Learn The Flaws and Loopholes From The Most Famous Cyber Attacks
Nowadays, cyber criminals are becoming more sophisticated in the context of changing what they aim, how they affect organizations, and their methods of attack for various security systems. Social engineering is one of the most common cyberattacks with ransomware, phishing, and spyware being the best style of entry.
However, third-party and fourth-party vendors who process the organization’s data may have poor cyber security skills are another common attack vector, making vendor risk management and third-party risk management all the more important. The count of cyber attacks and data breaches within recent years is staggering and it is easy to supply a laundry list of companies who are household names that are affected.
Some common cyber attacks
Equifax
The Equifax cybercrime fraud event affected approximately 145.5 million U.S. consumers together with 400,000-44 million British residents and 19,000 Canadian residents. Equifax shares dropped 13% in early trading the day after the breach and diverse lawsuits were filed against Equifax as a result of the breach. to not mention the reputational damage that Equifax suffered. On July 22, 2019. Equifax agreed to a settlement with the FTC including a $300 million fund for victim compensation, $175m for states and territories within the agreement, and $100 million in fines.
eBay
Between the months of February and March 2014, eBay also became the victim of a breach of encrypted passwords, and the result of it around 145 million users to reset their password. Attackers used a little set of employee credentials to access this trove of user data. The stolen information includes login credentials with encrypted passwords and other personal information, like names, e-mail addresses, physical addresses, phone numbers, and dates of birth. The breach was identified and disclosed in May 2014, after a month-long investigation done by eBay.
Adult Friend Finder
More than 412 million user accounts have been exposed and Friend Finder Networks being hacked. The breach includes around 20 years of customer data from six compromised databases that are Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com. iCams.com, and an unknown domain. This, the 412,214,295 exposed records, is the biggest data breach in 2016, hackers collected 20 years of knowledge on six databases that included names, email addresses, and passwords. Most of the passwords were protected through the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked instantly and the rest was complete by November 14.
Yahoo
The last one but not the least one, Yahoo disclosed that a cyber attack happened in August 2013 by a bunch of hackers which affected 1 billion accounts. During this instance, security questions and answers were also compromised, increasing the chance of fraud. The breach was first disclosed by Yahoo on December 14, 2016, and affected users to vary passwords, and ask to re-enter some unencrypted security questions and answers to form them encrypted. However, by October of 2017, Yahoo changed the estimate to three billion user accounts. An investigation revealed that users’ passwords in clear text, payment card data and bank information weren’t stolen. Nonetheless, this remains one in all the biggest data breaches of this kind in history. While these are some samples of position data breaches, it is vital to recollect that there are even more that never made it to the front page.
How can you improve your cyber security?
Companies like Intercontinental Exchange, Taylor Fry, The big apple exchange, Superloop, IAG, Delaware Super, Akamai, Morningstar, and NASA use high-security ratings to shield their data, prevent data breaches and assess their security operations.
A cyber security expert can minimize the number of your time your organization spends assessing related and third-party information security controls by automating vendor questionnaires and providing vendor questionnaire templates. We can also facilitate your instant benchmark of your current and potential vendors against their industry, so you’ll see how they collect.
However, employing a certified ethical hacker can be a smart move for organizations in order to deal with cyber-attacks and data breaches. The title ‘certified’ can be earned after qualifying for any ethical hacking training course. So if you want to earn it, the ProICT Training courses will be a suitable place for you.
Leave a Reply