the vulnerability.
This vulnerability resided in all Microsoft Server Message Block file-sharing protocols.
Moreover, security experts now believe that this tool formed the workhorse of the NSA’s hacking arsenal.
Because the majority of the computers connected to the internet used Windows operating systems and that made all of them vulnerable to EternalBlue.
Now, even though the NSA requested for a patch and Microsoft did come up with the required patch, apparently the word did not reach large corporations.
Large enterprise networks, as we all know, are always very slow to install any kind of updates.
And this enabled bad actors to make use of EternalBlue and launch some really crippling ransomware attacks.
One of those ransomware attacks came in the form of WannaCry.
Hackers also launched several other digital assaults as a result of the EternalBlue vulnerability.
The Shadow Brokers did the security community a service in the sense that their attacks and revelations rekindled the very relevant debate over national intelligence agencies keeping a hold on the knowledge of many widespread vulnerabilities.
Moreover, it also showed that these intelligence agencies knew how to exploit these vulnerabilities.
Later, in November, the Trump administration came out and announced that it had actually revised the Vulnerability Equities Process.
Moreover, the administration also announced that it would publish more information about the whole process.
Readers who don’t know, the existing intelligence community makes use of this framework in order to determine the kind of bugs they should look out for and keep in order to launch espionage operations.
Intelligence agencies also use the Vulnerability Equities Process to decide which vulnerabilities they should disclose to various vendors so that they can patch those vulnerabilities.
And that’s not all.
Intelligence agencies use the same process to decide when they want to disclose spying tools that they have used for quite a while.
In the case of ransomware attacks such as WannaCry, it is clear that intelligence agencies left it too late to inform vendors about the vulnerability.
And the patch.