As we kick off the New Year of 2015, there is no doubt that Cyber Security will be on the mind of everybody. This is so because 2014, probably, has been the worst in terms of Security hacks, attacks and breaches. All of this was made even more famous due to the headlines made by Target, Home Depot, as well as some other giant retailers whom fell victim to these major attacks.
Not only were these businesses gravely affected, but their customers as well, as their credit card information was stolen in an attempt to launch a large scale Identity Theft scheme.
But what capped 2014 off was the Sony Corporation Security breach. This business entity has been the victim of Cyber attacks before, and was threatened again on a large scale breach (which would have been equal to a 9/11 type of attack), if their movie, ‘The Interview’ was released. In order to avoid this from happening, Sony Corporation pulled the film.
But interestingly enough, during the days shortly before and after New Year’s Day, the movie was actually aired in hundreds of independently owned movie theatres, with no major retribution occurring. Now, sources point to fired employees of Sony Corporation possibly launching these Cyber Attacks, with help from North Korea.
But apart from these Security breaches just outlined, there have been many others which occurred in 2014. In this article, we review the top ten, which did not receive the headlines like Sony Corporation did.
CurrentC is a rival, mobile payment network of ApplePay, which is backed up by giant retailers such as Wal-Mart, and others. In an apparent Security breach, hackers were able to gain access to all of the e-mail addresses of CurrentC’s pilot program customers. MCX, the software development company which has been building the application, has claimed that the E-Mail Service Provider was hacked as well, thus resulting in this particular breach. But, this is not the first time that security perimeter of CurrentC has been hacked into. Just days before this incident, the prototype mobile payment system was broken into as well. In an effort to quell their customer’s worst fears, the management team at MCX has claimed that the e-mail accounts which were stolen were only prototype addresses, and not real. For example, “Many of these e-mail addresses are dummy accounts used for testing purposes only . . . The CurrentC app itself was not affected.” (SOURCE: http://www.businessweek.com/articles/2014-10-29/currencs-data-breach-adds-to-awful-week-for-apple-pay-rival).
AOL is probably the first e-mail system used widely by people here in the United States. It even had a famous debut in the Tom Hanks movie, ‘You’ve Got Mail’. But, this notoriety may also be AOL’s Achilles heel. In April of 2014, this E-Mail Service Provider was hit with a massive Security breach which affected nearly 2% of all AOL users. But in reality, tens of millions more customers were also affected, as well. In this breach, the information which was stolen included not only E-Mail addresses, but postal addresses, encrypted passwords, and even answers used in those security questions to reset passwords. Also, the hijacked e-mail addresses were used to send spoofed E-mail messages to other AOL users. The company’s remedy for their affected customers: Just merely reset your password again, as well as changing the security question and answer. Security experts warn that another Security breach like this could very well happen to AOL, yet once again.
Trying to find a job in these economic times can be stressful enough for an individual, but imagine that stress level compounded by the fact that that person may have also become a victim of Identity Theft. This is what exactly happened to 850,000 job seekers, at they used the ‘WorkSource Oregon Management Information System’, provided by the state of Oregon. This website contains information and data on almost 2 million job seekers. The hacked information includes stolen Social Security numbers, addresses, birth dates, and other such type of data which can be found on an online job application. The users of this job site were recommended to reset their passwords. The affected individuals also received personal letters as to how they can better protect themselves from the threats posed by Identity Theft in the future.
Just last month, Staples announced that almost 1.2 million customer credit cards could have very well been exposed in a major Security breach which occurred earlier in 2014 (sometime between July and September). A federal investigation has revealed that the Cyber Hackers used a very specialized piece of malware, which allowed them to gain access to the information associated with sales transactions at 115 of its US based stores. The hacked credit card data includes the cardholder name(s), the actual credit card number, the expiration dates, as well as the 3 digit credit card verification codes. The company also claimed that between April and September of 2014, there was also fraudulent credit card usage discovered at four of its New York based retail stores. In response to these Cyber based attacks, Staples has offered to its customers free identity protection, which includes credit monitoring, Identity Theft insurance, and a free credit report.
In January 2014, Yahoo announced that it was the victim of a major coordinated attack, in which both usernames and passwords were compromised. This information was stolen from a third party database, which of course, was not secured. On behalf of its customers, Yahoo automatically reset the passwords of the compromised accounts, as well as allowing the individual account holders to take extra security precautions. It was also highly recommended that the end users should change their login credentials as well, especially if they use their Yahoo ID with other online accounts (for example, many Yahoo e-mail account holders use their ID in conjunction with another e-mail package, such as Gmail; so email@example.com could also be firstname.lastname@example.org). Yahoo is the world’s second largest E-Mail service provider, with almost 300 Million+ users.
