If 2013 was the year of shedding light on the NSA surveillance programs, 2014 was definitely the year of high profile hacks and attacks on personal accounts, businesses, Governments and celebrities. The cybercriminals have been very busy, so as we start 2015 let’s reflect on some of the important events of 2014 that should guide our cyber security decisions in 2015.
- The Target breach spilled over from 2013 into the start of 2014 with an estimated 110 million records stolen from the Company resulting in the CIO resigning by March and the total cost reaching $110 million by June. Looking back at the year, this was an ominous sign for retailers and consumers.
- February saw eBay employee’s login credentials stolen that resulted in the online auction site asking 145 million users to promptly change their passwords.
- In April we had a local Irish story with the revelation that over 650,000 customers had their data stolen at Irish bookmaker Paddy Power. The unfortunate headline from this story was the delay in reporting the breach from October 2010 until April 2014. We need quicker action!
- Who can forget the “Fappening”? It was one of the largest celebrity leaks of all time as hundreds of nude pictures of celebrities such as Jennifer Lawrence, Kate Upton, Kim Kardashian, Daisy Lowe and countless others were leaked by hackers from the users’ iCloud accounts. The leak was spread over 4 months and probably mobilised the greatest number of celebrities to speak out about privacy issues since the EFF sponsored “Stop watching us video”. Apple confirmed that the breach occurred as a result of weak passwords and not vulnerability in their service. Again, everybody should practice good password hygiene!
- In August it was revealed that Russian hackers amassed over 1.2 BILLION stolen login credentials! Wow, everyone needs to practice good password hygiene.
- Home Depot was next on the list to announce a data breach in September that apparently started in April. It is estimated that 56 million customer payment cards were targeted across the US and Canada using a variant of the BlackPOS malware.
- In September, 5 million Gmail usernames and passwords were leaked as a result of phishing attacks and use of weak passwords.
- JPMorgan was next on the attack list as in October it announced that during the summer 76 million household and 7 million business accounts were compromised through a server the company had neglected to protect using 2-factor authentication.
- In November, China was blamed for two separate attacks, first on the US Postal service where 800,000 employee credentials were stolen and then on US weather systems which were shut down for a week following the hack.
- 2014 definitely finished on a bang with December starting with the Sony hack rumbling on for weeks with leaked emails (they should have used email encryption) and passwords stored in a folder called “passwords”. The chaos in the lead up to the release of “The Interview” on iTunes was unbelievable. The final costs are yet to be counted here.
- December finished off with two more high profile attacks, firstly the revelation of an attack on Staples in October with malware attacking roughly 16 million payment cards across 115 stores and then the attack that brought down Xbox Live and Playstation Networks on Christmas Day.
Unfortunately, there are many other attacks such as the Swedish Government email attack, Western Media, German Emails, European Central Bank, Obamacare and the Nuclear Regulatory Commission which further highlights the focus for security in 2015. These attacks threaten businesses both big and small (regulated or not), celebrities and every ordinary person who uses the internet. The examples above catalogue the millions of breaches in 2014 and behind every one is a real person and with online privacy predicted to be a mess for at least a decade to come the onus is on all of us to stand up and take back control of our data. In some cases we need more education of the threats online and in other cases businesses need to invest in their infrastructure to protect themselves and their customers against such attacks.
As we look to 2015, it is clear that the number of APT’s (Advanced Persistent Threats) will increase when you look at the trend from 2010 until 2014. These attacks are targeted in nature rather than a “catch all” approach and they can remain unnoticed for extended periods of time. They have exposed over 81 million records in 2014 of which 42% were from the Healthcare industry. We can expect more of the high profile attacks similar to Home Depot in 2015.
It is also clear that hackers will continue to attack email accounts as a source of theft; financial, identity or otherwise. This attack is indiscriminate and widespread and behind the 1.2 billion credentials the Russian hackers stole there are real people who may have shared private information through their email account and now they want to protect it. To combat this attack, email encryption of information in transit and at rest in the inbox is on the rise with further developments expected in 2015. Jumble.io provides an easy to use, integrated, end-to-end email encryption solution to this problem and it’s free for individual users.