2017 Blog Terms - Attivo Networks

2017

Businesses lost an estimated $27BN from data breaches last year

Hackers stole or compromised an estimated $27BN (£20.2BN) worth of records from businesses in 2017, new research has revealed

After news that Uber failed to disclose a massive hack in 2016, VPN (virtual private network) comparison site BestVPN.com analysed more than 200 data breaches dating back to 2004, looking at the number of records compromised, the industries most likely to be affected and the value of those breaches.

Late last year Equifax became the victim of one of the most high profile hacks in history, with 143 million records stolen, equating to an estimated $20.1bn (£15bn) worth of data lost*. There have previously been attacks where more records were compromised, such as Yahoo’s 1 billion back in December 2016, but the Equifax breach was notable because the data stolen included social security numbers and personal identification.

IBM revealed in its Cost of a Data Breach Study 2017 that the average cost of a stolen record was $141 (£104.25), or $3.62 million (£2.7 million) per hack.

In 2017 HBO was also hacked, with 1.5 terabytes of sensitive information stolen – including the script to a then unreleased episode of Game of Thrones. In May of this year it was revealed that the Lithuania-based medical clinic Grozio Chirurgija was also breached, resulting in the leaking of thousands of naked photographs, including 1,500 Britons.

BestVPN.com found that 2011 was the year where the most entities were hacked, including Sony Online Entertainment, who lost a predicted $3.4 billion (£2.5 billion) worth of records, and gaming platform Steam, who were the victim of a hack estimated to be worth around $4.9 billion (£3.6 billion).

Healthcare providers were found to be the most likely to be attacked, with this industry seeing 39 data breaches since 2004, with the most recent being Erie County Medical Center in 2017. Financial companies were the next most likely to be hacked, with 33 attacks since 2004 – Equifax being the most notable.

2017, the Year of “You’ve Been Hacked”! And, How to Avoid It in 2018.

By: Carolyn Crandall 2017 was the year of unrelenting breaches. Unbelievable amounts of personal information were compromised, ransomware attacks reached into billions of dollars, and breach fines that cost companies millions. Not to be left out, threat actors also crossed ethical boundaries with attacks that compromised patient safety and targeted industrial control systems that could have caused massive harm.

It has become easier and easier, based on readily available tools, to create new ways of spreading malware or ransomware or stealing data from companies. Human error, from clicking on phishing emails to failing to update patches, and other simple mistakes have all left the doors open. Open so much so, that attackers no longer concern themselves with persistence in the network. It’s just too easy to get back in.

How did this get so easy? Tools, believed to be stolen from the National Security Agency, allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8. These tools were widely leaked by an anonymous group called the Shadow Brokers back in April. Many have attributed the use of these tools to the outbreak of WannaCry cyberattacks.

In May, WannaCry, which appears to have originated from North Korea, impacted more than 150 countries, as the ransomware attack targeted businesses running outdated Windows software and locked down the files on these systems. Over 300,000 machines were hit across numerous industries with demands for ransom payment to unlock these files. In Great Britain, hospitals were affected, forcing procedures to be rescheduled and leaving patients without care. This was one of the first times we have experienced such a massive disregard for patient safety.

Soon after, there was the NotPetya malware that spread to major global businesses, across multiple industries. This included transportation, with FedEx and Maersk (a Danish shipping company), Pharmaceutical titan Merck, the advertising agency WPP, Russian energy company Rosneft, and many Ukrainian businesses. FedEx attributed a staggering $300 million loss and Maersk over $250 million loss because of the attack.

Not to be outdone, the October Bad Rabbit ransomware campaign posed as an Adobe Flash installer on news and media websites and used this leverage to infiltrate computers. It would then scan for shared folders and use these as a way to harvest credentials to escalate the attack. Russia appeared to be the most heavily targeted, but attacks were also recorded in the Ukraine, Turkey, and Germany.

AWS has also found itself in the news for a series of breaches that impacted the U.S. Department of Defense, Verizon, Time Warner, and Accenture. A GOP data firm misconfiguration of a security setting in its Amazon cloud storage service is cited as the root cause of many of these breaches. Shared security models, compounded by the ongoing challenge of supplier risk management should all give us cause to assess the risks that shared information, open commerce, and privileged access bring.

Another notable example is from May where Sabre revealed hackers had compromised its SynXis hotel booking management system, and at the end of June, Google instructed employees to be on the lookout for suspicious activity on their cards, because one of its travel agencies, Carlson Wagonlit Travel, was potentially exposed to the SynXis breach. Notably, Carlson Wagonlit is also said to handle more than five million transactions annually of U.S. military and government travel.

Clearly, attackers can and will get around perimeter defenses. In 2018, it is a must that security teams change their approach to security controls and a focus on detection and response technology. Deception-based detection is a highly effective solution for in-network detection based on its ease to deploy, operationalize, and scale. Uniquely, deception can be used to turn the asymmetry on attackers by making deception appear identical to real assets and credentials, dramatically increasing the difficulty of executing an attack and inevitably causing an attacker to err and reveal their presence. Dynamic deception technology will also up the game by empowering organizations to easily reset the synthetic network “game board” on demand. This forces the attacker to restart their attack or risk being discovered and quarantined, collectively increasing attacker resources and cost. What better deterrent than causing the attacker to slow down or start over.

It is inevitable that there will be an onslaught of new attacks in 2018 and the best defense will be to go on the offense in order to detect threats early and accurately. We saw great success with customers deploying deception to efficiently detect threats. They saw instant value from setting traps for attackers and not affording the attacker the time to complete an attack. We also had some great fun with penetration testers and at capture the flag events.

I look forward to sharing more in the new year about our customer success stories and company momentum.

Have a happy, safe, and threat free new year.

Scroll to Top