We're all becoming increasingly aware of the threat that cyber attacks pose around the world. France saw more than 19000 attacks during February alone, largely linked to the events of Charlie Hebdo. April also saw the discovery of APT30, a long running cyber espionage operation targeting multiple countries across Asia. But with the majority of media attention being focused on politically motivated hacking, it's easy to overlook some of the increasingly serious threats seen in the business and financial sectors. With that in mind, here are five of the biggest non-political cyber-attacks of 2015 so far.
- On Jan 29th health Insurer Anthem announced that it had been hit by a massive scale cyber-attack and that millions of user's "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," may have been exposed. To make matters even worse, Anthem admitted that because of their other business links and operations, such as their Blue Cross Blue Shield plans, an estimated 8.8 to 18.8 million non-customers may also have been affected.And as if matters couldn't get any worse, they did. Premera Blue Cross, another health insurer, announced a large scale attack against their systems, losing 11 million customers name, date of birth, mailing address, email address, telephone number, member ID number, Social Security number, bank account details and even clinical information.Not only have the attacks resulted in tens of thousands of pounds worth of damage limitation and customer support. But the damage done to both insurance providers' reputations has been immeasurable.
- Moving on, no list would be complete without mention of Operation Carbanak, an operation that may yet be the biggest Cyberheist in history. Hackers launched an Advanced Persistent Threat or APT campaign against more than 100 banks in 30 nations across the world. Exploitation, download, installation, malware, exfiltration, remote access and endpoint takeover remained undiscovered for months. As of March 2015 the estimated losses stand at more than $1 billion, and some elements of the attack may still be in operation today.
- And don't go thinking that it's only insurers and banks that have been the target of cyber-attacks. In February 2015 the telecom provider TalkTalk announced what they called a 'small but significant breach.' Turns out that for TalkTalk a small breach actually meant more than 4 million customers data being stolen and used to fraudulently contact customers. (These fraudulent contacts were reported as still on-going as late as April 2015.) To make matters worse, the data breach was only actually noticed as a result of these fraudulent contacts and the increasing number of customer complaints. Meaning that if it weren't for customers actively contacting the company, the breach may have gone undetected. It is events like this that have fueled fears that cyber-attacks across Europe are being under-detected and under-reported in comparison to both the US and Asia.
- April also saw flight provider Ryan Air fall victim to a fraudulent electronic transaction via a Chinese bank to the cost of almost $5 million. Funds that the company set aside for fuel purchase were illegally transferred, and the resulting hunt for the funds involved co-ordination between the Criminal Assets Bureau and its counterpart agencies across Asia. The funds were eventually frozen, but the entire incident raised concerns about the airline's security.
- Last, though certainly not least, 2015 has witnessed a cyber-attack against Chinese Bitcoin Exchange BTER. A hack on the company's so called 'cold wallet' system resulted in a loss of 7170 bitcoins, or $1.75 million dollars. Not only did the company have to freeze all transactions, but it also had to admit to customers that it may not be able to pay back stolen funds. It's events like this that cripple companies, with Canadian based Cavirtex being forced to shut down for exactly the same reason (and eventually live on only due to an unfavourable buy out)
If these five examples serve to demonstrate anything, it's that cyber-crime doesn't just effect large government agencies of political institutions. Electronic attacks are becoming increasingly common against businesses and financial institutions regardless of their size.
Cyber-crime is constantly evolving and increasing in both its sophistication and scale; businesses, regardless of their size, need to be aware of the threat. In 2015 and onwards, increased attention towards internet security and data protection are necessities for any growing business, not just to protect customers, but to protect the business itself.