Half-Year Roundup: The Top Five Data Breaches of 2017 — So Far
Data breaches aren’t slowing down. If anything, they’re set to break last year’s record pace. As noted by 24/7 Wall Street, the 758 breaches reported this year mark nearly a 30 percent increase from 2016. If cybercriminals keep it up, the total number of attacks could break 1,500 by the end of 2017.
Top Five Data Breaches of the First Half of 2017
Recent research by the Ponemon Institute found that companies have a 1-in-4 chance of experiencing a data breach. Still not convinced of the risks? Here’s a look at the top five data breaches (so far) this year.
In May, education platform Edmodo was breached. The company’s vice president of marketing and communications told Motherboard that the organization had “learned about a potential security incident” and was taking the report “very seriously.” Meanwhile, a fraudster known as nclay was selling 77 million Edmodo accounts on the Dark Web for $1,000. Account samples provided by for-profit breach notification service LeakBase appeared to be legitimate Edmodo profiles. The site did note, however, that the passwords were hashed with “robust bcrypt algorithms” and properly salted, making them more difficult for cybercriminals to crack.
Between May 2 and May 6, users who downloaded popular open source Mac video transcoder HandBrake from its download.handbrake.fr mirror had a 50/50 chance of infection. Using a variant of the MacOS Proton remote access Trojan (RAT), fraudsters were able to replace the HandBrake Apple Disk Image file with a malicious version that allowed them to steal login credentials from the OS X keychain, as well as stored browser passwords.
While there’s no word on the number of users infected — likely on the low side, since the exploit was only active for five days, and HandBrake isn’t exactly ubiquitous — the attack serves as a sobering reminder that Apple devices are no longer safe havens. Cybercriminals are willing and able to crack Apple’s vaunted GateKeeper protection, but many companies still assume that iOS and OS X offerings come with inherently lower risk.
While not exactly a data breach per se, this is certainly the king of recent security incidents. WannaCry exploited Windows vulnerabilities and infected millions of users in May. The threat actors used the EternalBlue exploit, which was released by the Shadow Brokers cybercrime group, to compromise server message block (SMB) v1 tools. This allowed attackers to both encrypt files and spread the malware to new hosts. The cybercriminals demanded payment in bitcoin for the release of files, with the ransom doubling after three days and attackers threatening to delete all files after one week.
While a security researcher was able to find and activate a kill switch to slow the spread of WannaCry, fraudsters developed new variants to circulate the infection worldwide. Although Microsoft patched the SMB exploit in March 2017, some affected Windows versions were too old for automatic support, and others were simply left unpatched.
NotPetya is similar to WannaCry but worse. The attack was designed not to make money, but to destroy data. While the creators borrowed code from the year-old Petya malware, the new strain has little in common with its progenitor. Instead of using unique cryptocurrency wallets, for example, NotPetya linked to a single bitcoin wallet and used a popular hosting service for its decryption key email address, which was promptly shut down after the attack began. In a worst-case scenario, this new malware — which spread faster than WannaCry — can cause both permanent and irreversible damage to computer hard drives, even if users decide to pay up.
5. Deep Root
Using the Shodan search engine, a security researcher discovered more than 1TB of personal information of more than 198 million Americans (61 percent of the US population) on an improperly secured, publicly accessible cloud server. The data was from a marketing database at a conservative analytics firm and was comprised of not only standard demographic data, but also sentiment analysis to determine how people felt about controversial issues that could be exploited by political ad targeting. In total, the data was publicly viewable for 12 days.
While some of this type of demographic data can be found via other public sources – including what people share on social media – the fact that it was organized in a single, vulnerable location is significant. Adding insult to injury, those affected did not opt-in or give consent to be represented. As the data contained much more proprietary analytics about how people felt about political issues, it could be used for targeted phishing attacks or identity theft.
This type of incident shows the dangers and ethics of mass data collection and the necessity to properly secure this sensitive information.
Hope for the Second Half of 2017
Thankfully, it’s not all doom and gloom. The average cost per record is down more than 11 percent this year to $141, while the total cost of a data breach — $3.62 million — is also down 10 percent. Of course, paying less to clean up a cyberbreach isn’t exactly comforting. Can companies effectively defend their data from attackers in the second half of 2017?
The answer is yes — mostly. Distributed denial-of-service (DDoS) attacks can now take down websites in seconds, and the threat of physical break-ins always looms large. But the vast majority of breaches stem from two sources: accidental employee exposure and vulnerable code that hasn’t received available patches.
If you want to reduce your risk surface and frustrate attackers, teach employees not to open emails from unknown sources, report to IT immediately if they visit potentially harmful websites, and make sure operating systems and commonly used apps are regularly updated. These tactics can both thwart malicious actors and help keep organizations safe from cyberthreats in the second half of 2017.