The hacks that left us exposed in 2017

It was the year nothing seemed safe.Bombshell hacks were revealed one after another in 2017, from an Equifax b...

Posted: Dec 19, 2017 8:57 AM
Updated: Dec 19, 2017 8:57 AM

It was the year nothing seemed safe.

Bombshell hacks were revealed one after another in 2017, from an Equifax breach that compromised almost half the country to global ransom campaigns that cost companies millions of dollars.

The cyberattacks highlighted the alarming vulnerability of our personal information.

More tools used by government hackers have become public, and it's easier than ever to create sophisticated ways to spread malware or ransomware or steal data from companies. Companies also frequently fail to patch security flaws in a timely manner.

And there's more to come.

"As we do more and more of our business online, and as criminals realize the value of the data that organizations are protecting, we're seeing morse big-name breaches, more high-profile breaches," says Mark Nunnikhoven, vice president of cloud research at the security company Trend Micro.

In particular, ransomware -- when hackers demand money to unlock files -- is becoming more common.

An analysis from anti-virus software firm Bitdefender found ransomware payments hit $2 billion in 2017, twice as much as in 2016. Meanwhile, Trend Micro predicts global losses from another growing trend, compromised business email scams, will exceed $9 billion next year.

Here's a look back at the major hacks of 2017.

Equifax

Cybercriminals penetrated Equifax, one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.

The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.

Related: Why hacks like Equifax will keep happening

The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details.

Firms like Equifax, TransUnion and Experian sell that data to customers, such as banks, landlords and employers, so they can learn more about you. Whether data brokers do enough to keep that private information secure is under scrutiny.

Former Equifax CEO Richard Smith, who stepped down after the breach was revealed, testified to Congress and blamed the security failure on one person who had since been fired.

The public still doesn't know who is responsible for the hack.

A Yahoo bombshell

Parent company Verizon announced in August that every one of Yahoo's 3 billion accounts was hacked in 2013 -- three times what was first thought.

In November, former Yahoo CEO Marissa Mayer told Congress that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked.

The company still does not know who was responsible.

Separately, a Canadian hacker pleaded guilty this year to his role in another major Yahoo security breach from 2014. That one compromised 500 million Yahoo accounts. He will be sentenced in February.

Leaked government tools

In April, an anonymous group called the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the National Security Agency.

The tools allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Microsoft said it had released patches for the security holes in March. But many businesses had not patched their software. The tools Shadow Brokers leaked were then used in the year's biggest global cyberattacks, including WannaCry.

In March, WikiLeaks released documents that claimed to describe hacking tools created by the CIA. Researchers found that many of the exploits were old and imitated hacks that were made public years ago.

One tool, according to the documents, was malware that allowed the CIA to listen to targets through Samsung smart TVs, even while the TV was in a "fake off" mode.

WannaCry

WannaCry, which spanned more than 150 countries, leveraged some of the leaked NSA tools. In May, the ransomware targeted businesses running outdated Windows software and locked down computer systems.

The hackers behind WannaCry demanded money to unlock files. More than 300,000 machines were hit across numerous industries, including health care and car companies.

Related: Why WannaCry took down so many businesses

There was a human cost: In Britain, hospitals with locked computers were forced to close temporarily. One patient told CNN his cancer surgery was delayed.

Nunnikhoven, from Trend Micro, says it's an example of an Internet of Things hack with major consequences. The Internet of Things refers to everyday devices, beyond traditional computers and phones, that connect to the internet.

The WannaCry infections were so bad that, in an unusual move, Microsoft released a patch for Windows systems that it had stopped updating.

The cyberattack has been linked to North Korea.

NotPetya

In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.

This virus also spread by leveraging a vulnerability leaked by the Shadow Brokers.

In September, FedEx attributed a $300 million loss to the attack. The company's subsidiary TNT Express had to suspend business.

Bad Rabbit

Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised.

Once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.

The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany.

It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don't belong to the software company.

Voter records exposed

In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.

It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but Chris Vickery, a researcher at cybersecurity firm UpGuard, regularly finds that companies set it up wrong.

Verizon and the U.S. Department of Defense also had data exposed on Amazon servers.

Hacks target school districts

The U.S. Department of Education warned teachers, parents, and K-12 education staff of a cyberthreat that targeted school districts across the country in October.

Related: Hackers are targeting schools, U.S. Department of Education warns

In one Montana school district, parents and students feared for their safety after a hacker group sent threatening text messages as a part of an extortion campaign.

The group, dubbed The Dark Overlord, stole information on students, teachers and other district employees. They asked for money to destroy the files. Schools closed for three days.

