BNMC Blog

Cybersecurity Roundup for the First Half of 2018

Cybersecurity Roundup for the First Half of 2018

Each day tens of thousands of people from all over the world are hacked. Not just sent run-of-the-mill phishing emails, but legitimately hacked. This has made the cybersecurity industry grow at a rate only surpassed by the Internet of Things (which ironically may be one of the largest threats to cybersecurity in the world). We thought it would be good to go over some of the largest cybercrimes of the first half of 2018, and some telling statistics that will give you an idea of what exactly you are up against.

In trying to establish what were the most devastating hacks, we’ve combed through this year’s records and have decided to break it down by public and private hacks. Public hacks have to do with individuals and municipalities, while private hacks are the ones that infiltrate businesses and make available thousands and millions of records for sale. Without further ado, here are the biggest hacks so far in 2018:

Private
January

  • 280,000 Medicaid records were exposed when a hacker broke into Oklahoma State University Center for Health Sciences. Patient names and provider names of these individuals were exposed.

February

  • FedEx had customer records leaked after an unsecured server owned by a company acquired by FedEx, Bongo International, was hacked. Over a hundred thousand files, including names, drivers’ licenses, national ID cards, voting cards, and utility bills were exposed.

March

  • Travel booking site, Orbitz, had a security vulnerability that resulted in upward of 880,000 customers’ payment card information, or about two whole years of customer data, taken off their server.
  • French news site L’Express exposed reader data by leaving a database up for weeks without a password needed for access. After being warned, the Paris-based periodical left the database exposed for weeks.
  • Hackers gained access to 134,512 patient and financial records after a malware attack at St. Peter’s Surgery and Endoscopy Center in Albany, NY.
  • Under Armor, one of the largest sports apparel brands in the world, had their mobile application, MyFitnessPal, hacked, exposing around 150 million people’s personal information.
  • Aerospace giant Boeing was hit by the WannaCry ransomware that affected “a few machines” that weren’t protected with Microsoft’s 2017 patch.

May

  • Twitter forced its hundreds of millions of users to change their passwords after admitting that, at one time, user passwords were stored in plaintext, and may have been exposed to internal company staff.
  • An unauthenticated API found on T-Mobile’s website exposed the personal information of all of their customers, by simply using their cell phone number. Information that was available included full name, address, account numbers, and in some cases, tax IDs.
  • A bug found in Atlassian development software titles Jira and Confluence allowed hackers to infiltrate the IT infrastructures of several companies and one U.S. government agency.
  • The predominant way for American travelers to secure European rail tickets, Rail Europe, had a three-month breach of credit cards. It’s thought that thousands of users’ credit card information was taken in the breach.

June

  • Around 340 million records were stolen from marketing company Exactis. It may be amazing to you that a company that you have never heard of leaked what amounts to the personal information of nearly every American. The company, which aggregates and compiles business and consumer data, has been hit with a class action lawsuit in response to the breach.
  • Apparel giant Adidas had their website hacked, resulting in the loss of a few million people’s personal and credit card information.
  • At least 800 e-commerce sites, including Ticketmaster, had consumer card information skimmed in a huge campaign by a hacker collective named Magecart. Targeting third-party developers, they are able to alter code and syphon off the information they wanted.

Public
January

  • Department of Homeland Security was affected by a data breach that exposed 247,167 current and former employees and other individuals.

March

  • The City of Atlanta, Georgia was hit with a ransomware attack, dubbed SamSam, that caused a massive problem for their municipal infrastructure. Hackers asked for $51,000 to release the encrypted files, a number Atlanta’s leaders were unwilling to meet. It has subsequently cost the city more than 10x that. In fact, as of early June, there were still some parts of the city that were using analog or manual systems. Some experts believe that the total cost to taxpayers will be nearly $20 million.
  • India’s national ID database, Aadhaar, leaked data on over a billion people. In one of the largest-known breaches in history, a user could pay 500 rupees ($7) and get the login credentials that allowed anyone to enter a person’s 12-digit code and get their personal information. An additional 300 rupees ($4.20) gave users access to software through which anyone could print an ID card for any Aadhaar number.
  • It came to the forefront that Cambridge Analytica, the data analytics company that U.S. President Donald Trump used to help his campaign had harvested personal information from over 50 million Facebook users without their permission. While Facebook denied this was a “data breach”, Cambridge Analytica was banned from the service over the ordeal.

June

  • A major hack at a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials, while also exposing that many police departments are ill equipped or unable to respond to an active shooter situation.

These are just the most major of the hacks of 2018. There is still major fallout from 2017’s major breaches, including the Friendfinder hack that exposed 412 million user accounts and the Equifax data breach that affected 148 million people. In fact, even though the hacks referenced above cover a lot of ground, hundreds of organizations have their cybersecurity compromised each day. According to billionaire investor Warren Buffet, there is reasonable evidence that there could be a major cyberattack that could cost insurers tens of billions of dollars. The statistics back this up:

  • In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
  • Nearly 1-in-3 organizations have experienced some sort of cyberattack in the past.
  • Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
  • 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
  • 5.4 billion WannaCry attacks were blocked in 2017.
  • The average monetary cost of a malware attack for a business is $2.4 million.
  • The average time cost of a malware attack for a business is 50 days.
  • Ransomware cost organizations over $5 billion in 2017.
  • 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
  • Phone numbers are the most leaked information.
  • 21 percent of files are completely unprotected.
  • 41 percent of companies have over 1,000 sensitive files left unprotected.
  • Ransomware is growing at 350 percent annually.
  • IoT-based attacks are growing at about 500 percent per year.
  • Ransomware attacks are expected to quadruple by 2020.
  • 7.7 percent of web requests lead to malware.
  • There were 54 percent more types of malware in 2017 than there were in 2016.
  • The cybersecurity market will be worth over $1 trillion by 2025.

