Entersoft Security Blog

Top 10 hacks of 2015

Posted by Angad Gill on Mar 10, 2016 5:16:00 AM

Top10hakcs-2015-1.jpg

In 2014 alone, more than one billion personal records were illegally accessed. 2014 has witnessed the hacks of high profile brands like Sony, the U.S. Postal Service, JP Morgan Chase, iCloud (for celebrity nude photos) and many more. Unfortunately, 2015 wasn't any better for IT security.

The magnitude of hacking attacks by various hackers that took place in 2015 signifies the increasing trend in cyber attacks and the damage caused by the hack attacks continues to be shocking.

What about the thousands of hacks about which the public doesn't hear? Especially SMB websites?

Here's a scary metric: According to a defcon hacker, The average time it takes for an unaudited website to get hacked is 3 mins IN 2015. In 2012, it used to take around 10 mins. More than 3,00,000 SMB websites were defaced in 2015.

Enterprises must think out of the box about security in 2016. Security should not come after the business makes profits. The cost and complexity to handle security will be multi folded if the business owners don’t think about the cyber security from the inception. Bug fixing, ENCRYPTION were primary concerns for many businesses in 2015. We will talk about basic best practices that an enterprise should consider in 2016 in a separate post.

#1 US-OPM:

In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of data breach targeting the records of as many as 4 million people, later announced as 18 million records. The federal agency said 5.6 million people’s fingerprints were compromised. Undoubtedly, this is the biggest hack in the history of US government.

Who did it? Supposedly Chinese hackers! No forensic proof yet disclosed.

Read more about this hack at http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html?_r=0

#2 FBI Portal Breach

A portal used by police and the FBI to share intelligence was hacked in November, and data on arrestees was stolen. FBI claims that it was not modified and is uncertain how many people were affected because the FBI didn't announce the figures. This attack is thought to be one of the biggest 2015’s law enforcement hacks. It was perpetrated by Crackas With Attitude, the same hackers who accessed the CIA’s Director John Brennan's personal email account earlier this year.

Who did it? Crackas With Attitude

Read more about this hack at http://edition.cnn.com/2015/11/06/politics/fbi-new-hacks/

#3 Ashley Ashley Madison

The security data breach that hit the infamous infidelity dating site Ashley Madison in 2015 created a huge noise in media. Hackers identified weaknesses in password encryption and used these to crack the bcrypt-hashed passwords. The major loss was the personal information, including credit card details of more than 11 million users was leaked on the dark Web. The company has lost its CEO, saw its share price and whatever credibility it had plummet, and now faces class-action lawsuits from clients and investors.

Following the hack, communities of Internet vigilantes began combing through to find famous individuals, who they planned to publicly humiliate.France24 reported that 1,200 Saudi Arabian .sa email addresses were in the leaked database, and in Saudi Arabia adultery can be punished with death.Several thousand U.S. .mil and .gov email addresses were registered on the site. We have also seen hacks around Adultfriendfinder in 2015 and millions of records were breached.

Who did it? The Impact Team

Read more about the hack at http://fortune.com/2015/08/26/ashley-madison-hack/

#4 Talktalk

In November, UK's biggest hack on Talktalk dominated the news headlines in the UK for weeks. Mobile phone provider TalkTalk was targeted by a bunch of hackers who stole the personal details of more than 20,000 customers. More than 15,600 bank account numbers and sort codes were stolen, the company said.The hackers were quickly identified and prosecuted with, but the company has been left with a loss of up to £35 million, having lost its credibility and share price. It also is facing lawsuits from customers and investors.

Who did it? A 16-year-old boy

Read more about the hack at http://www.bbc.co.uk/news/business-34743185

#5 Health Insurer Anthem

In October, Chinese hackers had targeted U.S. health insurance company Anthem. Unfortunately, Anthem has not been the only victim, Premera said that it had been hacked in March, exposing details of about 11 million people. Health care data has become the most valuable information that can be sold in the online black market, making health care companies a prime target for hackers in 2015.

