A List of this Year’s Most Catastrophic Hacks

Every business owner must contemplate how to approach network security. This is especially true with the continuously-growing list of threats that face their organization’s network from simply being connected to the Internet. It may sound like an overstatement, but when considering what some huge corporations have dealt with very recently, it becomes evident that figuring out how to approach cybersecurity is one of the most vital considerations any business owner has to make.

Compiled below are some statistics that give these threats context, as well as a list of some of the most devastating hacks from the first half of 2018. Hopefully, these lists will put into perspective just how critical building a network security strategy is for your business. Some statistics to help reinforce just how important cybersecurity is:

• In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
• Nearly 1-in-3 organizations have encountered some sort of cyberattack in the past.
• Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
• 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
• 5.4 billion WannaCry attacks were blocked in 2017.
• The average monetary cost of a malware attack is $2.4 million.
• The average time cost of a malware is 50 days.
• Ransomware cost organization’s over $5 billion in 2017.
• 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
• Phone numbers are the most leaked information.
• 21 percent of files are completely unprotected.
• 41 percent of companies have over 1,000 sensitive files left unprotected.
• Ransomware is growing at 350 percent annually.
• IoT-based attacks are growing at about 500 percent per year.
• Ransomware attacks are expected to quadruple by 2020.
• 7.7 percent of web requests lead to malware.
• There were 54 percent more types of malware in 2017 than there were in 2016.
• The cybersecurity market will be worth over $1 trillion by 2025.

If that isn’t horrific enough, below are some of the attacks that occurred this year. They're split into public (individuals, governments, etc.), and private (businesses). Keep in mind all these events took place before the calendar turned to July:

Public
January

• The Department of Homeland Security was affected by a data breach that revealed information about 247,167 current and former employees.

March

• Atlanta, Georgia was targeted by a ransomware attack called SamSam. This resulted in an enormous problem for their municipal infrastructure. The ransom price given was $51,000, but Atlanta’s leadership refused to meet these demands. Overall, the numbers show that Atlanta has spent more than 10 times that number in the fallout of the attack. Some estimates place the actual cost of this event at nearly $20 million.
• India’s national ID database, Aadhaar, leaked data of over a billion people; this is one of the largest data breaches in history. A user could pay 500 rupees, equal to about $7, to get the login credentials that allowed anyone to enter a person’s 12-digit code for their personal information. For 300 rupees, or about $4.20, users could also access software that could print an ID card for anyone associated with the database.
• Cambridge Analytica, a data analytics company that U.S. President Donald Trump utilized to help his campaign, harvested personal information from over 50 million Facebook users without asking for their permission. Facebook hasn’t called this a data breach, but Cambridge Analytica has since been banned from using the service thanks to this event.

June

• A hack of a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials. This also revealed which police departments aren’t able to respond to an active shooter situation.

Private
January

• 280,000 Medicaid records were revealed when a hacker attacked the Oklahoma State University Center for Health Sciences. Among the information exposed were patient names, provider names, and full names for affected individuals.

February

• An unsecured server owned by Bongo International, a company acquired by FedEx, leaked over a hundred-thousand files of FedEx customers. Some of the information leaked included names, drivers’ licenses, national ID cards, voting cards, and utility bills.

March

• Orbitz, a travel booking site, suffered thanks to a security vulnerability that exposed 880,000 customers’ payment card information. There was also about two whole years of customer data stolen from their server.
• French news site L’Express left a database that wasn’t password-protected up for weeks, despite being warned about the security issues regarding this.
• 134,512 records regarding patients and financial records at the St. Peter’s Surgery and Endoscopy Center in Albany, NY were accessed by hackers.
• MyFitnessPal, an application used by Under Armor, exposed about 150 million people’s personal information to threats.
• The WannaCry ransomware claimed another victim in Boeing, which stated that “a few machines” were protected by Microsoft’s 2017 patch.

May

• Thanks to Twitter storing user passwords in a plaintext file that may have been exposed by internal company staff, the social media titan had to force hundreds of millions of users to change their password.
• An unauthenticated API found on T-Mobile’s website exposed the personal information of all their customers simply through the use of their cell phone number. The following information was made available: full name, address, account numbers, and tax IDs.
• A bug discovered in Atlassian development software titles Jira and Confluence paved the way for hackers to sneak into IT infrastructure of several companies and one U.S. government agency.
• Rail Europe, a popular server used by American travelers to acquire rail tickets, experienced a three-month data breach that exposed credit card information to hackers.

June

• Exactis, a marketing company, had 340 million records stolen from it, but what’s most shocking about this is that they had accumulated information about nearly every American out there. There was a class action lawsuit made against the company in response to the breach.
• Adidas’s website was hacked, resulting in a loss of a few million users’ personal and credit card information.
• A hacker collective called Magecart created a campaign to skim at least 800 e-commerce sites, including Ticketmaster, for sensitive information.

These lists are meant to be a reminder about just how bad it can get for a organization if they aren’t diligently approaching their network’s security. If your business needs help avoiding the pitfalls that would make them just another statistic, reach out to the professional technicians at Macro Systems. We can help you put in motion a security strategy that will work to mitigate threats and keep you off lists like this one. Call us today at 703-359-9211.