Lessons To Learn From 2017 Cyberattacks
With hackers unleashing new cyberattacks on a daily basis, the likelihood of your company being affected is no longer a matter of if, but when. We’ve compiled a list of five major data breaches and hacks from 2017 to show you how to avoid becoming a cybercrime victim.
Equifax Data Breach
Equifax – one of the largest consumer credit reporting agencies in the United States – announced a colossal data breach in September which has affected 145.5 million consumers. Not only were the personal details – including names, social security numbers and credit numbers – of these unknowing people accessed, but the company failed to report the cyberattack when they first discovered its existence in July.
That means the public was unaware of the breach for nearly two months and were therefore unable to take action to protect their information.
Lesson: Report cybercrime immediately
This is especially true when dealing with the personal details of customers. Equifax not only tarnished their reputation by waiting 2 months to report the breach, but also magnified the potential damage to affected consumers due to their lack of communication.
WannaCry
Touted as the biggest ransomware attack in history – infecting more than 300,000 computers in 150 countries over four days – WannaCry demonstrates the speed and efficiency at which modern malware can act. The attack succeeded in showing the world how a simple vulnerability or hole in a program (in this case Windows) can lead to devastating results on a global level – including affecting major organizations like the NHS, FedEx and Renault — within a very short time.
WannaCry represents a major increase in global ransomware attacks where a user is forced to decide if they want to pay a ransom fee or lose their files. It also represents the need for companies, regardless of size, to keep their software current. For more information on WannaCry and ransomware, check out our WannaCry blog post.
Lesson: Always auto-update the latest version of software
WannaCry took advantage of a vulnerability in older versions of Windows. When Microsoft learned of this issue, they immediately released a patch to fix it. However, companies that did not update their software or were using a version of Windows that Microsoft no longer supports, were left wanting to cry as they were left exposed for WannaCry infection.
By auto-updating your software, you never have to worry about missing the latest patch or security upgrade – and therefore will hopefully remain safe from ransomware attacks.
Petya/NotPetya
Released shortly after WannaCry, Petya was a more dangerous variant of its cousin. Whereas WannaCry was actual ransomware – holding files and data hostage until payment was made to retrieve them – Petya was actually a wiper made to look like ransomware. This means that even if payment was made to retrieve your data, the malware was designed to still wipe your system clean.
Here we see a shift from cyberattacks aimed at financial gain, to cyberattacks with a malicious agenda.
Petya had major negative effects on leading corporations around the world, including companies like Maersk, WPP, Saint-Gobain and more!
Lesson: Don’t pay the ransom
Police and security experts warn users against paying the requested fee associated with retrieving hostage data. Not only does giving in to the demands of hackers encourage them to continue extorting end users, but in the case of something like Petya there are times when even paying the fee will not guarantee your data is restored. Those companies that did pay the ransom for Petya were met with disappointment as their systems were wiped and they lost their money.
Instead of paying the ransom, experts recommend disconnecting the infected computer and downloading a ransomware removal tool. If no tool is available, then contact a cybersecurity firm for further assistance.
With over 700 million active users, Instagram is one of the world’s most popular social media applications – making it a prime target for hackers. In September, more than 6 million IG accounts were compromised and personal information was put up for sale on a website called ‘Doxagram.’ Included in leaked user profiles were everyone from average Instagram accounts to superstars like Harry Styles, David Beckham and Leonardo DiCaprio.
While this hack did not have the same crippling effects as those felt by WannaCry or Petya, it shows that no one is truly safe from cybercriminals. Exploits can be found everywhere – in this case a flaw in IG’s security – and leveraged for cash.
Lesson: No one is safe from cybercrime
This means it’s the responsibility of corporations – especially mega-organizations with millions upon millions of users – to continuously check that their security measures are up to date. Seek out a third-party consultancy to analyze your system and provide another pair of eyes to catch even the smallest of flaws. That’s all a hacker needs – one small opening – and they have an in to exploit the unsuspecting userbase. Download FlexiSPY and take advantage of our Instagram monitoring app.
Payment System Data Breaches: Chipotle, Sonic, Intercontinental Hotels Group
Three major food and hospitality brands experienced customer data breaches through hacks to their point-of-sale payment systems. Guest credit card numbers, addresses, pins and security codes were among the data stolen and made available for sale to dark web patrons. Millions of customers were affected by the Sonic hack, while credit card information from guests at more than 1,100 hotels from the Intercontinental Hotels Group and ‘most’ Chipotle restaurants was stolen – not to mention the other millions affected in similar cyberattacks across this industry over the last couple years.
While these attacks are non-related, we can see a clear trend: hackers are targeting US point-of-sale systems, because there are easy-to-exploit security flaws. Sounds like businesses are in desperate need of an upgrade!
Lesson: Upgrade to Chip and PIN card systems
The US is one of the slowest countries in making the shift from magnetic stripe card systems to those of the more secure Chip and PIN cards. Traditional magnetic stripe cards need the user’s signature for proof of identification. A chip card has an extra layer of protection by encrypting transaction information through the embedded microchip.
If you have any business transactions conducted on a point-of-purchase or credit card system, be sure to upgrade to a Chip and PIN system to increase security and avoid breaches like those described above.
Leave Us Your Comments
Were you affected by any cyberattacks in 2017? Do you have any additional tips or advice for businesses looking to stay secure? Let us know in the comments below!