Anthem Inc. said the database that was penetrated in a previously disclosed hacker attack included personal information for 78.8 millionpeople, including 60 million to 70 million of its own current and former customers and employees. This probably is the biggest attack in healthcare in 2015.

Who did it? Supposedly Chinese hackers

Read more about the hack at http://www.wsj.com/articles/anthem-hacked-database-included-78-8-million-people-1424807364

#6 Hilton Worldwide

The global hotel chain Hilton was recently the victim of an attack, which infiltrated its point-of-sale (POS) terminals, giving hackers unfettered access to customer credit card information. The intruders got in between November 18th and December 5th in 2014, and between April 21st and July 27th this year. Stolen information included cardholder names and card numbers, security codes and expiry dates, enabling hackers to shop online or by phone. The malware exploits a long-known flaw in the PCI-DSS payment security standards that does not stipulate that card data should remain encrypted when it is processed at a point-of-sale terminal. This is a biggest attack in hospitality space. This year also saw malware attacks on US Presidential candidate Trump’s hotel chain.

Who did it? Undisclosed

Read more about the hack at http://www.theregister.co.uk/2015/11/25/hilton_credit_card_breach_confirmed/

#7 Vtech

4.8 million users were effected through VTech's weak security. The toymaker suffered a major breach in late November, with hackers taking 4.8 million records, as well as a database of first names, genders and birthdays of more than 200,000 kids.
The attack on VTech, which reportedly used poor password security among other issues, ranks as one of the largest breaches of the year in retail space. This has led to huge scrutiny in toy maker’s space.

Who did it? 21-year-old man from Bracknell

Read more about the hack at http://www.cnbc.com/2015/12/02/vtech-hack-data-of-64m-kids-exposed.html

#8 Patreon

In October 2015, Maker-funding site Patreon was hacked last week resulting in the dump of gigabytes of code and user data. User passwords were encrypted using bcrypt which suggests they are mostly safe but some users have found their data in the trove.
He said the amount and type of data posted by the hackers suggest the breach was more extensive and potentially damaging to users than he previously assumed.

Who did it? Gamergaters(they haven’t taken the responsibility yet)

Read more about the hack at http://techcrunch.com/2015/10/05/patreon-hacked-gigabytes-of-data-and-code-leaked/

#9 T-Mobile

In October, T-Mobile revealed that hackers had breached Experian’s network and stolen a trove of T-Mobile’s data, which the carrier had sent to Experian to perform credit checks on potential customers seeking financing for phones or cellular plans. The data stolen from those 15 million victims includes their names, addresses, and birthdates, as well as encrypted social security numbers, driver's license ID numbers, and passport ID numbers.
Though the breach no doubt dinged the reputations of both companies, T-Mobile took pains to pin the blame squarely on Experian. This shows how important security is when collaboration between the enterprises happens in a swift speed.
The lawsuits were filed in federal courts in Chicago; Fort Lauderdale, Florida; and Santa Ana, California.

Who did it? Undisclosed

Read more about the hack at http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/

#10 LastPass

Almost every security expert propagate about using a password manager. LastPass was hacked in 2015. LastPass communicated in their blog article “Encrypted user vaults were not compromised.” This is a critical fact because changing master password will immediately make the stolen password information useless. No information was disclosed on how much the impact was. But definitely the brand of LastPass has taken the toll.

Who did it? Undisclosed

Read more about the hack at http://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/

Through just the above 10 hacks, over were stolen and are available in darkweb.

Additionally many brands like Samsung, Carphone Warehouse, Adultfriendfinder, Carefinder, InvestBank, British Airways, Uber, Premera, Russian Central Bank, Hyatt Hotels, Scottrade, CVS (Pharmacy Chain), UCLA Health, Hacking Team, USIRS, Kaspersky Lab, Army National Guard, etc were hacked in 2015.

Topics: Hacks and news