5 Of The Worst Mass Hack Attacks & Types of Malware

 

whitehouse

 

Five worst hack attacks within the past two years:

  1. US Office of Personnel Management

This breach was one of the biggest ever of US government systems. Although not proved, the attack was believed to be perpetrated by Chinese hackers. The data theft consisted of stealing addresses, health and financial details of 19.7 million people. This included personnel data for every federal employee, every federal retiree, and up to one million former federal employees.” The hackers focused on hacking the Central Personnel Data File.  The hackers supposedly exploited a security flaw that was warned about many times before the attack.

  1. Ashley Madison

The security data breach that hit the infamous infidelity dating site Ashley Madison. This specific hack engaged the media. The hack targeted information of the participants, including: usernames; passwords and email addresses. The effects of such a hack is quite logical. The people who have been exposed using t5his website may have their reputations, both professional and personal, tarnished resulting in a massive impact on their lives. A hacking collective identified weaknesses in password encryption and used these to crack the bcrypt-hashed passwords.ashley

  1. TalkTalk

This hack was one of the UK’s biggest hacks in 2015. It was estimated that nearly 157,000 of its customers’ personal details were accessed. The company stated that more than 15,600 bank account numbers were stolen. The hackers targeted their customer database.

talktalk

  1. Anthem

The health insurance company Anthem was targeted by supposedly Chinese hackers in October 2015. This resulted in the hackers accessing more than 80 million records accessed from people using health plans like Amerigroup and Anthem Blue Cross and Blue Shield. Even the company’s CEO was effected by the data breach.

  1. Vodafone

Another UK telecommunications company was attacked in October 2015. The hackers supposedly stole the personal and financial details of 2000 customers. Hackers used emails addresses and passwords acquired from an unknown source to get names, phone numbers, bank sort codes and the last four digits from bank accounts.

Types of Malware:

Malware is a broad term that refers to a variety of malicious programs. These are several of the most common types of malware.

  1. adware
  2. bots
  3. bugs
  4. rootkits
  5. spyware
  6. Trojan horses
  7. viruses

Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer.

 

  1. Adware is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often time’s software and applications offer “free” versions that come bundled with adware.

 

  1. Bots are software programs created to automatically perform specific operations. While some bots are created for relatively harmless purposes. It is becoming increasingly common to see bots being used maliciously. Bots can be used in botnets (collections of computers to be controlled by third parties) for DDoS attacks, as spambots that render advertisements on websites, as web spiders that scrape server data, and for distributing malware disguised as popular search items on download sites.

 

  1. In the context of software, a bug is a flaw produces an undesired outcome. These flaws are usually the result of human error and typically exist in the source code or compilers of a program. Minor bugs only slightly affect a program’s behaviour and as a result can go for long periods of time before being discovered. More significant bugs can cause crashing or freezing. Security bugs are the most severe type of bugs and can allow attackers to bypass user authentication, override access privileges, or steal data. Bugs can be prevented with developer education, quality control, and code analysis tools.

 

  1. A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet. Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.

 

  1. Spyware is a type of malware that functions by spying on user activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more. Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections.

 

  1. A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer. Once an attacker has access to an infected computer, it is possible for the attacker to steal data, use the computer in botnets, and anonymize internet activity by the attacker.

 

  1. A virus is a form of malware that is capable of copying itself and spreading to other computers. Viruses often spread to other computers by attaching themselves to various programs and executing code when a user launches one of those infected programs. Viruses can also spread through script files, documents, and cross-site scripting vulnerabilities in web apps. Viruses can be used to steal information, harm host computers and networks, create botnets, steal money, render advertisements, and more.

 

Possible symptoms of malware:

  • Increased CPU usage
  • Slow computer or web browser speeds
  • Problems connecting to networks
  • Freezing or crashing
  • Modified or deleted files
  • Appearance of strange files, programs, or desktop icons
  • Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs)
  • Strange computer behaviour
  • Emails/messages being sent automatically and without user’s knowledge (a friend receives a strange email from you that you did not send)

Ways to protect yourself against malware:

  • Install and run anti-malware and firewall software. When selecting software, choose a program that offers tools for detecting, quarantining, and removing multiple types of malware. At the minimum, anti-malware software should protect against viruses, spyware, adware, Trojans, and worms. The combination of anti-malware software and a firewall will ensure that all incoming and existing data gets scanned for malware and that malware can be safely removed once detected.
  • Keep software and operating systems up to date with current vulnerability patches. These patches are often released to patch bugs or other security flaws that could be exploited by attackers.
  • Be vigilant when downloading files, programs, attachments, etc. Downloads that seem strange or are from an unfamiliar source often contain malware.

Group members:
Mark van der Burgh
Tristan Fraser
Andrew bernad

 

References:

Prime, R. (2015). Top 10 most devastating cyber hacks of 2015. Available: http://www.information-age.com/top-10-most-devastating-cyber-hacks-2015-123460657/. Last accessed 30th Sep 2016.

 

BBC News. (2015). TalkTalk hack ‘affected 157,000 customers. Available: http://www.bbc.com/news/business-34743185. Last accessed 30th Sep 2016.

 

 

Szoldra, P. (2015). The 9 worst cyber attacks of 2015. Available: http://www.techinsider.io/cyberattacks-2015-12/#hackers-breached-the-systems-of-health-insurer-anthem-inc-exposing-nearly-80-million-personal-records-1. Last accessed 30 Sep 2016.

N.lord. (2012). Common Malware Types: Cybersecurity 101. Available: https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101. Last accessed 29-09-2016.

Image References:

 

Ashley:

Szoldra, P. Available at: “http://www.techinsider.io/cyberattacks-2015-12/#hackers-breached-the-systems-of-health-insurer-anthem-inc-exposing-nearly-80-million-personal-records-1”. Accessed 30 Sep 2016.

 

TalkTalk:

BBC News. Available at: “http://www.bbc.com/news/business-34743185”. Accessed 30 Sep 2016.

 

Whitehouse:

Szoldra, P. Available at: “http://www.techinsider.io/cyberattacks-2015-12/#hackers-breached-the-systems-of-health-insurer-anthem-inc-exposing-nearly-80-million-personal-records-1”. Accessed 30 Sep 2016.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s