With the increased use of Biometrics and stringent Federal Government legislations, one would think that the Healthcare Industry in the United States would not be as affected by Cyber based threats. But this is far from the truth. The affected party is known as ‘Community Health Systems’ (also known as ‘CHS’). It is comprised of 207 hospitals, and operates in 29 states. Between April and June of 2014, hackers targeted a flaw in the Open SSL, CVE-2014-0610, also known more famously as ‘Heartbleed’. It was believed that the attackers originated from China, and they were able to bypass various security measures to transfer data out of the CHS servers. However, the information which was captured was non-medical patient data (such as patient names, addresses, birthdates, telephone numbers, and Social Security numbers), and over 4.5 million individuals were affected. Once the ‘Heartbleed’ malware was launched, the hackers were able to gain user credentials from the CHS network, and were then subsequently used to login into the company’s Virtual Private Networks.
Last year, South Korea was hit with one of the worst Cyber crimes it has ever faced. For instance, 70% of the population (between the age group of 15 and 65) became prey to Identity Theft, which resulted in 27 million people being affected. South Korea is known to have a rather strong online gaming culture, thus, the Cyber Hackers specifically targeted six major online gaming sites used in South Korea. The focus of the attacks were on the registration pages and passwords used by customers. Sixteen hackers were involved in this scheme, and 220 million pieces of individual data were stolen. It is believed that these hackers used a tool known as an ‘extractor’, to login into the online accounts of the customers, in an effort to steal the virtual currency being used. In the end, this hacker group pocketed more than $400,000, and investigators claim that this data breach cost the South Korean economy over $2 Million.
The Home Depot retail store chain operates 1,977 stores in the United States, and 180 in Canada. The attack which was carried out against this retail giant occurred in the same fashion as the other retailers: Very sophisticated and covert malware was used to capture the credit card information of customers, as purchase transactions were conducted. When compared to the Target Security breach, this attack on Home Depot was much worse in magnitude. For example, the Security hack at the Target stores went on unnoticed for a period of three weeks, but the attack on Home Depot went on for longer than five months. Astonishingly enough, it was a Security writer and blogger which first reported this Security breach on Home Depot. Investigators firmly believe that the source of these Cyber attacks originated from Eastern Europe. In the end, it is estimated that over 60 Million credit card holders were affected by this Security debacle at Home Depot.
When we bank online, or use a banking mobile app, we never think that we could become a victim of Identity Theft. The Security breach which occurred at JP Morgan & Chase Company will now make us think about that twice. In this particular instance, the hackers were able to gain root access at 90 of the financial institution’s servers. With this level of access, the hackers had the potential to transfer funds, disclose customer information, open new accounts, and even close down accounts, without the prior knowledge of the customer. This Security incident has been cited as one of the largest corporate breaches in the history of the United States. For example, information and data were stolen from 76 million households, and 7 million businesses. But amazingly enough, nothing of value was really hijacked (such as money, Social Security Numbers, or passwords). The only pieces of compromised information included customer names, phone numbers, and E-Mail addresses. It is believed that this Cyber Attack originated from Russia.
eBay is probably one of the most widely used, Internet based portals in which customers can buy and sell products quickly and easily. But, that reputation which eBay possesses could soon be changing. Early in 2014, this business entity was hit with a major Security breach, in which millions upon millions of usernames and passwords were hacked into, and stolen. But just shortly after this occurred, eBay was hit yet once again, this time by what is known as a ‘Cross Site Scripting’ (also known as ‘XSS’) attack. In these cases, malicious code is used to divert a customer to a spoofed website. In this particular instance, if a customer used their iPhone to access the eBay website, they would be taken to a spoofed website instead. From here, the customer would have to enter their username and password even before they were given the opportunity to view the product they had wished to bid on. The bottom line is that a simple technique like XSS could be used to spoof the millions of eBay users into logging onto a fake website, and having their online account information stolen. For example, “ . . . the attacker’s data was saved on the eBay server, meaning that the same links were introduced to various users, taking them all away from the comparative safety of eBay to the spoof sites constructed to record their data.” (SOURCE: http://www.makeuseof.com/tag/ebay-security-breach-reconsider-membership/).