We’re only halfway into 2019, yet data protection specialists and IT analysts have already seen an unfortunate spike in criminal activity across industries.
Thus far, here are the biggest cybersecurity crises of the year.
#1 – Supply chain attacks
Unique to 2019 is a growing trend of supply chain attacks.
Supply chain attacks are also called third-party attacks. That’s because they are attacks that don’t directly target you and your company, but that still affect you. This occurs by a hacker targeting a third party that your company works with, thus, in the end, indirectly affecting your company.
For example, if your company contracts with another company to provide your stores with POC (point of sale) units, the company providing your POCs could be hacked in a way that ends up affecting your company.
This trend began in 2017 with NotPetya, a piece of malware that spread when Russian cybercriminals hacked how auto-updates were implemented within an accounting application based in the Ukraine. Since, similar attacks have hit several companies, from Asus and CCleaner (a computer cleanup program), to Visual Studio (an application from Microsoft).
#2 – Breach of the American Medical Collection Agency
The American Medical Collection Agency was hacked over a long period of time from August 2018 through March 2019. During this time, it is estimated that 20 million patients had their data stolen.
Information that was compromised included complete names and dates of birth, addresses and phone numbers, balances due for medical expenses, healthcare provider information, and dates of medical services rendered. Although Social Security numbers and insurance ID numbers were not known to be compromised in the attack, the fact that personal information was lost from so many customers is truly troubling.
#3 – Attacks from Iranian hackers
Iran has certainly been in the news recently for reasons other than cyberattacks. When Trump pulled the United States out of the Iranian nuclear agreement, escalations between the two countries escalated quickly. Although many citizens may not realize it, these attacks are happening both in the physical world and the cyber world.
Trump recently aborted a military strike to Iran after Iran attempted to shoot down a U.S. drone. However, he did approve a cyberattack against the control launch systems of Iran’s missile and rocket program. Since, Iran has fought back in a similar manner and perpetuated the cyber quarrel.
#4 – Breach of a U.S. Customs and Border Protection Surveillance Contractor
After the breach of a surveillance contractor for the U.S. Customs and Border Protection, hackers were able to obtain license plate information and traveler photos for approximately 100,000 people.
Many travelers going across U.S. borders in May were routinely photographed by Perceptics, a Tennessee-based surveillance contractor. Unknown hackers stole this information and later posted it on the dark web.
#5 – First American’s Data Exposure
First American is a title insurance and real estate firm that had personal and financial data from 885 million customers exposed for anyone who wanted a look-see.
This was not a security breach or a hack, but an internal error — and a terrible one at that. Anyone who visited the First American website during the exposure could have stolen detailed financial and personal information from the hundreds of millions of customers that First American had data on. It would have only taken some simple navigation around the site. Information that was available included Social Security numbers, mortgage documents, tax documents, bank account numbers, driver’s license images, and more.
Still, it is not known whether anything was indeed compromised or stolen.
#6 – Ransomware attacks on local governments
Ransomware attacks have long been a problem in the cybersphere. But recently, they’ve been taken to a whole new level.
Instead of targeting individuals or attempting to target huge enterprises, hackers specializing in ransomware are now aiming their attention at local governments and municipalities, such as the city of Baltimore in Maryland, three cities in Florida, Atlanta in Georgia, and many others around the nation.
Ransomware is a type of malicious software or malware that locks down data and/or computer systems from the owners. Once this occurs, the hackers who installed the malware demand a monetary sum (usually in bitcoin) in order for the owners to regain system and data access.
Often, cybersecurity specialists are unable to locate the perpetrators or unlock the ransomed systems or data. In these situations, many target cities have reluctantly decided to pay the ransom. In Riviera Beach, Florida, for example, the city voted to pay a whopping $500,000 in ransom in order to regain access to their computer systems.