Saturday, 15 Dec 2018

Most Destructive Cyberattacks That Occured In 2015

What were the Most Destructive Cyberattacks That Occured In 2015?

2015 was a busy year in terms of cyber security, and not in a good way. The year saw an alarming number of data breaches, high-profile attack campaigns, and news of a major vulnerability. There are calls to ignore many of the high-profile attacks that were done out of mischief in order to avoid giving the perpetrators exactly what they want, but the attacks themselves are worth discussing mainly because they provide insight into malicious activity and how we may be better prepared for it in the future.

The cyber attacks that occurred last year are also worth highlighting because we have seen hackers get bolder, not to mention more creative when it comes to their targets and methods. So in no particular order, here are the most noteworthy cyber-attacks that occurred in 2015:

Cyber-attack Causes Real-World Physical Damage

A lot of people are not worried about cyber attacks, under mistaken belief that it can never harm someone physically. However, an attack at an unnamed German steel mill that was put into motion in the latter parts of 2014 made a splash in 2015, as the attackers managed to manipulate and disrupt the mill’s control systems. This resulted in the inability to shut down the blast furnaces, resulting in costly and dangerous damages.

The attack is a reminder that cyber security is a huge concern even for people who never go online. Hackers doing irreparable physical and real world damage are no longer limited to action movies or science fiction. Hospital systems, manufacturing plants, common appliances, and even the government’s massive networks can be compromised and used by cyber criminals to do both intentional and unintentional harm to the public.

Health Care Under Siege

Many of the high-profile security breaches in 2015 were in the health care sector, with big names such as Anthem, CareFirst, and Premera Blue Cross, among others being breached in the span of a year. These attacks gave malicious individuals access to more than 100 million records consisting of social security numbers, medial records, addresses, and even financial information from the HMOs’ clients.

What makes these breaches particularly insidious is the double whammy of the data being usable for a variety of other sophisticated attacks (such as identity theft, financial theft, abduction, etc.) and the fact that health care records are meant to have long shelf lives, as they take a long time to change.

Bitcoin Heists Are Real

Bitcoin gained mainstream attention last year as people discovered that it is more than just the preferred form of payment of hackers and cyber terrorists. The crypto currency also made headlines because it was revealed that cyber thieves have also started stealing the bitcoins for a variety of reasons, at ridiculous amounts and frequency.

The most notorious case was with the European bitcoin exchange Bitstamp, which suspended trading after its storage wallets were compromised in January 2015. Over 19,000 bitcoins were stolen, which amounts to more than $5 million USD at the time. This was followed a month later by the Chinese exchange BTER’s cold wallet system being pillaged for 7,170 coins.

The thefts had two major effects: it proved that virtual currency has actual real-world financial value and that there is a need for an internationally recognized security standard for crypto currency.

VPN No Longer Safe for Some People

For a long time now, Virtual Private Networks served as the mainstream solution for protecting your privacy online, as it allows for encryption and hiding of the packets of information you send and receive online, effectively masking your activity from snoopers. However, Juniper Networks discovered that their brand of Netscreen Firewalls contained unauthorized code that gave intruders the ability to decrypt VPN traffic.

The issue has to do with Juniper’s use of Dual_EC_DRBG, which is a random number generator that is known to be flawed. The company claimed that they had safeguards in place to avoid problems with the RNG, but as the attacks prove, the said safeguards were useless.

The U.S. Office of Personnel Management Gets Hacked

This is most likely the most destructive cyber attack in 2015, as it concerns the U.S. Office of Personnel Management itself getting breached by unknown attackers, resulting in millions of personal data being stolen. These personal data came from government employees, military personnel, and government contractors. It includes the information taken from their background checks as well as their security clearances.

The stolen information could give the attackers crucial information on high-profile individuals with connection to national security, and allows them to target not just the individuals but their friends and family as well. This is not just a simple attack on a corporation, but an attack on various individuals and even the U.S. government. This is the kind of thing that political thrillers are made of, except it’s real this time and not just a figment of some author’s imagination.

The Key Takeaway

All of the cyber-attacks that occurred in 2015 fall under one umbrella – the one that proves that the IT Security Industry is currently not able to defend itself, and that there is a need for everyone to step up their game. We all need to look back at these attacks and take them into account when following the basics of security best practices and coming up with new security measures. If there’s one thing that we’re sure of, the stakes just got higher and 2016 puts the ball in our court.