2017 Data Security, A Year in Review
ybersecurity dominated news cycles throughout 2017, with reports of widespread malware and ransomware combined with major data breaches that impacted billions of people. In just the first half of 2017, breaches compromised 1.9 billion data records1, a 164% increase over the same time period in 2016. Ransomware attacks are up 350% year-over-year2 and are expected to keep gaining in popularity. Businesses are taking notice of these trends: 23% of CFOs surveyed said that cyberattacks are the biggest external threat to their business3, up from just 5% who responded the same way in 2015. Below are some of the biggest attacks, breaches, and leaks disclosed in 2017 that impacted data security.
The WannaCry ransomware attack targeted a known Microsoft vulnerability, for which a patch had been released two months earlier. The ransomware infected an estimated 300,000 devices and wreaked havoc on many networks. One dangerous characteristic of WannaCry was that it could scan for connected vulnerable devices and easily jump from one to another, quickly spreading throughout networks.
WannaCry retrieved 52 bitcoins via paid ransoms, and there were several well-publicized disruptions associated with the ransomware. The UK’s National Health Service was severely crippled due to WannaCry, with at least one third of their offices and services affected and 19,000 appointments cancelled.
Another large cyberattack perpetrated by ransomware was NotPetya, a variation on 2016’s Petya ransomware. NotPetya exploited the same vulnerability seen in the WannaCry attack, and primarily targeted Ukranian companies including banks, energy companies, and transportation services. Ramifications ranged from ATMs that ceased to operate, to radiation monitoring systems going offline, to shipping operations being halted due to impacted networks.
Petya hit Ukraine the day before a national holiday, and experts believe it was politically motivated but do not know who was behind it, partly because the ransomware was available on the dark web. Despite first appearing several weeks after the well-publicized WannaCry attacks, enough systems still had the vulnerability unpatched for Petya to have an impact.
CloudBleed was a security bug found in the popular content delivery network Cloudflare, which provides services to thousands of websites including Uber and OkCupid. The bug was discovered by a Google vulnerability researcher, who was able to view leaked information as well as request data that was cached by Google’s search engines. The data included passwords, private messages, and account details. Cloudflare was informed of the bug and publicized it once fixed, on February 23rd, 2017.
Cloudflare itself was able to resolve this vulnerability without depending on their individual users, so it was patched by the time it was made public. The vulnerability had been present since September 2016 and it is unknown how much data was discovered before the fix.
The massive data breach from credit reporting company Equifax compromised the personal data of 143 million people, including social security numbers and other identifying information. The breach was a result of an unpatched vulnerability found in the enterprise system Apache Struts. While the vulnerability was disclosed and patched by Apache in March, Equifax failed to apply the patch and were still vulnerable in mid-May, when attackers first gained access to their systems.
Equifax has been widely criticized for its cybersecurity policies and response to the breach, which included a website that also had several security vulnerabilities. Security experts have condemned the fact that a credit agency with access to large amounts of sensitive data could have been exploited through a relatively simple vulnerability that had a patch available.
In November, Uber announced that it had covered up a late 2016 breach of personal data from 57 million users, including driver names and license plates, and user emails. The ride-sharing company paid hackers $100,000 to delete the exposed data and keep quiet about the hack. In 2017 Uber fired top security officers and admitted that they should have disclosed the breach to regulators.
It has been reported that the $100,000 payment was made through a bug bounty program used to incentivize researchers to report bugs and minor vulnerabilities in their system. Bug bounty programs are not meant to reward those who have illegally gained access to companies’ systems. Administering such a high payment though said systems is highly unusual.
The 2013 Yahoo data breach keeps growing: In October 2017 the company clarified that hackers accessed account information for every Yahoo account, a total of 3 billion records. This breach is the biggest of all time, and included names, email addresses, security questions, and encrypted passwords. Before its sale to Verizon, Yahoo had several other unrelated security breaches.
Automated Patching Can Improve Data Security
Some of the largest data security breaches, including WannaCry, Petya, and the Equifax breach, were entirely preventable had the companies stayed up-to-date on patching. There are many other smaller-scale cyber security incidents each year are a result of known vulnerabilities and unpatched systems. Failure to install patches in a timely manner makes a hacker’s job easier. They look for low hanging fruit. And with up to 90% of attacks using known vulnerabilities that are more than a year old4, it’s an unfortunate reality, but many companies are unable to keep up with their patching.
Let’s make data security a resolution for 2018! Implementing a cloud-native automated patching solution like Automox can help you achieve real time patch compliance. You can deploy the lightweight agent across your entire infrastructure in minutes and see the patch status of every client and server. You can “patch now” or set up patch policies that will have every system up to date before you leave the office. And as new patches are released, they can be applied automatically or when you approve them, it’s under your control.
1 https://www.cnbc.com/2017/09/20/cyberattacks-are-surging-and-more-data-records-are-stolen.html2 https://yourstory.com/2017/12/cyber-attacks-2017-ransomware-malware/3 https://www.cnbc.com/2017/06/23/a-i-critical-to-companies-say-cfo-council-members.html4 https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.