The 5 Worst Cyberattacks of 2017 and the Lessons Learned for 2018

FeaturesPCmag

While every year has its notable security breaches, 2017 was especially disastrous. Last year saw yet another list of large corporations, websites, and organizations suffer from attacks, huge caches of customer data compromised, and all varieties of malware and ransomware intrusions.

Continue Reading Below

There are a number of things you can do to prevent these breaches from happening to your business. You can, of course, invest in an endpoint security solution but it's also important to follow data security best practices and make use of available security frameworks and resources. We spoke with Dr. Eric Cole, cybersecurity expert and CEO of cybersecurity consulting firm Secure Anchor Consulting, about these hacks, their importance, and the lessons to be learned from them.

1. Yahoo (Again)

Back in 2016, the former tech giant revealed that it had suffered two separate breaches which had compromised the data of more than 1 billion users. This is a horror story for any tech company. Then, in October 2017, the company disclosed that, in reality, every single Yahoo account was compromised. Yahoo was struggling to begin with and this lack of transparency certainly didn't help rebuild public confidence in the brand.

According to Dr. Cole, disclosing can be difficult for companies. "On one hand, you want to make stakeholders aware there's a problem as soon as possible. Sometimes, however, it can be worse to announce a breach without a game plan," said Dr. Cole. "If you don't have a proposed solution, it can be highly damaging to your company."

Dr. Cole recommends looking at the scenario through the eyes of the customer and making decisions within that framework. "Once an attack is verified, do an initial notification to the customer, letting them know what happened, what exactly you know, what you're doing, and when an update is coming."

2. Shadow Brokers/WannaCry

We first learned about a hacker group known as the Shadow Brokers in 2016 when they published a sample of spy tools they had stolen from the National Security Agency (NSA). In the spring of last year, things heated up when Shadow Brokers released a number of tools, including those that exploited vulnerabilities in most Windows operations systems (OSes). Large enterprise networks that were slow to install updates fell victim to ransomware attacks such as the WannaCry incident, and important organizations such as the UK's National Health Service (NHS) were also affected.

Dr. Cole advises that companies prioritize and focus on their highest-risk systems. "A lot of clients have internal systems that are fully patched and up to date but their online servers are unpatched. The most vulnerable assets need the most attention."

3. Crash Override/Triton

Crash Override and Triton were a pair of digital weapons exposed in 2017 that were unique for attacking crucial infrastructure systems. Crash Override targeted the Ukranian electric grid and caused a blackout, and Triton targeted industrial control systems in the Middle East. Usually when we think of cyberattacks, we think of the economic impact of the incident. These two attacks introduced us to a scary new reality where public safety itself was at risk.

According to Dr. Cole, these attacks may not be so prevalent in 2018. "These are certainly scary but the majority of these utility companies do a really good job of keeping their systems away from the internet. Infrastructure will always be a target but look at it from the hackers' perspective: They want money and intellectual property [IP]. Attacks on infrastructure would be considered an act of war and that's more risk than they want. The new coverage is largely overblown on these attacks."

4. Uber

Just like with Yahoo, a lack of honesty can be nearly as bad as the breach itself. Toward the end of the year, Uber's CEO announced that there had been an attack in 2016, in which the names, email addresses, and phone numbers of 57 million users were stolen. However, the trouble for the ride-sharing company really stemmed from the fact that Uber worked to conceal the breach and even paid the hackers $100,000 to keep it under wraps. This not only damages the trust of company stakeholders but it also is likely a violation of data breach disclosure laws in a number of states.

"The big problem with these breaches is that we often have this 'We don't negotiate' mentality," said Dr. Cole. "I have a more practical business view." While sometimes cooperating with the attackers is a necessary step to make the problem go away, Dr. Cole said companies should focus on making sure they will never be put in such a position again. "I would advise a company like Uber that, if the decision makes sense, then fine, but make sure you fix the underlying issues and that you notify the public."

5. Equifax

A credit monitoring firm such as Equifax holds very sensitive user information: credit card numbers, driver's license numbers, and social security numbers, which can all be used to steal someone's identity and wreak all sorts of havoc on their lives. When it was revealed that attackers had accessed the data of 145 million Equifax users, people were understandably upset. To make matters worse, the company's response to the breach was completely botched. The website they set up for victims had security flaws of its own and it was also revealed that the CEO had only met with security-related staff once a quarter. The CEO ultimately stepped down and the breach was regarded as one of the worst to date.

According to Dr. Cole, Equifax needlessly damaged their reputation. "With them, it was all about protecting the company, which was their biggest mistake," he said. Much like in the case of Uber, being upfront and proactive about the breach would have saved Equifax a lot of grief.

This article originally appeared on PCMag.com.