The results are in and 2017 is already being called the worst year in terms of cyber scams. Where 2016 saw an influx of data breaches, 2017 saw a more experienced type of hacker take shape, one that was able to target networks with a sophistication never before seen.
From devastating malware bugs to Equifax’s complete lack of common sense, here’s a look at five of the biggest and most shocking cyber scams of 2017.
(*Note that this list includes events that may have occurred in previous years but were disclosed in 2017.)
5. The world catches the WannaCry bug
It was the attack that took the world by storm. Last May, the WannaCry ransomware infiltrated thousands of high-profile businesses around the globe, spreading through various networks and taking thousands of computers hostage in a matter of hours.
What made this attack so dangerous was the simple fact that it targeted and exposed a secret flaw in Windows software that was reportedly only known by the NSA. First infecting Britain’s National Health Service and quickly spreading to 98 other countries, WannaCry took networks hostage by commandeering the victim’s browser and demanding a paid ransom.
By using the NSA’s hacking tools against the public, the WannaCry bug took a considerable toll on businesses, forcing multiple hospitals in the UK to momentarily shut down. It also showed that security secrets might not be as safe and private as people think.
Microsoft quickly patched the bug (which only affected older Windows software), and the U.S. government was quick to blame North Korea, but no one stopped to reflect on just how insecure the world’s public networks really are.
4. Yahoo’s tight-lipped cover up
Ok, so technically this attack occurred in 2013, but it wasn’t until some four years later before Yahoo would go public with their findings. The report was bad. How bad? Try three billion exposed emails bad. In what has become the single biggest data breach of all time, the Yahoo hack is known as one of the worst cyber fiascos in history.
This example is particularly noteworthy due to Yahoo’s absolute blunder when it came to damage control. When the once-most popular email service had first learned of the hack, they initially decided to keep it a secret rather than alert their users. Perhaps worse, they issued differing statements—one in December 2016 that disclosed one billion compromised accounts and another less than a year later that changed that number to three billion… which adds up to every Yahoo account that was active at that time.
3. Uber, exposed
2017 wasn’t a good year for Uber, and examples like this show just how shady the company’s privacy practices have been. Turns out, the world’s largest ride-sharing service paid hackers $100,000 to cover up a damaging cyberattack that exposed the personal information of some 56 million users back in 2016.
Taking a page out of Yahoo’s failed playbook, Uber knew about the hack but kept it a secret for nearly a year. So when execs quietly published a detailed blog post on November 21, 2017— a whole year later—their lack of transparency didn’t go unnoticed.
The post states how hackers were able to steal names, driver’s license numbers, emails, and phone numbers from both Uber customers and employees. Naturally, privacy advocates were quick to display their outrage.
— Eric Geller (@ericgeller) November 21, 2017
But the story didn’t end there. The hackers who stole the information went to Uber and asked for a $100,000 ransom to keep the information secret. Uber agreed, but then went a step further and tracked down the hackers, asking them to sign a nondisclosure agreement. This information only came to light after co-founder Travis Kalanick stepped down and Uber’s new CEO, Dara Khosrowshahi, decided to go public with the findings.
2. Google’s giant Gmail scam
In May, Google’s ultra-secure Gmail service was the recipient of a highly sophisticated phishing scam. The attack, which sent targeted victims an email urging them to open a seemingly innocuous Google Doc, affected one billion computers and had both tech-savvy users and laymen alike scrambling for fear of possibly being hacked.
The malicious link looked authentic and even came with the Google seal of authenticity. Unfortunately, as soon as the link was clicked hackers were able to gain control of the victim’s browser while the virus replicated itself by sending similar emails to the user’s contacts.
What makes this case so scary is just how sophisticated it was. The hackers were able to infiltrate a user’s email address list and scroll through their past messages to copy the user’s syntax and tone of voice. They were even able to repurpose old subject lines and messages to make them look more authentic.
1. Equifax’s devastating data breach
As far as dangerous cyber crimes go, the Equifax breach tops the list. In September 2017, Equifax, which is one of the three largest credit reporting bureau in the U.S., reported that hackers successfully stole the personal information of nearly 143 million Americans. These weren’t just simple email accounts; the hackers were able to snatch social security numbers, birth dates, addresses, and more.
Here’s where things get particularly sticky. Unlike other cyberattacks, this one was completely preventable on two counts: first, the hackers were able to infiltrate Equifax’s network through a known security flaw that Equifax had been aware of for months but hadn’t bothered to patch. Second, Equifax’s web portal had some seriously paltry privacy settings. So, paltry, in fact—and you may want to take a deep breath before you read this—that the credit bureau’s web portal was secured by the worst username and password combination possible: admin/admin.
That’s right. The agency tasked to handle and store the most sensitive customer information in the world was protected by a default password and username. The company is currently under multiple investigations.
Looking toward the year ahead
So what does 2018 have in store? No one knows. One thing is for sure: cybercriminals are using the technology of tomorrow while our private information continues to be protected by yesterday’s security protocols.
Don’t trust big businesses to keep your info safe—protecting your privacy rests on your shoulders and your shoulders only. That means keeping your OS updated, changing your passwords often, and keeping your VPN on at all times.
Also published on Medium.