Technology is a wonderful thing and is often the solution to a lot of problems — traffic jams, waking up on a morning in time for work, helping save and budget money, the list goes on. However, with technology comes the potential for cyber crimes. Hackers and cyber criminals can use the connected world to their advantage, allowing them access to previously untouchable entities to blackmail people, steal information, or interrupt corporate affairs.
Red Mosquito, cyber security consultancy, said: “the internet of things is transforming our world into a dynamic network of connected devices on an unprecedented scale. The pressing question is whether security will keep pace with these rapid developments, or will we see products being rushed to market allowing attackers to take advantage of missed security vulnerabilities?”.
Cyber crimes can often go under the radar. But when they surface, they can shake the world and create panic, highlighting the dangers that we face in a connected world.
In this article, we’ll explore the worst cyberattacks of 2019.
Capital One Hack
Capital One, America’s fifth largest credit card company, experienced one of the largest breaches of financial service, announcing a data breach in July which affected roughly 100 million account holders in the U.S. and six million in Canada. Data stolen included personal details including names, addresses, phone numbers, dates of birth, social security numbers, account numbers, credit scores, and transactional data.
The hack occurred in March, allowing access to data as far back as 2005 and included credit card applications. The breach was discovered months later. Hacker Paige Thompson, a previous Amazon employee, got into Amazon’s metadata service and created a program which scanned computers for firewall misconfigurations. Thompson hacked vulnerable accounts using the stolen information. Fortunately, the FBI claimed that nothing happened to any of the information. If it was, this could’ve been devastating for millions of people.
Following the announcement in July, Google search trends report that “Capital One” had a spike in search volumes with an unsurprising interest rate of 100, the highest score a search can receive. The search was generally stable in the 60s before the announcement, suggesting that people were concerned over the hack.
In September, almost all inhabitants of Ecuador became victims of a huge data breach that revealed sensitive information of over 20 million individuals. Novaestrat is a data analytics company who had the database which contained information on almost the whole population. The hack was discovered by security researchers who identify unsecure servers and cloud database holding significant amounts of personal details.
Intrusive information including bank details, current bank balance, family connections, job title, salary, and automotive registration plate number were all made vulnerable in the attack. This data is virtually everything an identity impersonator would need to defraud and open a financial account under someone else’s name.
Security advocate, Javvad Malik, said: “This is particularly significant due to the number of records and the sensitivity of the data. Most troubling perhaps being the data of children being stolen which can be used by criminals to setup fake identities or take out loans against which the victims won’t realise until further in life when they realise their credit is ruined”.
The severity of this situation revealed that Ecuador has undeveloped data privacy laws. In 2008, a data privacy law was declared, but no real action was taken to enforce it until after the incident.
HIV Data in Singapore
Although this cyber attack was small scale in comparison to the previous attacks discussed, it is certainly one of the worst in terms of emotional damage. In January, the Ministry of Health reported that data of 14,000 people who had been diagnosed with HIV in Singapore had their information stolen and leaked online. Names, addresses, HIV status amongst other medical details were disseminated, going back as far as 2013. Usually, healthcare data is breached due to commercial motivations, however this one appeared to be personal.
The hacker obtained this information through their partner, the former head of Singapore’s National Public Health Unit, who had full access. People affected were offered counselling, as well as a hotline opened for those concerned whether they were affected.
Since then, additional safeguards against the mishandling of confidential information by verified staff have been given a two-factor authentication process to prevent something like this happening again. This hack highlights the risk of medical data being leaked by staff, and necessary tightened controls.
Cyberattacks are certainly becoming a bigger threat as technology advances — attacks can take various forms from emotional damage to financial problems.