In 2018, cybercriminals stole around $1,5 trillion from companies and users worldwide! Just think of how that money could have been spent with good intentions… Nevertheless, it’s always compelling to look back and analyze the companies’ mistakes in order to learn from them. Hacken decided to recollect the most notorious hacks’ of 2018 and prepare a list of avoidable security vulnerabilities.
Security vulnerabilities list in large companies in 2018
Any company, regardless of its size, can be hacked at any time. Hackers do not discriminate between companies based on how many employees they hire, and will thus commit a hack as long as they can benefit from the vulnerabilities of the company. Small companies can join the hacker ’s botnet network while large companies are targeted mostly out of financial interest. Larger companies are usually the number one targets of sophisticated hackers throughout the world. As the proverb goes, where there is a code — there is a bug; thus, despite being rich and famous, the systems of large companies also have a number of security vulnerabilities based on the simple fact that there is no perfectly secured code.
Usually, the main causes of cyber attacks are the lack of systematic checks and neglection of cybersecurity. Let’s recall various critical vulnerabilities found in well-known organizations
- ImageMagick. One of the most popular platforms designed for processing images, ImageMagick had some serious vulnerabilities in 2018. The flaw known as CVE-2018-16323 was reported in January 2018. The vulnerability led to a major memory leak that included sensitive data. Another one, called CVE-2018-16509 was detected later in August. It was an RCE vulnerability which allowed malicious users to get remote access to servers. In fact, ImageMagick disclosed more than 40 critical security vulnerabilities in 2018!
- Steam. Not long ago, the Valve Corporation disclosed information about the vulnerability in their entertainment platform called Steam (one of the biggest gaming platform in the world). The bug was discovered and reported by the Ukrainian bug hunter Artem Moscowsky who received a $20 thousand reward for it. The web API vulnerability allowed him to generate numerous free keys for any game on the portal.
- Facebook. 2018 was quite eventful for the social network. In May, the security company Imperva reported a vulnerability that could have exposed data of millions of Facebook users. The bug allowed malicious users to obtain confidential data by receiving unauthorized access to a company’s API if, for example, a user visited a malicious website with Chrome. As you probably guessed, this is far from all of the Facebook-related incidents. At the beginning of 2018, everybody heard about the Cambridge Analytica Facebook scandal involving a similar issue. However, this time the data of millions of users was misused by the data mining company.
List of top security vulnerabilities and noisy attacks in 2018
The year 2018 also saw a few destructive computer viruses and serious cybersecurity breaches which managed to corrupt operating systems and steal many companies’ confidential data and funds around the globe. Let’s take a look at some of them.
- Luxury department stores’ breach. In March 2018, around 5 million records of Saks Fifth Avenue and Lord & Taylor were compromised. The breach was discovered by Gemini Advisory security company which came across 5 million stolen credit and debit cards which were offered up for sale. The case resulted in a class action lawsuit against the owners who failed to provide decent protection for confidential data.
- The Panera Bread case. The information of around 37 million users of Panera customers was breached between August 2017 and April 2018. Back in 2017, security researcher Dylan Houlihan reported a critical vulnerability to Panera Bread. The bug allowed the leak of users’ data records in plain text. However, the company ignored the bug hunter. Later in 2018, Houlihan decided to disclose the information to a journalist. (Not even buying pastry is safe anymore)
- MyHeritage breach. An online genealogy platform was contacted by a security researcher who told them about the visible “MyHeritage” file located on a private server. During an investigation, the company found out that the file contained all the company’s users’ emails and hashed passwords. MyHeritage published an official statement that the file didn’t contain any payment methods because they store sensitive information on different servers. Well, it’s quite a dubious distinction between what they consider sensitive and non-sensitive data.
- MyFitnessPal breach. Cybercriminals managed to obtain MyFitnessPal users’ emails, usernames, and hashed passwords. Fortunately, the company stores such sensitive information as payment details separately. However, the confidential data of around 150 million users was compromised.
Cybersecurity statistics 2018 VS 2017
Let’s recap again, in 2018 hackers stole around $1.5 trillion from businesses and users worldwide while in 2017 the number was around $172 billion. In general, as for the number of compromised records, only two-quarters of 2018 were needed to (4,5 billion records) surpass the entirety 2017 (2,6 billion records). And that is only those that were disclosed. Imagine the actual state of the business. The numbers are really troubling. Should we keep pretending that hacking is just a game for youngsters?
The new year has come but nothing really changed in companies’ attitude toward cybersecurity. Even large corporations tend to underestimate the importance of the proper level of protection. They don’t allocate enough and even cut budgets on security and hope for the best. How is this even possible when the situation in the security field is so critical?
Fortunately, there are some organizations that do care about the security of digital users. Hacken has helped numerous companies to increase their security level and eliminate many critical vulnerabilities that could potentially lead to devastating consequences. Entrusting your reputation to cybersecurity professionals is a smart move for a smart manager. The stakes are pretty high to ignore the question and afford arrogance. Investing in proper protection is a strategic plan that will positively benefit any company in the long run.
Hacken offers cybersecurity solutions for small, medium, and large enterprises as we offer security assessment options suitable for your company
- web application penetration testing
- network penetration testing
- mobile application penetration testing
- DDoS resistance testing
- social engineering.