2017 is coming to an end and not surprisingly, cybercrime incidents and numbers are increasing again regarding previous years. From data breaches to cryptocurrency thefts, passing through critical infrastructure attacks, we have compiled our 2017 top 10 cybercrime list… following we have ordered them from the least to the most triking ones. This year is over, let us keep contributing to make 2018 a safer one!
10.- Dallas’ Emergency Sirens woke up the city
It was almost midnight on Friday the 8th of April. Emergency Sirens in the city of Dallas started sounding and people woke up and collapsed the 911 trying to find out and asking what was happening. After the initial investigation, the police discovered that the alarms had been triggered off by an external entity using wireless radio hacking techniques. The attack itself did not have a critical impact other than disturbing thousands of people’s sleep, but it demonstrated vulnerability on critical safety systems. It could have been used for worse purposes, such as disabling alarms during an emergency situation.
9.- HBO, winter is coming for Behzad Mesri
Following the renowned Sony Pictures hack, its competitor HBO suffered a similar breach in August. The credentials to access private servers with employee data, future episodes and other critical data were stolen from employees’ laptops. The cybercriminal requested 6M USD in cryptocurrencies for not publishing this information online. But “winter came” for the cybercriminal, he was identified as Behzad Mesri, and was living in Iran. He is currently charged with computer fraud, wire fraud, extortion and identity theft. Even though he has not been captured yet, he probably will not be living the best of days bound in Iran.
8.- Pizza Hut, a quite expensive dinner for some customers
A few bank accounts were reported to have been emptied during October. The only common thing among the victims was that they had ordered a Pizza a few days before. This “sherlock holmes” riddle was resolved when Pizza Hut sent an email to its customers admitting that their website and apps had been hacked for 28 hours and customer data, including personal and payment information data, had been leaked. Over 60.000 customers were affected. The direct and indirect cost caused to the company on attending customer calls, insurance impacts or loss of reputation, has not been publicly exposed. But it must have definitely been a significant bite.
7.- Uber, a chain of unfortunate and poorly managed events
2017 has probably been the worst year for Uber in terms of public image. The fact that more than 57 million users’ data was reported stolen in November did not help. How the cybercriminals managed to do it was far from sophisticated. They obtained users and passwords from the source code repository. But the story gets even worse, Uber admitted having paid cybercriminals to hide the leakage, which was not actually effective because the data became public. This is definitely a chain of unfortunate events poorly managed by the Silicon Valley giant and brings this incident to our top 10 list.
6.- Cronbot, the first mobile banking trojan
A Russian cybercrime organization was finally arrested May 23rd in Moscow. They had been stealing money from bank accounts for at least 2 years, using the first denominated “mobile banking trojan”. By creating a fake Mobile app which looked and felt exactly the same as the real app, they were able to infect Android phones with a malware that was intercepting SMS-sent banking codes, passwords, etc. Although only 900.000USD have been actually reported as stolen by this group, the real number including operations that were not discovered or attributed to them would be much higher.
5.- Gmail phishing, old techniques still work
The simulation of emails sent from trusted providers containing malicious links or documents is an old technique. However, the phishing attack that millions of Gmail users received back in March was extraordinarily sophisticated. Not only the emails came from genuinely trusted contacts, the link appeared to be extraordinarily real, but the most amazing thing was that the email contents looked as if it were exactly like the style of the senders. The amount of information robbed in this incident is incalculable.
4.- Triton, a new Nuclear Plant threat
The recently discovered industrial targeted Triton is one of the more sophisticated pieces of malware discovered this year. It brings our minds back to the Stuxnet attack in 2010. Triton was able to gain remote control of a Nuclear Plant in a non-disclosed location and cause the disruption of the whole plant. Whilst only a few details of the attack have been published, the rumors the target to probably a national intelligence service due to the complexity of the attack, as well as the lack of economic incentive for it.
3.- WannaCry, the world most renowned malware
The world suffered the worst ransomware incident so far on May 12th, this year. It was spread at light speed over more than 150 countries in a few hours, affecting nearly half a million corporate computers. Only 0.07% of the victims paid the bitcoin amount to get their computers rescued. Even with the bitcoin value bubble increase, this would only have been a few hundred thousand USD for cybercriminals. However, the operational impact on all those companies that were stopped for days fixing the issue, place this one in the bronze position of our ranking. The US just attributed the attack to North Korea and announced retaliation. Another contribution to the cold war both countries are involved in these days.
2.- Ethereum steal, the cryptocurrency craziness
Cryptocurrencies are nowadays on the top of the news due to their continuous fluctuation on a crazy speculation race. One of the key doubts (risks) about cryptocurrencies is regarding its security. In July 2017 the biggest ever cryptocurrency theft took place. The cybercriminals were able to empty wallets created by Parity Software, including casinos and other actions. The hack was reported too trivial to explode, but the quantity stolen has a present-day due value of 133 Million USD. These incidents definitely do not contribute to the stability of this 21st century “new gold”.
1.- Equifax, the worst data breach in the world so far
The first position in our raking undoubtedly goes to the credit firm Equifax. Marked as the worst data breach in the history, it exposed sensitive data of more than 143 million people, including social security numbers, addresses, banking information, etc. This information is valued at around 30$ per record on the black market, making a potential deal for cybercriminals of 4.2 billion USD. Not bad for a “simple” exploitation of a public vulnerability of the Apache Server in the Equifax website. The CEO announced 5 post incident service packages for its customers “free of charge” (i.e. paid by Equifax), and retire from its position immediately after.
Article written by David Purón, Founder and Chief Executive Officer at Barbara IoT.