2018 has seen a stream of pretty high profile cyber attacks across the global sphere. And with cyber security at business level not always taking enough steps to protect themselves and their customers, these attacks are becoming more and more commonplace.
Corporate security faces massive issues in the wake of such terrifying cyber attack statistics, with these threats posing more challenges as they become that much more evolving. And hackers are becoming more adept at hacking on a daily basis.
With this in mind, here is a round-up of some of the big cyber scandals that have seen the harsh light of day in 2018.
Facebook’s ‘View As’ feature
In September 2018, Facebook became the centre of a cyber scandal when it was announced that 50 million users had become affected by a large-scale data breach. Cue mass unliking.
It was discovered when a company engineering team came across a string of attackers who exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that allows users to see what their own profile looks like to someone else. Guy Rosen, Vice President of Product Management at Facebook stated in his Security Update:
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app”
Since the attack, Facebook has taken the necessary steps to help secure their site and also believes to have successfully fixed the security vulnerability. Though whether you were directly affected by this breach or not, it still pays to update your password, and make sure to do this regularly. Always include upper and lower-case characters with symbols and make it as unique as you can whilst also being able to remember it.
Svizter reveals the shipping of customer details
Shipping company, Svizter Australia, was the company behind the first data security breach to make a public appearance since Australia’s new notifications scheme, which came into effect on 22nd February 2018. Svizter notified the Office of the Australian Information Commissioner of said data breach, which saw the personal information of half of its employees leaked outside the company.
ABC News reported that over the course of 11 months, emails containing employees tax file numbers, superannuation account numbers and next of kin details were secretly auto-forwarded to external accounts. This leak was picked up once emails started to bounce back on the system.
The stats? Affecting over 400 employees - just under half of all staff at the company - 60,000 emails from three accounts in the finance, payroll and operations teams were secretly auto-forwarded between 27th May 2017 to 1st March this year. A pretty lengthy period for a data breach. Svizter took necessary steps to stop the auto-forwarding once the issues came to light, and after ruling out that the perpetrator was someone internally, are currently looking at the extent of the theft.
Svizter Australia Managing Director, Steffen Risager stated:
“This is a reminder of the constant threat individuals and businesses alike face.” Which is why picking up some serious cybersecurity knowledge and understanding the day to day skills required for such a task is so important.
A spree across US Universities
More than 300 universities in America and abroad were deemed victims of a hacking attack in March this year. The Department of Justice outlined that this attack was the work of nine Iranian hackers carrying out a cyber spree. Other affected countries included Australia, Canada and Denmark. In total, the attack was pretty large scale, affecting the following:
- 144 US universities
- 176 universities in 21 other countries
- 47 private companies
The spree also affected separate businesses as below:
- United Nations
- US Federal Energy Regulatory Commission, and
- The states of Hawaii and Indiana
What were they after? It was reported that these hackers targeted 100,000 accounts and stole 31.5 terabytes of data, worth a whopping $3 billion in damages. And they were carried out using cleverly created spearphishing emails to trick lecturers and university associates into clicking on malicious links and typing in their individual network login credentials. Out of the 100,000 accounts targeted? Rather scarily, they were able to gain credentials for roughly 8,000 of them.
In the wake of this destructive attack and with cyber attacks costing Australian citizens and companies more than AU$7 billion every year, it pays to be cyber savvy and take the necessary steps to protect yourself and your company from the threat of seemingly harmless spearphishing emails.
Under Armour under fire
When utilising a fitness app to help you stay in shape, you don’t expect your private information to become the victim of a data hack. But that’s exactly what happened in February 2018 to 150 million app-happy users. Personal information from names and email addresses to passwords were stolen from the heavily used MyFitnessPal mobile app and website.
In a statement made by Under Armour, who bought MyFitnessPal in 2015, they assured the public and avid app users that social security, driver license numbers and payment card data did not form part of the compromised data. Under Armour first realised the attack on 25th March 2018 and made it public knowledge a week later. And whilst the company had taken essential security steps to keep users details under tight lock and key and protected passwords with a technique called ‘hashing’, they didn’t do a strong enough job with every user of the app.
Sadly for some, their passwords were protected by a weaker hashing scheme known as SHA-1, which as reported by Computer Weekly in 2017, 'is now completely unsafe'. What this meant is that hackers were able to crack users passwords pretty easily and apply these to malicious scams.
It was reported as the biggest data breach of the 2018 and one of the five largest to ever take place. This serves as an important reminder that not all corporate networks have stepped up their cybersecurity game. This includes many businesses in Australia, as outlined in the Telstra Security Report 2018.
To help safeguard your own company from data breaches and malicious hackers, why not learn some essential skills to help to keep these attacks at bay? Get in touch with us today to take your first steps into the cyber security world.