According to CISCO 2018 annual cybersecurity report, Indian companies lost approximately USD 50000 in various cyber attacks in 2017. Almost 50 percent of attacks resulted in financial damages for the companies.
It is not a surprise that cybersecurity and data security have become a necessity more than ever before. A few years back, spending on cyber security was the last priority for Indian companies. However, today it has become the top priority and the chief security officer (CSO) plays one of the most crucial roles in the company. The role of the CSO becomes even more critical as it is predicted that by 2021, the annual damage caused due to cyber crimes would sum up to around USD 6 trillion.
As we approach IDG Security Day on June 21, here is a glance at the major hacks, threats and ransomware attacks that shook the industry last year. Also know how these attacks made cybersecurity the top priority for most enterprises across verticals.
In May 2017, a ransomware named WannaCry spread like wildfire across the world. The ransomware took advantage of EternalBlue, a Microsoft Windows security vulnerability. It was leaked by ‘Shadow Brokers’, the hacker group, in April 2017. The ransomware affected hundreds of thousands of targets which included both public utilities and large corporations. WannaCry had earned more than USD 143,000 in approximately 312 payments through bitcoins.
As the world was still recovering from the WannaCry attacks, it was soon hit by another ransomware called NotPetya. This malware also masqueraded as ransomware and it used two remote code execution vulnerabilities ‘EternalBlue,’ and ‘EternalRomance’. It was also leaked by Shadow Brokers, and other vectors involving credential harvesting. However, cybersecurity experts believed that NotPetya was mainly targeted in Ukraine. It was deployed through software update systems for a tax software package used by more than 80 percent of companies in the Ukraine, and installed on more than one million computers.
Equifax data breach
Towards the end of July 2017, Equifax, one of the largest credit bureaus in the U.S., declared that an application vulnerability on one of their websites led to a data breach that exposed around 143 million consumers. By March 1 of 2018, the final tally came up to 147.9 million consumers. Those responsible for the data breach accessed records containing social security numbers, birth dates, addresses, and in some cases driver's license numbers. Along with this 209,000 consumers credit card data were also exposed. Due to the sheer amount of sensitive data it exposed, it was considered as one of the worst breaches of all time.
In October last year, Yahoo’s parent company, Verizon revealed that all the Yahoo accounts were hacked in 2013. This meant that three billion accounts of Yahoo were hacked. The hack had exposed sensitive user account information such as user name, email address, hashed passwords, birthdays, phone numbers, and encrypted or unencrypted security questions and answers. The company claimed that the passwords in clear text were not stolen. Yahoo claimed that the 2014 breach was carried out by a state sponsored actor. While the company did not disclose any names, it was believed due to similarities in attack that China or Russia could be behind the hack. However, on March 15, 2017, the FBI officially charged four men for the 2014 breach. Two among them work for Russia's Federal Security Service (FSB).
In January 2018, the nation went into a tizzy within hours after a Tribune correspondent revealed how Aadhaar data on the Unique Identification Authority of India (UIDAI) database could be accessed by unauthorized agents. It revealed the absolute lack of security measures to guard citizen information. The additional director-general of UIDAI even accepted that it was a “major national security breach”. According to the Tribune report, one could access/ buy personal information of citizens within 10 minutes at a cost of Rs 500. This included names, addresses, postal codes, phone numbers, email IDs, and photographs of nearly 1.2 billion Aadhaar accounts. This was just one of many ongoing Aadhaar cases. However, UIDAI CEO claimed that it was never hacked.