Cybersecurity risk is high, and it’s just getting more and more risky. By assessing your company’s cybersecurity health the IT professionals at BNMC can put you with the solutions and services needed to keep threats at bay. If you are looking to improve your cyber security, or if you would like to know how to, contact us today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, September 18 2019

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Cloud Email User Tips Privacy Computer Microsoft Malware Network Security Google Software Hackers Productivity Hosted Solutions Business Data Communication Hardware Tech Term Small Business Ransomware Mobile Devices Internet IT Services Efficiency Cloud Computing IT Support Smartphone Data Recovery Workplace Tips Backup Windows Android Upgrade Managed IT Services Saving Money Innovation Users Data Backup Social Media Office 365 Business Continuity Managed IT Services Information Microsoft Office Mobile Device Smartphones Windows 10 Internet of Things Server Data Management Miscellaneous Business Management Outsourced IT Browser Windows 10 Passwords Productivity Facebook Phishing communications Gmail Word Vulnerability App Cybersecurity VoIP Chrome Infrastructure Artificial Intelligence Remote Monitoring Network Disaster Recovery Encryption Gadgets Managed Service Provider Save Money Apps Tip of the week Analytics Virtual Reality Managed Service Website IT Support Money Employer-Employee Relationship Applications BYOD Big Data Quick Tips Display Paperless Office Google Drive Company Culture Settings Bandwidth Content Filtering Robot Unified Threat Management Automation Education Apple Storage Development Antivirus YouTube Maintenance Employee-Employer Relationship Risk Management Office Tips Hacker Data storage Government Access Control VPN IT Management Router Operating System Business Intelligence Touchscreen Retail Alert WiFi Hard Disk Drive Virtual Private Network Bring Your Own Device LiFi Tablet Downtime Hosted Solution Administration Monitors Vendor Management Mouse Chromebook MSP Data loss Augmented Reality Telephone Systems Managing Stress Two-factor Authentication Avoiding Downtime desktop End of Support Scam Collaboration Firewall Printing Networking Search Document Management HIPAA OneNote SaaS Wireless Solid State Drive Mobile Security Data Security Computers Virtualization Laptop Holiday The Internet of Things Outlook Server Management Spam Computing Business Technology Automobile Compliance SharePoint Print Toner G Suite Hotspot Internet Exlporer Microsoft Excel Slack Hard Disk Drives Optimization Techology Content Huawei Social Dell Connectivity Managed IT Smart Technology Politics Messaging Budget IT Technicians Customer Service Digital Signage Cybercrime Data Warehouse Typing Humor Cabling Modem FinTech Statistics Entertainment Information Technology WannaCry Staff Leominster How To Lenovo Best Practice Google Maps Regulations Downloads Office Samsung Marketing Shortcuts Current Events Language Value Mail Merge Blockchain Private Cloud Monitoring Solid State Drives Mirgation Recycling VoIP Unified Threat Management Streaming Processor IoT Shortcut Distributed Denial of Service Tech Support Employee-Employer Relationships Troubleshooting Business Analysis Cryptocurrency Cookies Bluetooth Comparison iOS K-12 Schools Firefox Superfish Google Docs Social Networking Social Engineering Security Cameras IT solutions Going Green Computing Infrastructure Professional Services Address Permissions Spying National Security Digital Payment Chatbots eWaste User Error Human Error Halloween Memory Hacks Star Wars Patch Management Managed IT Service Websites Analysis Students Virus Bitcoin Disaster Nanotechnology Specifications Scalability Google Wallet Digital Wearable Technology Network upgrade Customer Relationship Management Updates Business Growth Motherboard Cables Heating/Cooling Multi-Factor Security Safety Managed Services Alerts USB Identity Continuity Time Management Printer Remote Computing Device Scary Stories Reducing Cost Password Fraud Cost Management Break Fix Mixed Reality Legal Network Congestion LED Running Cable Threats Windows 8 Uninterrupted Power Supply Screen Reader Charging Black Friday Migration Unified Communications Drones Spyware Smart Office PowerPoint File Sharing BDR Wires Servers Google Calendar Laptops Buisness Computer Care IBM Licensing Dongle Emergency Solar Network Management Writing Mobility Sports Batteries Mobile Device Management Assessment Dark Web Wi-Fi Data Breach Virtual Desktop Deep Learning Co-Managed IT Smart Tech Cyber Monday Windows 7 Identity Theft Work Update Onboarding GDPR Alt Codes Voice over Internet Protocol Legislation Software as a Service Training Corporate Profile Cooperation Service Level Agreement Dark Data Myths Mobile Computing Computer Repair Relocation Mobile Data Supercomputer CrashOverride Recovery Motion Sickness How To Work/Life Balance Staffing Administrator Taxes Health Black Market Web Server what was your? IT Budget Law Enforcement GPS Notifications IT Consultant Electronic Medical Records Twitter Cameras Physical Security Emoji Printers Meetings Upgrades Gadget Tracking Crowdsourcing Cleaning CCTV Personal Information Botnet Cortana Webcam 3D Printing Error Processors Machine Learning Financial Point of Sale Ben McDonald shares Regulation Unsupported Software Travel

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3