CyberReef-Security, Visibility, Control
CyberReef-Security, Visibility, Control

Blog

Extra Extra Read All About Us

Major Cyberattacks on Business in 2018
December 5, 2018

Major Cyberattacks on Business in 2018

Major Cyberattacks on Business

How well is your business protected from malicious cyber activity?

Editor’s note: This article does not include the recent Marriott data breach, which  compromised the data of up to 500 million people.

Major cyberattacks on business in 2018 keep mounting. The first half of the year was especially troubling. As reported by Wired, and based on Identity Theft Resource Center’s (ITRC) 2017 Data Breach Industry Summary report, the number of records compromised in just the first two quarters of 2018 has surpassed the total of breached records in all of 2017.

While in 2018 there weren’t as many global ransomware attacks and major government leaks as those that plagued 2017, the number and nature of cyberattacks still show that critical infrastructure security is fragile, corporate security is lacking, and weaponized hackers, backed by their respective countries, are getting bolder globally.

Between 2014 and the first quarter of 2018, the number of significant data breaches in the U.S., by industry, totaled:

  • Business: 301
  • Medical/Healthcare: 181
  • Banking/Credit/Financial: 84
  • Government/Military: 49
  • Educational: 45

Here’s a roundup of the major cyberattacks on business to date, along with the number of records compromised and some other related stats, plus this year’s major trends in cyber breaches. This list is not comprehensive in the sense that not all significant data breaches made the list, and the number of reported compromised records is probably higher overall, so the full scope and range of these attacks won’t probably be known until next year.

Three Troubling Trends

U.S. security researchers, along with government and private sectors, have sounded an alarm regarding certain data breaches and digital security attacks happening in 2017, but these trends have escalated in 2018, forcing the government to publicly acknowledge the evidence, and the industries involved to grapple with finding solutions:

  1. State-sponsored hacking. With Russia being the worst offender, the high-profile hacking coming from outside the U.S. continues with such incidents as last year’s NotPetya ransomware attacks, to the grid hacking which compromised U.S. power companies. Another powerful Russian hacking campaign involved spreading malware known as VPNFilter. This type of malware was used to create a massive botnet by coordinating infected devices, as well as spying on them directly. As of last May, it was reported that more than 500,000 routers were affected worldwide, resulting in data theft, spam campaigns, and other harmful network manipulation.
  2. Increased data exposures. A type of data breach, data exposure differs nevertheless from the data breach in that data is vulnerable to access by anyone on the open internet because of the way it’s stored and protected. Examples include improper access authentication, a misconfigured database, improper file and access data storage in the cloud (like passwords). Data exposures are harder to spot than the more-blatant breaches, and their causes are more difficult to pinpoint.
  3. Intellectual property theft. Last March, nine hackers based in Iran were indicted by the Department of Justice for allegedly attacking — via “spearphishing” — 144 U.S. universities, 176 universities in other countries, the United Nations, plus several U.S. government agencies, and almost 50 private companies. An estimated 31 terabytes of data was stolen, worth $3 billion in intellectual property.

The Cost of Malicious Cyber Activity

Costs associated with cybercrime can be staggering, especially for companies that haven’t taken the measures to protect themselves. The projected damage is estimated to reach $6 trillion annually by 2021, while the U.S. government estimated the total cost to the economy to be between $57 billion and $109 billion in 2016.

According to Accenture:

  • The average cost of a malware attack on a company is estimated at $2.4 million.
  • The most expensive component of a cyberattack is information loss (43 percent).
  • Ransomware damage costs were over $5 billion in 2017, a 15-fold increase since 2015.

The cost of lost business is also a big factor. Per Ponemon Institute’s 2017 Cost of Data Breach Study, the most expensive estimated data breaches associated with stolen records are in the U.S. ($225 per person) and Canada ($190 per person). The average cost of data breach for companies with over 50,000 compromised records is $6.3 million, while the average cost of lost business in the U.S. is $4.13 million per company. This figure includes such factors as reputation loss and customer turnover.

Major Cyberattacks in 2018

Aadhaar (India); 1.1 billion records breached, with individual data stolen through a service offered by anonymous sellers over WhatsApp.

