Rebecca Sommer | Cyber Security Writer@RJ_Sommer
Thursday, July 21, 2016
Cybercrime 2016 and 2017 | The Worst Cases
Cybercrime is constantly on the rise, since more and more people are connected online, and more and more interactions – private or business related – take place in this cyberspace. Cybercrime encompasses every crime that is committed online, or a crime that involves computers or cyber aspects. The most frequent types of cybercrime are identity theft, hacker attacks and theft of personal data, phishing, or the relatively new discipline of ransomware attacks. Find out what happened in 2016 in this post, or scroll down for a free infographic about the biggest cybercrime incidents 2017.
Living it up in cyberspace is very convenient on the one hand, because you can easily and conveniently organize your life from your smartphone or laptop. There is no need to go to the bank to make a transaction, instead you use online banking. You can shop online, communicate online, or work from home on your device. On the other hand, the risk of cybercrime is higher the more connected we are.
Same goes for businesses, with the important difference that in business life you have less of a choice. To remain competitive, you have to set up your workspace in the digital realm, to improve workflows and to work more efficiently. This makes you more vulnerable if you are not cautious.
This article gives an overview of some of the worst and most media effective cases of cybercrime that happened in 2016. As a side effect, we introduce categories relevant in cybercrime. Our infographic at the end of the text shows you what happened so far in 2017 – WannaCry, Wheeping Angel and Cloudbleed might sound familiar to you. Read on to find out all about it and to get some crucial security tips.
2016: Bangladesh Bank Heist
In a big cyber robbery case last year, $81 million were stolen from a bank in Bangladesh. The strategy of the attackers:
they obtained valid credentials the banks use to conduct money transfers over SWIFT and then used those credentials to initiate money transactions as if they were legitimate bank employees.
SWIFT (Society for Worldwide Interbank Financial Telecommunication) operates a closed and secure computer network that allows secure communication and transactions for banks with other banks around the world. Only because of a spelling mistake in the receiver – Shalika ‘Fandation’ instead of ‘Foundation’ – the hackers were not able to steal the targeted $1 billion. How is this even possible, one would think? If a transaction is suspicious, Banks normally – or they should – check back before they let a transaction through. But, the Bangladesh Bank heist was an elaborate heist with good timing that took advantage of the slow communication between Bangladesh and New York due to the time difference and the weekend.
Even though SWIFT has not actually been compromised, it is still bad news according to the Tech-Site Wired, because “the hackers undermine[d] a system that until now had been viewed as stalwart.”
Phishing Attacks in 2016
There has been a number of phishing attacks last year, but most prominently on the payroll department of Snapchat. The attackers posed as the CEO of the company and requested sensitive payroll information about employees. In a statement on their blog snapchat apologized to their employees and described what happened in the incident:
Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.
The lesson to be learned from this is to be extremely careful with emails that request sensitive information. In phishing attacks the culprits exploit basic human instincts, such as fear and curiosity. However, it is the smart move to always check back with the person who supposedly requested sensitive data, especially if such a request comes out of the blue. Be aware that phishing attacks do not only occur in the workplace, but are also common in private matters.
Prominent Hacks of Social Media Accounts in 2016
Apparently, social media accounts can be hacked easily if someone takes interest in an account. The list of high profile CEOs whose accounts have been compromised last year is long. Mark Zuckerberg’s Twitter and Pinterest accounts have been hacked, apparently due to a LinkedIn password leak 5 years ago. Additionally, the Twitter accounts of Google’s CEO Sundar Pichai and Brendan Iribe, co-founder of Oculus VR, have been compromised. The latest addition to this list is Jack Dorsey, the CEO of Twitter himself.
Most of those attacks were no straight forward brute force attacks, but were executed indirectly. In Pichai’s case, tweets were sent via an old Quora account that apparently had been linked to Twitter. It seems like in Dorsey’s case, tweets were sent via Vine.
TechTimes sums up the lesson to be learned here very nicely:
Even if it was done through roundabout methods, the lesson here is as clear as day: if a high-profile tech CEO can get hacked, then anyone is fair game. In other words, be careful with your passwords.
Take a moment to think about your social media passwords. If they do not contain special elements, or only consist of a word or an obvious number combination, you should go ahead and change them right now. You will feel more secure and you will not give anyone the chance to enter your account.
Ransomware in Hospitals
Ransomware has been around for some time, but in 2016 attacks grew stronger and more frequent. The most prominent examples of 2016 ransomware attacks were those targeting hospitals, for example the Union Memorial Hospital in Maryland. The ransomware encrypts the data on hospital computers, and only in exchange with 45 bitcoins the attackers decrypt the data again. This is critical for hospitals that deal with very sensitive patient data.
In another case, the IT of the Hollywood Presbyterian Medical Center in LA, has been shut down for a whole week because of ransomware. More attacks targeted the Methodist Hospital in Henderson, Kentucky, as well as a hospital in Neuss, Germany. In the case of the German hospital there was not a lot of damage done, because the data has only been stored in encrypted mode and backups have been made regularly. However, the IT of the entire hospital has been shut down for several days, forcing staff to work as in the pre-digital era.
What Does That Mean for You?
Cybercrime has many faces and the attackers become more and more elaborate. Many attacks target institutions and businesses of all sizes, but private persons are just as vulnerable to certain types of cybercrime. Awareness of the risk of cybercrime is key to keeping your information and assets safe in the digital world. An attack can have very different consequences depending on the form and goal of it. However, awareness does not have to spoil all the fun and comfort that the digital world has to offer. Following some simple rules will help you stay safe – no matter if in your personal life, or your job.
Have a look at our infographic and see what happened so far in 2017. You will find some tips for secure behavior online as well.
Free Infographic: Cybercrime 2017 | The Biggest Incidents
What happened so far in cybercrime in the year 2017? Find out in our free infographic.
By entering my email address I agree that Secomba GmbH sends me information via email. I can revoke this agreement at any time.