Marzena Trembecka
Marzena Trembecka

Selected hacker attacks in 2017

In the ideal world nothing threatens cybersecurity. But such a world does not exist. This was confirmed in the first half of 2017 which was not as secure as the previous ones.

At the beginning of 2017 there was a significant number of cyberattacks. Nearly in each month we received information on hacker attacks on government institutions, financial sector, healthcare or individual Internet users.

We chose 4 loudest cybercrimes from 2017. We want to remind about hacker attacks which took place in the last six months. And this is only half of the year...

Can a TV eavesdrop? - WikiLeaks CIA Vault 7

March is an event related to WikiLeaks. On 7 March, 8761 CIA documents were published. They presented the use of widely-understood technologies with smartphones and smart TVs. Those documents include the description of loopholes in iOS System, Android Windows, which allow for using devices for surveillance and spying.

"Vault 7" – the name of the application – does not reveal source codes but their descriptions. The publication includes information on tools used for surveillance. They involved, among others, Wi-Fi signals or controlling a layer of code coordinating equipment and software. WikiLeaks "Vault 7" revealed that tracking took place by means of malware, viruses, Trojans, remote programmes.

In order to maintain security, WikiLeaks did not publish detailed information in order to prevent its use as cyberweapon. WikiLeaks did not publish any details connected, among others, with IP addresses of CIA servers.

Information disclosure and collection by CIA may cause serious problems. It concerns viewing CIA by public and its operating capabilities. The disclosure of advanced methods and exploiting spying tools interested Internet users who, individually, started to analyse published data.

Standstills in factories and cancelled operations? WannaCry in action

WannaCry ransomware attacked on 21 May 2017. WannaCry attacked nearly 200 000 institutions worldwide. This virus attacked public utility units, large corporations, universities, railway carriers, car factories and financial institutions. It attacked and weakened the operations of hospitals and healthcare facilities in Great Britain.

A malware Internet worm WannaCry or Wanna Decryptor makes use of loopholes in Windows security system. After infecting the system, data are coded. In order to unblock them, hackers demanded 300-600 dollars paid in BitCoins.

This potent ransomware spread when it could not connect with unregistered domain Darien Huss who discovered the operating principle of this virus, registered the domain and the attacks were stopped.

WannaCry attack devastated many companies by blocking their access to the system. The worm threatened hosts, coded files stored on computers and demanded payment in BitCoins. WannaCry spread based on loopholes in Windows security system.

In March – two months earlier – Microsoft issued a correction concerning error MS17-010 which was not implemented by many companies. The lack of updating resulted in the vulnerability of computers operating on Windows to WannaCry infections.

"Data leakage does not concern me"

We do not hear often about data infringement or disclosure concerning elections. This story took place in the USA with more than 200 000 000 voters. The personal data of 198 000 000 of the said voters, which is nearly 60% of the country citizens, were available in the network without any security. The data leakage was not caused by hackers but by the incorrect and careless securing of data by Deep Root Analytics.

The unprotected data base was "discovered" on 19 June by Chris Vickery, a cybersecurity specialist. The unsecured data base was stored on Amazon 3S server. More than 1 TB of information was available in the network for everyone. This included first and last names, dates of birth, addresses, telephone numbers and even information on ethnicity and religion.

The disclosure of such data is a critical hazard for natural persons and state institutions. At the same time, the leakage of such a quantity of sensitive data shows that our details may by distributed without our consent in the Internet and at any time they can reach unauthorised persons.

The paralyse of the state? Petya / NotPetya

One month after WannaCry attack, we were attacked with another ransomware on a global scale. This type of malware was called Petya, NotPetya. This time, the software was more advanced than WannaCry. The attack was directed at companies and institutions with updated Windows. Petya Virus had defects in the form of ineffective and inefficient payment system.

The analysis carried out by specialists demonstrated that it was not exact Petya but ransomware using some Petya mechanisms. Experts from Kaspersky Lab stated that malware differs from the previously known versions of Petya. They decided to call this virus NotPetya.

NotPetya infected and paralysed public institutions, bank systems, communication and computerised companies worldwide. The attack was most serious in Ukraine, Denmark, Russia and Great Britain. Also companies from, among others, Poland, Germany, Norway and USA suffered from this attack. Similarly to WannaCry, hackers demanded a ransom of USD 300 paid in BitCoins. More and more people think that NotPetya was not to wheedle money but to destroy data completely.

In the event of cyberattacks experts are agreeable. Firstly, it is necessary to create back-up copies, update anti-virus programmes, not click on unknown e-mails and not pay in the event of an attack.

The attacks from the first half of 2017 selected by us constitute a minor fraction of all the attacks which took place in the last six months. Large data leakages, paralysed banks, telecommunication companies, factories, government institutions and private persons frequently attract viruses which hack computers, smartphones and smart home devices.

Andrzej Prałat
Marzena Trembecka

For media

Provide us with contact details.

Thank you