Exactis; 340 million records breached. Florida-based marketing and data aggregation firm exposed its database of two terabytes of personal information for hundreds of millions of Americans and businesses on a publicly accessible server.

Under Armour; 150 million records breached. A breach of data via unauthorized access to MyFitnessPal, a platform which tracks users’ diet and exercise, exposed individuals’ usernames, email addresses and hashed passwords.

MyHeritage; 92 million records breached. The online genealogy platform exposed the users’ email addresses and hashed passwords.

Facebook; 87 million records breached (rough estimate). The social media giant was rocked by scandal back in March, when it was revealed that a political data firm called Cambridge Analytica collected the personal information of Facebook users via an app that scraped personal information. Cambridge Analytica copped up to compromising about 30 million records, but Facebook’s estimate was much higher. Then again, in June, another app, named Nametests.com, was blamed for compromising the records of over 120 million users.

Panera Bread; 37 million records breached via Panerabread.com leaking customers’ records.

Ticketfly; 27 million records breached. The concert and sporting-event ticketing website’s directory was breached and the site taken down for about a week, apparently accompanied by a ransom request.

Sacramento Bee; 19.5 million records breached. The daily newspaper suffered an attack from an anonymous hacker who hijacked two databases containing contact information and California voter registration data. The company refused to pay ransom and deleted the databases.

PumpUp; 6 million records breached. The fitness app PumpUp had an improperly secured server, giving access to sensitive customer data including photos, messages, and even credit card data.

Saks Fifth Avenue and Lord & Taylor; 5 million records breached. A major hacking syndicate was at some point offering five million stolen credit and debit cards up for sale, which were traced to these luxury department stores, owned by Hudson Bay.

To learn how to increase your company’s cybersecurity and data protection, contact the experts at CyberReef Solutions today. A delay in improving your company’s security could cost millions.

, , , , , ,

Related Posts

CyberReef Selected as a Venture Atlanta 2023 Presenting Company
September 6, 2023

CyberReef Selected as a Venture Atlanta 2023 Presenting Company

CyberReef Selected as a Venture Atlanta 2023 Presenting Company Now in its 16th year, Venture Atlanta has helped to launch more than 760 companies and raise $7.5 billion in funding to date ATLANTA – August 30, 2023 – CyberReef announced today that it has been chosen out of a record-breaking 550 applicants as one of […]

What is a RapidAPN?
March 28, 2023

What is a RapidAPN?

Secure LTE in Days Public Wi-Fi is the most common connection point for remote workers. It is not secure though.  Unless their computers are up-to-date, use encryption and a VPN; remote workers represent a security risk for companies. Tech teams are overburdened, which results in off-site computers often not being up-to-date. Encryption and VPNs only […]

Partner Testimonial Tier 1 Solar
March 21, 2023

Partner Testimonial Tier 1 Solar

The Power of Testimonials When I think about the CyberReef culture and spirit, the phrase “whatever it takes” captures who the employees are.  They do “whatever it takes” to ensure customer and partner success.   When I read the below testimonial from our the CEO at Tier 1 Solar and Design Eng. Firm, it reminded me […]

International Woman’s Day
March 8, 2023

International Woman’s Day

Women in Technology CyberReef is a diverse company.  Looking at some stats about women within our team vs the industry standards we find: 30% of our team is female, 4% higher than the tech industry standard. The percentage of women who work at CyberReef has increased 5% over the last two years, while the percentage […]

Travel Cybersecurity Tips
January 5, 2023

Travel Cybersecurity Tips

3 Ways to Secure Your Devices While On-the-Go We all travel.  It’s likely that over the next fiscal year, you will be in an airport at some point.  Those of us who travel for work are likely to be in the airport even more.  We all go through the same process:  Check your bags, grab […]

CyberReef Debuts Ground-breaking MobileWall App Throttling for Secure Mobile Networks
October 20, 2021

CyberReef Debuts Ground-breaking MobileWall App Throttling for Secure Mobile Networks

Innovative Capability Enables Unprecedented App Management, Data Usage and Cost Control SHREVEPORT, LA. — October 21, 2021 — CyberReef, home of the patented MobileWall suite of secure mobile networking solutions, announced today an industry-first innovation with the addition of App Throttling to the MobileWall cloud-based firewall solution. MobileWall App Throttling enables unprecedented application management, data […]