As the world is rapidly going digital, our privacy and security is more vulnerable than ever. Ignorance is no bliss and this is why we bring to you a roundup of some of the biggest cyberattacks of the year 2016.
- Ransomware attack on Hollywood Presbyterian Hospital, Los Angeles
On February 5, 2016, computers of Hollywood Presbyterian Hospital in Los Angeles were left dysfunctional by a ransomware attack demanding a ransom of 40 Bitcoins (approx. $17,000) to provide a digital decryption key. It is believed that the hackers had initially demanded a whopping $3.4 million as ransom. They used a malware which infected the hospital’s network and prevented the staff from accessing any digital records. The attack made the hospital resort to pen and paper for maintaining patients’ records till the access was regained. In order to restore normal operations the hospital authorities ultimately decided to pay the ransom and obtain the decryption key from the hackers.
- Bangladesh Central Bank heist
In February 2016, a group of elite hackers launched a cyberattack on Bangladesh Central Bank which has earned the title of the largest financial cybercrime in history (so far). The hackers used Bangladesh Central Bank’s SWIFT credentials to send fraudulent money transfer requests to the Federal Reserve Bank of New York asking them to transfer huge funds to various bank accounts in Sri Lanka, Philippines and some other parts of Asia. The heist was so meticulously planned that it would have gone unnoticed for a long time if it wasn’t for a printing error which was noticed by the Bangladesh bank. By the time the bank took notice of the fraudulent transactions an amount of $101 million was already stolen from them. The Bank managed to reroute $20 million to Bangladesh Bank’s New York Federal account but the remaining $81 million was already debited by the hackers.
The hackers had installed malware on the bank’s network which prevented the bank staff from getting any alerts about these suspicious transactions. Some reports even suggested that the bank didn’t have a firewall installed on its network thereby giving hackers easy access to the bank’s network and view the SWIFT credentials stored on their system.
- DDoS attack on PayPal, Twitter and other sites
A major cyberattack was launched on October 21, 2016 which disrupted traffic to several popular websites including Netflix, Twitter, Spotify, Airbnb, Reddit, CNN, PayPal, Pinterest and Fox News – as well as major newspapers like the Guardian, the New York Times and the Wall Street Journal. The attack disabled access to these sites for millions of users on the US east and west coasts for over 2 hours.
In a DDoS attack, hackers attempt to flood a website with so much traffic that the servers are unable to carry the load and the site crashes. In this particular attack, cyber criminals targeted Dyn, a domain name services company which provides services to most of the popular websites in the world. Although no user data was compromised in this attack, hackers managed to keep these websites down for hours. Many experts have predicted that this attack seemed like the hackers were testing the waters before launching an even bigger Internet outage. And who knows what collateral damage this outage might bring along.
- San Francisco public transport system hack
In November 2016, the ticketing system of San Francisco’s Municipal Transportation Agency (MUNI) was compromised by a ransomware attack which led to the shutdown of several ticketing machines of the transport agency. The computer screens of a lot of MUNI employees read “You Hacked, ALL Data Encrypted”. With no immediate solution to fix the issue, the transport agency had to allow passengers to ride for free over the busy Thanksgiving weekend. It is reported that the hackers demanded 100 Bitcoins (approx. $70,000) to release the transport agency’s computer network. The hackers also threatened the agency that they will leak 30 GB of their data which comprises employees’ information, documents, etc., if the ransom was not paid.
- Tesco Bank cyberattack
Tesco bank, the banking arm of the supermarket giant suspended online transactions for 24 hours in Nov 2016 due to a cyberattack which led to money being stolen from up to 20,000 customers’ accounts. 40,000 customer accounts of the bank were hacked. Reports claim that the hacker group had been targeting these customers for months before the attack with phishing scams as a buildup which eventually resulted in this hack. The bank had to refund the amount stolen from its customers’ accounts. It is estimated that the cyberattack resulted in a loss of £2.5m for the bank.
These are just a few reported cyberattacks that happened in the year 2016. Most of the cybercrimes across the world are not even reported. The ease and convenience that the Internet of Things offers us comes with a flip side that it takes away a very important aspect away which is our ‘security’. Cybercrime has no one particular target, anyone with an email address, a social media account or using the Internet for financial transactions is vulnerable. Let’s face it; hackers have proved time and time again that no business, government or individual is 100% secure. One weak link in your digital environment is all that a hacker needs to exploit your security.
Preparedness is the only solution to combat cyberattacks and this is why individuals and businesses must inculcate a security strategy that is proactive. To know more about how to enhance your digital security, have a look at the solutions offered by Seqrite.
