Unfortunately, 2017 has been a major year for data breaches. In the US alone, personal information has been stolen for well over 100 million residents.
Here’s a look at what are arguably the most damaging hacks and data breaches of 2017 so far. And while they happened in 2017, their effect will likely be felt well into 2018 and beyond.
On May 12, 2017, the WannaCry cryptoworm began propagating, demanding a ransom from victims in order to regain access to their files. The original version of WannaCry propagated for three days before a kill switch was found by security researcher Marcus Hutchins. In that time, thousands of organizations including FedEx, the UK’s NHS, telecoms Telefónica and Megafon, and others were affected.
WannaCry and its variants utilize a pair of exploits called EternalBlue and DoublePulsar, which were released by an organization called “The Shadow Brokers” on April 14. The exploits were originally developed by the NSA Office of Tailored Access Operations and CIA Information Operations Center. An analysis by GCHQ’s cybersecurity arm identified the authors of WannaCry as the North Korea-connected Lazarus Group, which was also responsible for the 2014 Sony Pictures hack.
Though the exploits leveraged by WannaCry have been patched by Microsoft, further variants without the aforementioned killswitch continue to propagate across the internet, targeting systems which haven’t yet been patched.
Petya (or NotPetya)
While the original Petya actually surfaced in 2016, the 2017 version identified as “NotPetya” by Kaspersky Lab was used to target organizations in Ukraine. The NotPetya variant was propagated through the software update mechanism of the accounting software MeDoc. Like WannaCry, NotPetya also uses the EternalBlue vulnerability to propagate through local networks. This software is used by about 400,000 firms in Ukraine, which is about 90% of Ukrainian domestic firms, according to the BBC. Among these, several Ukrainian banks, state-owned organizations, and transportation systems were affected.
In contrast to earlier ransomware attacks, NotPetya encrypts not just the MBR of a given disk, but also encrypts individual files, as well as overwrites files, making recovery impossible. Also, the comparatively cheap ransom which NotPetya demands, combined with the single Bitcoin wallet victims are instructed to use, suggests that the aim of NotPetya was to inflict damage, rather than purely generate a profit.
Due to the nature of credit reporting agencies—in which companies create dossiers on individuals without their consent—these organizations are a large target for criminals looking for a one-stop shop to harvest personally identifying information (PII) on tens of millions of people at once. Equifax announced in September that their systems had been hacked, potentially impacting 145.5 million Americans. International divisions of Equifax were also affected, leaving 15.2 million residents of the UK vulnerable, as well as at least 19,000 Canadians, according to the company.
Though it’s still unclear, hackers appear to have exploited a vulnerability in Apache Struts on an Equifax server in May—a vulnerability that was patched in March. However, the damage made possible by this vulnerability was made worse by poor security practices, inadequate network segmentation, and a lack of encryption for personally sensitive information. Poor security practices are prevalent throughout the organization, as an admin account with the password “admin” was discovered in Equifax Argentina. As a result of the hack, the CEO, CIO, and CSO of Equifax were replaced in September.