Writing "Top 10"
Top 10 Security Incidents of 2014
What were the biggest hacks, security breaches, malware and IT nightmares of 2014? Continuum, which specializes in IT management software and network operations center (NOC) support, offered up 10 big issues from the past year. Here’s the countdown plus our perspectives.Image: iStock
10. JPMorgan Data Breach
The bad news for JPMorgan Chase & Co. started in July 2014, when the company announced it suffered some sort of hack. By October 2014, the financial services company finally disclosed the true extent of the damage – spanning 76 million households and 7 million small businesses.Image: iStock
9. Shellshock Bash Bug
Shellshock, also known as Bashdoor or Bash, surfaced in Sept. 2014. The problem involved security bugs tied to the Unix Bash shell. On Sept. 26, more than 17,400 attacks across 1,800 web domains surfaced in a 24-hour period, according to Incapsula, a security firm. Fast forward to Sept. 30, and the bug was triggering roughly 1.5 million attacks and probes per day, CloudFlare reported. Red Hat, Ubuntu and other major Linux suppliers provided a fix for the issue.Image: iStock
8. Home Depot Breach
Home Depot confirmed in early September 2014 that it was investigating a potential data breach. Within a couple of weeks, the retailer conceded that 56 million credit cards may have been compromised during a five-month attack. That breach, coupled with Target’s breach from 2013, has inspired retailers to more rapidly encrypt their point of sale systems.Image: iStock
7. iCloud Nude Leaks
Compromising photos of more than two-dozen Hollywood stars surfaced on the web due to an Apple iCloud hack. By Sept. 2014, Apple stepped up iCloud security – including more alerts to let you know if somebody is trying to change your password. Plus, Apple boosted its two-factor authentication capabilities with a late 2014 iOS update. Image: iStock
POODLE (short for Padding Oracle on Downloaded Legacy Encryption) involved a bug that allowed hackers to snoop on user’s web browsing, according to Time. At first glance, POODLE wasn’t as serious as the Heartbleed and Shellshock vulnerabilities, according to Wired. But POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password, Wired added.Image: iStock
laptop computer with yellow crime scene tape
5. Five Corporate Hacks
It certainly was a busy year for hacks. So busy that Continuum lumped five high-profile hacks -- eBay, Montana Health Department, P.F. Chang’s, Evernote and Feedly, and Domino’s Pizza – into a single entry. Image: iStock
Privacy concept: pixelated words Data Encryption on digital background, 3d render
4. Cryptolocker & CryptoWall
CryptoLocker is a Trojan horse that attacked Windows PCs. It spread via email attachments and a botnet. Suffer the infection and your computer’s data became encrypted. The only way to decrypt the system? Pay a ransom by a stated deadline – or risk having your data deleted forever. CryptoWall involved similar symptoms. Image: iStock
Website Login Screen Macro Capture
3. Heartbleed Password Leak
The Heartbleed vulnerability, involving OpenSSL encryption software, potentially allowed attackers to lift content from a server’s memory – including passwords, usernames and even credit card numbers, CNet reported. Even worse, an attacker could get copies of a server's digital keys -- then use that to impersonate servers or to decrypt communications from the past or potentially the future, CNet added. Numerous sites suffered setbacks from the bug.Image: iStock
2. HealthCare.gov Breach
The HealthCare.gov website that had a problem-plagued debut in 2013 was hacked in July 2014, although no personal data appear to have been taken, according to the U.S. Centers for Medicare and Medicaid Services. The attack exploited a test server used to support the website and was never intended to be connected to the Internet, the government said. The server was protected with only a default password. Although there apparently was no major damage, the hack once again shook consumer confidence in federal IT systems.Image: iStock
CULVER CITY, CA/USA - NOVEMBER 29, 2014: Sony Pictures studios water tower and marquee. Sony Pictures Studios are a television and film studio complex.
1. Sony Pictures Entertainment Hacked
Faced with a mainstream hack, the movie studio saw confidential corporate information spread across the Internet. Damages could total about $100 million, according to the Center for Strategic and International Studies. Other firms put the costs closer to $83 million (Macquarie Research) or even $70 million (former cybercrime prosecutor Mark Rasch), according to Tech Times. But the bigger issue may be burned bridges, as confidential and often inflammatory email about Hollywood insiders spills onto the web.Image: iStock
Thank You Button on Modern Computer Keyboard with Word Partners on It.
Thank You And More
Special thanks to Continuum for the list. Information Management added its content spin to each entry. Check out more slide shows by visiting our gallery archive.