It’s a brand new year, full of hope and promise as all new years are. As we all take a reflective glance back on the previous year; we can’t help but notice the dominating headlines of 2014. 2014 was the year of the Cyber-attacks. From major corporations to malware, 2014 saw more than its fair share of cyber criminal activity.
The Sony Hack
In November, Sony announced a major attack on its servers that prompted a worldwide investigation. An alleged cyber group known as “Guardians of Peace” hacked into the system of Sony and acquired hundreds of thousands of emails, social security numbers and salary information of hundreds of key Sony employees and a few notable celebrities. The United States suspected North Korea for the attack, although North Korea has since denied the allegation. Several attacks took place including terrorist threats to employees if the movie “The Interview” was released on Christmas day. Notable results of the hack were Oscar-awarding winning producer Scott Rudin’s comment of Angelina Jolie being, “a minimally talented spoiled brat”, and Sony co-chair Amy Pascal’s comments on President Barack Obama’s poor taste in movies. Several unreleased films were also seized and released for viewing on pirate sites.
Nude Celebrity Photo Leak
Apple’s iCloud was hacked, and hundreds of celebrity’s photos, including those of Jennifer Lawrence of “The Hunger Games” and reality star Kim Kardashian were leaked and posted on forums like 4chan and Reddit. The attacks happened within a few months of each other and Apple quickly enabled a two-factor authentication for all iCloud accounts and also an email notification for all accounts accessed from a “new” device. Celebrity lawyers threatened to file a $100 million lawsuit, and celebrities demanded an investigation, calling the incident a “sex crime”.
eBay Data Breach
eBay users suffered heavily in a February/March attack. An estimated 233 million user accounts were breached, and passwords, phone numbers and physical addresses were stolen. eBay assured its users that their financial information was safe as this information is stored on a separate server that was not affected. The Syrian Electronic Army claimed responsibility for the attack.
Home Depot Breach
Customer credit card information was stolen and put up for sale one week prior to Home Depot confirming a security measure had been put into place to protect its customer’s sensitive information. Simple security software was all it took for the retail giant to protect their client information, thwarting the theft of even more credit card information. Other major US Retailers affected by cyber attacks in 2014 include Neiman Marcus, Sally Beauty Supply, Target, Michaels Arts and Crafts and Goodwill.
The hacktivist collective known as Cyber Berkut posted confidential US documents that showed how Washington was in the works to provide weapons to Kiev. The hack was supposedly accomplished through a mobile device belonging to the US delegation member headed by Vice President Joe Biden, both of whom visited the Ukraine in November. Other documents published included a conversation between US ambassador to the Ukraine, Geoffrey Pyatt and Victoria Nuland shortly before the military coup of the Ukraine.
Other Nasty Threats
Aside from the attacks across the globe, numerous bugs were released on the cyber world as well, during 2014. Threats such as Heartbleed, Shellshock, BadUSB and Ransomware plagued the internet, and the repercussions of these threats are still being felt.
Discovered in April, Heartbleed was released on the world with a vengeance. Heartbleed attacks Open SSL security certificates, forcing servers to give up sensitive user data. One hacker used Heartbleed to exploit a flaw in the encryption of the Canada Revenue Agency and gained access to hundreds of thousands of taxpayer’s information. Patches have been issued to fix the vulnerability, but hundreds of thousands are still being affected by Heartbleed.
A vulnerability found in the software Bash used by millions allows hackers to attack servers, routers, and systems that are Linux and OS X based, directly. In a blog post on Errata Security in September, Robert Graham has called Shellshock “wormable”. “This thing is clearly wormable”, he states, “and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would “game over” for large networks.”
BadUSB has the capability of turning any USB device into an attack ‘platform’. Flash drives, external hard drives and any USB connected devices become the avenue for an exploit that gets into the BIOS of a computer system. Wiping the system clean and starting from scratch won’t rid it of this nasty bug as it lives in the core of the computer.
Ransomware has moved into the Cloud and is now affecting mobile devices as well. Ransomware has the insidious ability to hijack all of a systems document files and hold them for “ransom” forcing the unsuspecting user to pay a fee to have the data released and accessible. Now that this exploit has moved into the cloud there no telling how many millions will be affected by this blighter.
Kaspersky Labs is cited as saying that they estimated over 21 million cyber-attacks plagued the planet in 2014. That number, they estimate, will climb in the coming years. With all of these attacks, it seems nearly impossible to protect a computer from being attacked. One of the most embarrassing aspects of the Sony attacks was the disclosure of a “password” file sitting on the server for anyone to access freely. This password file contained all the passwords of all the employees and a few celebrities as well. Many of these attacks only serve to prove that a few simple steps are all that is needed to ensure the safety and security of a computer and using VPNs is one of them.