WatchPoint Security Blog

2017 Cybersecurity in Review

Written by Jordan Kadlec | January 03, 2018

 

 Despite increased warnings to companies large and small, 2017 proved to be a massive year for cybercriminals. Several data breaches and ransomware attacks made headlines as they affected major companies. Here are the largest data breaches and ransomware attacks in 2017 and what they can teach your business, regardless of size, about network security.

Equifax Data Breach

Equifax, one of the largest providers of consumer credit reporting and other financial services in the United States, suffered a data breach where attackers made off with highly sensitive data of over 143 million users.

Cybercriminals stole names, Social Security numbers, birth dates, addresses, and driver’s license numbers along with gaining access to over 200,000 credit card numbers and dispute documents containing personally identifiable information on another 182,000 users.

After the initial story was released, more and more information became available about the attack. In early March, Equifax was alerted about the Apache Struts vulnerability. The company failed to act and apply the available patch which resulted in the attack that exploited the vulnerability in the middle of May. By the time the breach was discovered in late July, hackers had accessed dozens of databases and created over 30 backdoors into Equifax’s systems.

If you believe your information may have been stolen during the attack and haven’t taken the necessary steps to protect yourself, click here to learn how to do so.

Uber Data Breach

In late November, Uber’s CEO revealed that the company failed to disclose a massive data breach that occurred in October 2016. Hackers gained access to a server containing information for more than 57 million drivers and riders. Uber ended up paying the $100,000 ransom for the hackers to delete their copy of the data.

Perhaps the biggest takeaway from the Uber data breach is the cover-up that occurred within the company. While any data breach will hurt a company’s reputation, hiding the breach will cause even more damage. Over the last month since the data breach, lawsuits have started raining down on Uber from attorneys all across the United States. For this reason, it’s extremely important to know the data breach notification laws and rules that apply at local, state, and federal levels as well as those that apply to your industry.

Yahoo! Data Breach

Undoubtedly the biggest data breach of the year occurred at Yahoo. While it became known to the public in 2017, the breaches actually occurred in 2013. The breach affected every single user who had an account in 2013 – 3 BILLION accounts in total. When the news first came to light in December of 2016, the initial number was one billion which, at the time, was also the largest data breach to-date.

The three breaches mentioned above are only the biggest that occurred or were reported in 2017. However, according to Wombat Security, more than 1,100 data breaches occurred throughout the year. Read about other large data breaches here.

WannaCry Ransomware

The WannaCry ransomware outbreak that occurred in May was dubbed by many as the worst ransomware attack ever; infecting more than 300,000 users just four days. WannaCry differentiated itself from other strains of ransomware in it contained worm tactics. Once the ransomware infected a machine, it scanned connected LANs and WANs to find and attack other vulnerable hosts. What allowed WannaCry to do this is EternalBlue which came from the cache of cyber weapons stolen from the National Security Administration (NSA) that were released to the public in April.

EternalBlue is an exploit for Windows Server Message Block, a legacy network file-sharing protocol present in every version of Windows released in the last 15 years. While Microsoft issued a patch for the vulnerability in the middle of March, every Windows system that had not been patched was vulnerable to being infected.

EternalBlue made another appearance in the Petya and NotPetya ransomware strains that were deployed in June but were much less effective.

2017 Ransomware Statistics

Symantec recently released their 2017 ransomware statistics. The most common theme: ransomware is here to stay. In fact, ransomware strains and attacks are only going to continue to increase.

  • There were over 100 new families of ransomware discovered in 2017. This doesn’t include newer versions of preexisting families that have adapted to security measures that have been put into place.
  • Ransomware messages were up 6,000% in 2017. The number of emails infected by ransomware increased 6,000 percent over 2016.
  • Email phishing is the number one distributor of ransomware. It’s no surprise that email is the chosen attack vector from cyber criminals as messages saw an astronomical increase. Ransomware is most commonly embedded into attachments in emails.
  • The United States is the largest ransomware target. The United States accounts for over 40% of infections worldwide.
  • Cerber generated over $2.3 million in ransoms this year. While WannaCry grabbed the biggest headline in 2017, Cerber remains the leader in number of infections. In fact, Cerber accounted for over 44% of all ransomware attacks in 2017. It’s projected that the ransomware will remain on top of the throne in 2018.

How to Protect Yourself from Ransomware Attacks

CryptoStopper, developed by WatchPoint, is a proven ransomware detection software that stops actively running ransomware infections on Windows workstations and servers. CryptoStopper uses deception technology to detect and stop ransomware in its tracks. During the installation process, decoy files called Watcher Files are strategically deployed. When the ransomware encryption process begins, CryptoStopper detects it in real time. With an average detection to isolation time of 9 seconds, CryptoStopper will save your company from becoming the next major victim of ransomware. To learn more, click here or contact one of our cybersecurity experts.