In 2014, the high-profile hacking attacks happend to Sony, the U.S. Postal Service, JP Morgan Chase and iCloud for celebrity nude photos dominated the IT security news. Sadly, 2015 wasn’t any better for cyber-security. The volume of hacking attacks that took place this year is becoming more worrisome, and the damage caused by the hack attacks continues to be shocking.
From Anonymous to TalkTalk we witnessed several global hacking attacks. One of the intersting fact is that the average time it takes for an unprotected PC to get hacked after connecting to the Internet is 60 to 90 seconds. Enterprises must think laterally about security in 2016. As hackers exploit weak or stolen passwords in more than 90 percent of security breaches and simply log in as normal users to avoid detection, having multifactor authentication in place is a good way to take security to the next level.
High-Profile Hacking Attacks of 2015
So checkout 2015’s top high-profile hacking attacks :
• U.S. Office of Personnel Management
In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people. This breach was one of the biggest ever of U.S. government systems believed.
Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses. The hack went deeper than initially believed and likely involved theft of detailed security-clearance-related background information. One victim wrote that the OPM is the agency that asks your neighbors what they know about you that could be used to blackmail you.
• FBI Portal Breach
A portal used by police and the FBI to share intelligence and arrest suspects was hacked in November, and data on arrestees was stolen. It is uncertain how many people were affected because the FBI didn’t announce figures. This attack is thought to be one of the biggest law enforcement hacks in 2015. It was perpetrated by the same hackers who accessed CIA Director John Brennan’s personal email account earlier this year.
• Mumsnet Hack
One aspect of the attack on Mumsnet sounds almost routine: the forum site was targeted by a hacker with a denial of service (DDoS) attack, which floods it with traffic until it is taken offline.
But this was only the beginning, as the hacker allegedly behind the attack then targeted Mumsnet founder Justine Roberts with a swatting attack. This is when armed police are sent to a victim’s home after a hoax call to the authorities.
The act has become popular among hostile gamers in the US who attempt to send Swat teams to rivals’ homes while they are live streaming their gameplay online. The aim is to time the arrival with a live broadcast.
Roberts took Mumsnet offline briefly while the hack was dealt with, which also saw a Mumsnet user who attempted to interact with the alleged hacker on Twitter also be “swatted”.
• Ashley Madison
The first of the two big cyber attacks of the year that involved hackers seemingly on a social justice campaign. In July a group calling themselves The Impact Team stole user data from the servers of Avid Life Media, the parent company of adultery website Ashley Madison, and said they would publish the information online unless the site was shut down.
Given the nature of Ashley Madison, many users were keen to avoid being publicly outed as using the site. Ashley Madison charged a leaver’s fee to permanently delete all the personal info of an account holder but The Impact Team also claimed leavers’ data was not deleted. This they said, was part of the reason for targeting Ashley Madison.
Lists of names and addresses were made available online shortly afterwards, with a second data dump containing emails from Avid Life Media’s CEO Noel Biderman.A further twist came as the site did’t require email addresses used to create accounts to be verified, meaning many of those profiles created were likely to be based on false details. Nonetheless, the debate on internet privacy was again raised in the wake of the hack.
The hacking incident that dominated the latter part of the year, telecoms firm TalkTalk confirmed their website had been compromised and customer data was also at risk.
There was confusion initially as the firm said a DDoS attack was behind it – though this method can not breach data, only cripple a website. TalkTalk was also criticised after it emerged there was little to no encryption on the data they were storing.
The company’s head Dido Harding said the firm would put aside money to learn from the episode which saw thousands of customer details ultimately compromised. The arrests made in relation to the attack have been of teenagers, raising questions once more over the security of data held by big businesses.
• Health Insurer Anthem
It emerged in October that Chinese hackers had targeted U.S. health insurance company Anthem to learn more about how medical coverage is set up in the United States. Apparently, Anthem has not been the only target, with smaller insurer Premera saying it had been hacked in March, exposing details of about 11 million people. Health care data has become some of the most valuable information that can be sold in the online black market, making health care companies a prime target for hackers.
Another UK telco was involved in a data breach in October, when hackers stole personal and financial information of 2,000 Vodafone customers. Hackers used emails, addresses and passwords acquired from an unknown source to get names, phone numbers, bank sort codes and the last four digits from bank accounts.
• Anonymous vs ISIS
Part of a much wider issue, but hacktivist group Anonymous, in the wake of the Paris terror attacks, went online to confirm the beginning of a cyber war with Isis.
The jihadist group has prominently used social media for recruiting, communication and propaganda purposes and Anonymous said it planned to stop this.In the latter months of the year, Anonymous targeted Isis on Twitter – posting links to accounts linked to fighters and supporters with the aim of getting them shut down. The group later claimed several thousand were closed as a result. Insults have been traded on both sides, and this one looks set to rumble on into 2016.
So which one of the above hacking attacks do you think will win “Biggest Global Hack Award” of the year and also tell us if we forget to list some other popular hack attacks. We’d love to hear from you in the comments!