Since the dawn of the internet, there have been plagues of malware swarming around our systems. Organisations are hit on a daily basis with an ever growing number of Virus’s, Trojans and Worms (amongst other terror’s) aiming to interfere with our networks and gather sensitive information.
With cyber-attacks becoming more sophisticated, new figures show these occurrences are costing the UK over £34 billion per year. A recent study from IBM Data Breech Report found can cost a UK business on average £104 per capita, increasing substantially from previous findings.
Besides the financial loss suffered from a security breach, a firm’s reputation is also on the line when under cyber-attack. When data is breached, customers can lose faith in the company causing sales and revenue decline and in turn long term impacts that can be hard to recover from.
This post looks at the most detrimental and large scale hacks over the past 5 years.
Sony Pictures Entertainment (2014)
One of the most high profile and damaging attacks in recent years saw the inner working of Sony Entertainment exposed to the masses. Employees at Sony had their screens hijacked with a grinning skull as hackers, the “Guardians of Peace”, stole over 100 terabytes of data.
As the malware rendered Sony’s systems useless, software installed began to extract both current and previous employees’ social security numbers and scanned passports. Hackers also got their hands on marketing plans, unpublished scripts and 4 unreleased films and wasted no time in uploading them onto file sharing websites.
After the Sony hack, the realisation has hit on the seriousness cyber security. Officials stated that the attack would have infiltrated over 90% of organisations which poses the question- do firms need to look at upgrading their firewalls and technology to higher levels of sophistication?
Sony PlayStation (2011)
Unfortunately for them, the Sony Picture Entertainment hack wasn’t the first to occur to the Sony Empire. 2011 saw the Sony Hack Attack on PlayStation where around 102 million records off the network where compromised.
The initial tally released from PlayStation was calculated at 78 million records of users log-in’s, names, addresses, phone numbers and emails. The number quickly rose an additional 24 million when investigators discovered the attack had also penetrated Sony Online Entertainment (SOE) and Qriocity accounts as well. The attack on SOE and Qrioity also lead to the credit card data of 23,000 users in Europe being breached.
Since the hijack, Sony has been under scrutiny about their data protection procedures. David Smith, the deputy commissioner and director of data protection acknowledged that PlayStations measured were “simply not good enough” . In an organisation the size of Sony, Smith stated the attack could have been prevented had they had the most up-to-date software.
Sony PlayStation’s negligence has not gone unnoticed. They have recently been slapped with a £250,000 fine for the leak of millions of users personal details.
eBay Inc (2014)
One of the more shocking cases was eBay’s security breach in 2014 which actually went undetected for some time.
After noticing something out of the ordinary, it took the online marketplace a number of extensive tests to realise they had fallen victim to a cyberattack. It turns out that email addresses and encrypted passwords to all of eBay’s 150 million users had been compromised, making it one of the largest breaches to date.
The company was quick on the mark to rectify the problem, issuing a notice to all users to change their passwords. This fast response from the organisation avoided any detrimental damage being caused. Extra measures were also taken to protect the network to ensure the same thing never happens again.
Just behind eBay in terms of the number of users involved is Adobe. After their initial stated of 2.9 million (the number of customers affected by the data leak), it quickly emerged that the number was much higher than originally predicted.
The correct number actually stands at just under 150 million, over 20 times more than the first statement.
Although anyone can be subject to a databreach, Adobe have come under scrutiny by the way they encrypted their data in the first place. Essentially making it easier for hackers to use the stolen data, Adobe encrypted the data with the same key (for those non-techs out there this means every identical password also looks identical when encrypted). A tough day for the ‘password’ and ‘123456’ culprits out there.
The company recommended all users change their passwords as well as any other accounts the code is used on. In addition they offered affected customers the option to enrol onto a 1 year complimentary credit monitoring membership (Perhaps Sony PlayStation should take guidance from Adobe).
Ashley Madison (2015)
The most recent and possibly most controversial hack of the past 5 years is the Ashley Madison case.
All 37.8 million users signed up to the dating service had their personal details leaked online by moral hackers looking to shut down the site. The group going by the alias of ‘The Impact Team’, released over 60 gigabytes of data in the deep web.
With the focus on the hack being more around the morality of the situation, not much is known of the hackers responsible. Ashley Madison’s service promised a ‘full delete’ option if users are willing to pay a fee. This appeared to be a lie and the Impact Team tried the blackmail the company, threatening the release of the data if the company didn’t close down the site.
Not through lack of trying, the identities of the hackers have not yet been found out. With exceptional operational security (OpSec) and hiding behind the dark web, The Impact Team are almost impossible to find. Using anonymity browsers serving only HTML/TXT and dubbed MailTor emails, it’s possible they will never be found.
Malware attacks are imminent and can evidently happen to anyone. To get the highest level of security protection you need to make Next Generation Firewalls apart of your risk management. Dell SonicWALL provides professional solutions for your networks safety. For help in choosing the right firewall for your business we have a comparison tool on hand to assist you, http://www.supersoniccomparison.co.uk
To get the most up-to-date information on your firewall needs, contact us today for an on-site assessment.