Half the year is over. 2018 has reached its half way mark and cybersecurity has become a big joke. We are not cynical. We are realists. After the horrifying 2016 and 2017, in which millions were riddled with cyber hacks, ransomware and malicious malware, 2018 seems to be fairing in the same fashion. Though many may claim that threats are always bound to be present online, it makes us wonder if ever there shall be way to curb this nuisance in the bud. With crypto mining and cryptojacking becoming a norm and data breaches occurring with high frequency, there is but little hope. The need of the hour is an all-powerful antivirus and firewall coding system that shall detect any worm, any virus and malware the minute it attempts to invade one’s PC. While we wait for such a thing, here is a chronicle of the terrible, horrible, no good, very bad, cyber security attacks that have occurred so far in 2018.
Data Breach:
1. Timehop
An app that focuses on ‘Flashbacks’. It collects data of the past 3 years from other social media pages like Facebook, Instagram, Twitter amongst others, and makes one reminisce over the times gone by. But, this application suffered a huge data breach over the Independence Day weekend. Hackers stole data of 21 Million users. They hacked names, email addresses, and phone numbers. What was surprising was that the hacker has in the past (December 2017) gained access in to main frame of the cloud via an ex admin credentials and still the account did not have Multi Factor Authentication to protect the data. As a result, the hacker gained easy access on to the app’s cloud account. The app users have since been notified that their data has been compromised and have hence been requested to log out of the application and reauthorize it. Timehop has since added multi factor authentication to its cloud based account. Too little, too late.
2. Polar Flow
A fitness app that helps one track their steps, sleep and also sets fitness targets and provides the users with guidance for achieving health goals. It manages to do so by hosting users personal data. Many of these users happen to be military personnel, amongst other users. Its data was breached last month and apart from normal users, those military personnel too were compromised as their secret locations and bases from around the world were also accessed by the hackers via their map feature. This information about the data breach was shared by the team behind Polar Flow with National Defence departments. They in turn, notified all the secret bases and outposts, before the news was released to the public. While many speculate that this breach is on a national security level, Polar Flow on its end has disabled the map location option so that no other hacker can try the same.
3. MyHeritage
Genealogy and DNA testing application MyHeritage made a shocking discovery. They found a file which had data of all their users on a public server. To make matters worse, the date of the hack was stipulated to be 26th October 2017. To go on so long without even knowing that users’ personal data such as email address and password hash have been compromised brings about a lot of bad press. A total of 92.3 Million users had their email addresses breached. To think if instead of email ids, it could have been their DNA information. Nevertheless, thankfully, once the breach was spotted, steps were taken to ensure that there are no such repeat performances. The users have all been notified and requested to change their log in details.
4. Ticketmaster
What happens when one is over confident? Well, one stumbles and falls flat on their face. This reality may be be denied by many, but it doesn’t make it any less true. It is this exact overconfidence that lead to the breach of approximately 40,000 people. Even after being warned by their partners at Monzo Bank, that there is a breach in their security protocols, Ticketmaster did nothing. In fact, they were so confident in their claims that they were in for a rude shock when it was discovered that they had been breached. Data consisting of Login details, payment details, residential addresses, customer name and their personal telephone numbers was hacked. While technically, the fault lies in their third-party partner who had changed a code in their firewall, the blame still rests with Ticketmaster. All those who have been affected have been issued new cards by Monzo bank and have been advised to change their log in details.
5. Typeform
Till now we have read about firms being lax about cyber security details, but Typerform, an online survey company, was alert and stopped the breach within 30 mins of it beginning. Yet, within that small window frame of time, they suffered a massive scale of breach. One, that had far fetching results on multiple corporations and affecting approximating Millions of people and their personal data. This entire data was stored in a backup file which the hackers breached. While they have since tightened security protocols, the data that has been hacked into is lost forever and compromises the safety and the security of its customers. Guess whatever will be, will be.
Ransomware/Malware
6. SamSam Ransomware
To know more about this ransomware attack, visit here.
7. BabaYaga Malware
To know more about this Malware attack, visit here.
8. RedEye Ransomware
To know more about this ransomware attack, visit here.
9. Wiper Malware
To know more about this Malware attack, visit here.
10. WinstarNssmMiner Malware
To know more about this Malware attack, visit here.
There you have it folks! A quick breakdown of the biggest data breaches and ransomware/malware attacks that have occurred in the first half of 2018. Guess by year end, this list shall be even longer. All we can do, is wait and watch.