A review of top cybersecurity incidents that affected individual users, enterprises and government agencies across the world in 2018.
I. Frequent “exposed” data: the 500 million data leak from Huazhu Hotels
A data selling post titled “Booking Data of Huazhu Hotels (Hanting Hotels, Orange Hotels, All Season Hotels etc.)”, which included names, ID card numbers, email addresses, home addresses, booking records and other 500 million pieces of sensitive information emerged on a Chinese forum at 6 am on August 28th, 2018. The package price was 8 Bitcoin or 520 Monero, worth about USD 28,500, and test data were given. Some media sampled and compared the data and found that they were in good agreement with the real information.
II. Under Armour data breach
At the end of February 2018, the US athletic wear brand Under Armour found that their health and fitness tracking app MyFitnessPal was attacked by hackers, affecting about 150 million users. The leaked information included usernames, email addresses, passwords and so on. It is said that the company did not discover the intrusion until March 25 and it disclosed the news within a week.
III. The Korean Pyeongchang 2018 Winter Olympics attacked by hackers: spear-phishing emails
In February 2018, the Korean Pyeongchang Winter Olympics was hit by cyberattacks on the opening day. The attack cut off the network, then the broadcasting system (thus the audiences couldn’t watch live broadcasting) and the Olympics website stopped working properly. Many viewers couldn’t print the tickets for the opening ceremony and failed to get into the stadium at the end.
IV. The criminal hands reaching out to “ivory towers”: 9 Iranian hackers launched attacks on over 300 universities in the US and other countries, and $3 billion in intellectual property information was stolen
In March 2018, the US Department of Justice announced charges against 9 hackers of the hacker organization Mabna Institute in Iran. They were accused of using spear-phishing emails to trick professors and other university affiliates into clicking malicious links and enter their network login credentials, penetrating into 144 universities in the US, 176 universities in other countries, 47 private companies, the United Nations, the US Federal Energy Regulatory Commission, Hawaii and Indiana and other targets, stealing 31 terabytes of data and intellectual property information with an estimated value of $3 billion.
V. Multi-billion dollar security loopholes: EOS blockchain vulnerabilities shocked the cryptocurrency world
In May 2018, with the powerful vulnerability analysis and efficient mining capabilities of 360 Security Center, 360′ s Vulcan team uncovered a series of high-risk security vulnerabilities on the blockchain platform EOS, which were worth tens of billions of US dollars and enough to take down the entire digital system. It was confirmed that some of these vulnerabilities could execute any code remotely on EOS nodes, and that means all nodes running on EOS could be directly controlled and taken over by remote attacks. In the early morning of the 29th, 360 immediately reported such vulnerabilities to EOS officials and assisted them in repairing potential safety hazards.
VI. IoT devices staged “Busan Trip”: Russian hackers used VPNFilter to attack more than 500,000 routers worldwide to create large-scale botnets
At the end of May 2018, the US Federal Bureau of Investigation warned that Russian hacking activities had affected more than 500,000 routers worldwide. The attacks spread a type of malware, called “VPNFilter”, which could be used to coordinate infected devices to create large-scale botnets. At the same time, it could also directly monitor and manipulate web activities on infected routers. These features could be used for a variety of purposes, including launching network operations or spam campaigns, stealing data, and developing targeted localized attacks.
VII. The world’s largest semiconductor manufacturer TSMC suffered ransomware attacks
Three major production sites of the world’s largest semiconductor manufacturer TSMC were invaded by WannaCry ransom virus variants and all production lines were shut down on August 3rd. Affected by the ransomware, TSMC’s market value fell by nearly NTD 7.8 billion.
The latest ransomware trend report released by the 360 Threat Intelligence Center shows that the main targets of ransomware attacks are now slowly shifting from individuals to enterprise servers with “higher ransom value”.
VIII. GlobeImposter family is spreading rampantly: the real estate transactions were interrupted across the board in 10 cities in Shandong, China
GlobeImposter ransom virus first appeared in May 2017 and then became active again with a large number of variants. On September 3rd, 2018, GlobeImposter ransomware invaded the real estate registration systems in many cities of Shandong province, causing problems such as missing data, unable to display, unable to save, etc. 10 cities in Shandong announced to suspend real estate business registrations.
360 Security Center issued an emergency high-risk warning: since August 21st, 2018, the GlobeImposter ransomware attacks had occurred in many places. After breaking through the border defense of organizations and the enterprises, the attacker used hacking tools to infiltrate intranets and selected the high-value target servers to manually deliver the ransomware, causing files to be encrypted.
IX. The shortest-lived update in Microsoft history: Windowns 10 system vulnerabilities
Microsoft officially released the 2018 October update of Windows 10 at the Fall Surface Launch Event held in New York on October 2nd, US local time. After some users reported major issues including files being deleted, the update was called to stop after only 4 days of release, which is also likely to become Microsoft’s shortest-lived system upgrade.
X. GrandCrab ransom virus (multiple international security incidents)
As one of the most active ransomware families in 2018, GandCrab has quickly iterated to version 5.0 in just 10 months since its first appearance at the beginning of the year. It mainly uses Seamless malicious adware, puddle attacks, mail spam, and GrandSoft vulnerability exploitation toolkit and other means to spread. After the encryption is completed, it will modify the user’s desktop wallpaper, and ask the user for ransom. The ransom price of the 5.0 version has been raised from the previous $ 499 to $ 998.
Relying on data accumulation and strong self-learning ability of 360 Security Center, 360 Total Security takes the lead in supporting the decryption of the ransomware.
Learn more about 360 Total Security