The same group was responsible for stealing information from Netflix's production partners and leaking episodes of Netflix's "Orange is the New Black" after the company refused to pay ransom.

An Uber coverup

In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn't made public until this November, when it was revealed by new Uber CEO Dara Khosrowshahi.

Now Uber is facing questions from lawmakers. Three senators introduced a bill that could make executives face jail time for knowingly covering up data breaches. City attorneys in Los Angeles and Chicago and the Washington state attorney general are suing Uber over the breach.

Looking ahead

Expect even more of this in 2018.

Nunnikhoven predicts attacks on the Internet of Things will keep hitting industries including airlines, manufacturing and cars as they rely more on so-called smart technology.

"They face the same cybersecurity challenges that our laptops and our phones do, but they're attached to real things in the real world," he said. "If someone hacks my laptop, my data is at risk. But if someone hacks a robotic manufacturing arm, that entire manufacturing line is at risk."

The year's breaches may ultimately change consumer behavior. They proved Social Security numbers and birthdays might not be the best form of secure identification. Criminals buy and sell those numbers for fairly low prices, along with other personal information like addresses, emails and passwords.

Lawmakers are also proposing legislation to combat data breaches.

In the meantime, businesses and people are at least more aware of security risks.

"The number of high-profile international breaches has been a wake-up call this year to businesses that security is a top-level item," Nunnikhoven said. "It affects the bottom line."

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 92432

Reported Deaths: 2792
CountyConfirmedDeaths
Hinds6931154
DeSoto535455
Harrison370771
Jackson335867
Madison319086
Rankin316174
Lee256166
Jones237678
Forrest231769
Washington216371
Lafayette205039
Lauderdale1990124
Bolivar177565
Oktibbeha174149
Lamar157733
Neshoba1529103
Panola142426
Sunflower139643
Lowndes138957
Warren137250
Leflore135380
Pontotoc121216
Pike120448
Monroe118265
Scott115925
Copiah115733
Coahoma111227
Holmes108558
Marshall107115
Grenada105035
Lincoln104953
Yazoo103529
Simpson100742
Union97724
Tate95037
Leake93735
Adams90936
Wayne87121
Pearl River85150
Marion83633
Prentiss80317
Covington79622
Alcorn76311
Newton75022
Itawamba74621
Tallahatchie74518
George74013
Winston72019
Tishomingo65336
Chickasaw64124
Attala64025
Tippah63716
Walthall59025
Clay56516
Hancock55720
Noxubee54015
Jasper53815
Clarke53138
Smith51814
Calhoun50612
Tunica47613
Montgomery45320
Claiborne45116
Lawrence42312
Yalobusha41514
Perry39417
Humphreys37215
Quitman3725
Stone34811
Greene33817
Webster32813
Jefferson Davis32311
Amite31110
Carroll31012
Wilkinson30117
Kemper28615
Sharkey26212
Jefferson2379
Benton2181
Franklin1873
Choctaw1775
Issaquena1033
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 128818

Reported Deaths: 2284
CountyConfirmedDeaths
Jefferson18772333
Mobile12975289
Montgomery8598173
Madison742275
Tuscaloosa7081114
Lee560359
Shelby557250
Baldwin503348
Marshall378442
Etowah330645
Calhoun324939
Morgan314226
Houston264422
Elmore249747
DeKalb232619
St. Clair219835
Walker219180
Talladega203426
Limestone194219
Cullman180817
Franklin173428
Dallas173226
Russell16922
Autauga166424
Lauderdale161633
Colbert158126
Escambia155424
Blount152714
Jackson148511
Chilton146327
Covington130327
Dale130043
Coffee12488
Pike11359
Tallapoosa112983
Chambers111742
Clarke104617
Marion92128
Butler90638
Barbour8247
Marengo69619
Winston68712
Lowndes64527
Pickens62814
Bibb61910
Hale61028
Randolph59112
Bullock58514
Lawrence57820
Monroe5738
Geneva5564
Cherokee54816
Washington54513
Perry5366
Clay5317
Wilcox53011
Crenshaw51931
Conecuh51711
Macon46720
Henry4594
Sumter41719
Fayette4159
Choctaw34412
Lamar3372
Cleburne3166
Greene30015
Coosa1603
Out of AL00
Unassigned00
Tupelo
Broken Clouds
74° wxIcon
Hi: 75° Lo: 61°
Feels Like: 74°
Columbus
Overcast
75° wxIcon
Hi: 77° Lo: 61°
Feels Like: 75°
Oxford
Clear
72° wxIcon
Hi: 76° Lo: 58°
Feels Like: 72°
Starkville
Overcast
72° wxIcon
Hi: 72° Lo: 58°
Feels Like: 72°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather