Every Year we are witnessing a huge surge in Cyber Attacks worldwide from APT’s, to headless worms, targeted attacks, Ransomware, machine-to-machine attacks to DDoS, the attacks are becoming more and more diverse with Malwares piggybacking each other and collaborative approach towards exploiting vulnerabilities. Gartner predicts there will be 6.8 billion connected devices in use in 2016, a 30 percent increase over 2015. By 2020, that number will jump to more than 20 billion connected devices. The Cyber criminals had a hey-day in 2016 and will continue to do so in 2017 as well. With an increased concentration on Drive-by attacks, the emergence of “Internet of Things” is elevating the challenges poised not just to Organizations but, it brings the battle to our Homes.
These are the Top 30 Cyber Attacks faced globally in the bygone year. These attacks have been listed here based on a criteria that includes Target, Magnitude and complexity.
(Courtesy~Hackmageddon)
| Date | Target | Description | Attack Type | Domain/Industry |
| 16/02/2016 | Spotify | Hundreds of Spotify Premium account details are compromised and leaked online by an unknown hacker. A number of separate data dumps containing email addresses, passwords, account types and renewal dates appear online. | Bruteforce | Music Streaming |
| 21/10/2016 | DynDNS | A distributed denial of service attack against Dyn, the dynamic DNS service, affects the availability of dozens of major websites and Internet services this morning, including Twitter and Reddit. | DDoS | Internet Services |
| 16/01/2016 | KickassTorrents kat.cr | KickassTorrents (kat.cr) is taken down by a DDoS attack. | DDoS | Torrent Tracker |
| 17/01/2016 | Crelan | Belgian bank Crelan is the last victim of fraudsters, with a damage of over EUR 70 million (around $75,8 million). | Account Hijacking | Finance |
| 30/01/2016 | Pastebin.com | Pastebin is taken down by a huge DDoS attack. | DDoS | Online Services |
| 29/01/2016 | HSBC | HSBC is hit by an apparent DDoS attack on its online banking system. | DDoS | Finance |
| 04/04/2016 | US Government and Commercial Networks | FBI unusually warns that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, has compromised and stolen sensitive information from various government and commercial networks since at least 2011. | Targeted Attack | Government |
| 04/04/2016 | Trump Hotel Collection | The Trump Hotel Collection suffers another breach of its credit card system. | POS Malware | Industry: Hotel and Hospitality |
| 05/04/2016 | 50 Million Turkish Citizens | Turkish authorities investigate the alleged leak of nearly 50 million citizens’ sensitive, personal data (almost two-thirds of the country’s 75 million-strong population). According to reports, a database that was uploaded online appeared to have been stolen in 2009 from a state agency which issues national ID cards. | Unknown | Government |
| 12/04/2016 | NaughtyAmerica.com and affiliates websites including Suite703.com | An unknown hacker offers a database containing emails and passwords of 3.8 million of Naughty America porn accounts for a mere $300 | Unknown | Adult Sites |
| 10/03/2016 | Bangladesh Central Bank | Reuters reports that unknown hackers were able to breach the Bangladesh Bank’s systems and steal its credentials for payment transfers, using them to transfer money to entities in the Philippines and Sri Lanka. The hackers were able to get away with a bounty of about $80 million, but a spelling mistake helped prevent a further nearly $1 billion theft. | Account Hijacking | Finance |
| 10/03/2016 | 21st Century Oncology | US cancer clinic 21st Century Oncology admits that a breach on its systems may have exposed private information on 2.2 million patients and employees. The breach happened in November 2015 but the FBI asked 21st Century to hold off from disclosing the incident until a thorough investigation had been completed. | Unknown | Healthcare |
| 14/03/2016 | Several high profile websites including The New York Times, the BBC, MSN, and AOL | Several security vendors including Trend Micro and Malwarebytes reveal the details of a large scale malvertising campaign targeting high profile sites, including The New York Times, the BBC, MSN, and AOL | Malvertising | Media |
| 05/05/2016 | Several databases | Another massive breach discovered. A trove of 272.3 million accounts belonging to several services including mail.ru, Google, Microsoft is put on sold on the dark web. | Unknown | Unknown |
| 15/03/2016 | Bayley’s | Outdoor equipment retailer Bailey’s Inc. notifies its customers that an attacker may have stolen payment card information of 250,000 customers from the company website and that the length of the breach was longer than once thought (between Dec. 1, 2011 and Jan. 26, 2016). | Unknown | Industry: Retail |
| 07/05/2016 | Several Banks Worldwide | OpIcarus continues and the Anonymous take down other banks across the world, including: The Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives, the Dutch Central Bank, the National Bank of Panama, the Central Bank of Kenya, the Central Bank of Mexico and the Central Bank of Bosnia and Herzegovina. | DDoS | Finance |
| 27/05/2016 | MySpace | A hacker hiding behind the email address Tessa88@exploit.im publishes a database containing 360 million records belonging to MySpace. The database is the alleged result of a breach occurred in 2013. | Unknown | Social Network |
| 30/05/2016 | Tumblr | 65 million passwords of Tumblr are on sell on the underground. The company admitted to have suffered a breach on May 12. | Unknown | Social Network |
| 04/10/2016 | store.nrsc.gov | Suspected Russian hackers are believed to have been skimming credit card information of Republican donors for the past six months. The NRSC is among more than 5,900 e-commerce sites victims of the same attack. | Malware | Org: Political Party |
| 14/10/2016 | Evony Gaming | LeakedSource reveals that Evony Gaming suffered a massive breach involving the usernames, email addresses, unsalted MD5 and SHA-1 passwords and IP addresses of 33 million gamers. | Unknown | Industry: Video Games |
| 20/10/2016 | Several Top Indian Banks | Details of more than 3.2 million cash cards of customers of top Indian banks (Visa, Mastercard, RuPay) have reportedly been stolen in what could be one of the biggest financial data breaches in the country. While it is unclear who is behind the alleged operation, reports suggest that unauthorised transactions can be traced to various locations in China. | Malware | Finance |
| 18/10/2016 | AdultFriendFinder | Adult dating and entertainment company FriendFinder Networks has reportedly been hacked in a massive data breach exposing more than 412 million accounts and user credentials collected over two decades. The breach is believed to have occurred in October with email addresses and passwords from six adult-oriented FriendFinder Networks websites (including cams.com and penthouse.com) dumped online. | Local File Inclusion | Adult Site |
| 15/11/2016 | civilsupplieskerala.gov (Kerala government’s civil supplies department) | Confidential personal records of over 34 million residents in the Indian state of Kerala are compromised, after an Indian man living in Tokyo posts them on Facebook after the Indian government failed to address security flaws in website | Unknown | Government |
| 23/11/2016 | US Navy | Hackers manage to get their hands on personal and sensitive information of over 130,000 US Navy officials after a laptop of an HPE Navy contactor is hacked. The breach was acknowledged on October, 27th. | Unknown | Military |
| 26/11/2016 | Deutsche Telekom | 900,000 Deutsche Telekom customers are knocked off the internet when their routers are hit by a malware attack launched through the Mirai Botnet exploiting a SOAP Remote Execution Vulnerability. | Malware | ISP |
| 30/11/2016 | Android 4 and Android 5 Users | Researchers at Check Point Software Technologies uncover a new malware variant called Gooligan that to date has hacked one million Google accounts worldwide by rooting the user’s Android device, at an alarming rate of some 13,000 devices per day. | Malware | Individuals |
| 29/11/2016 | European Commission | The European Commission (EC) is the target of a distributed denial of service (DDoS) that leads to a breakdown in internet services for hours. | DDoS | Org: Politics (EU Institution) |
| 10/07/2016 | Shadi.com | Dating/Matchmaking Website Shadi.com hacked. Which suffered 2 Million accounts dumped online, including clear text passwords. | Unknown | Dating |
| 20/05/2016 | Bank in Ecuador | Third victim of the SWIFT hack: bank in Ecuador was also the victim of a similar attack in 2015 which saw cybercriminals stealing around $9 Million. | Targeted attack | Finance |
| 13/06/2016 | iMesh | 51 Million user accounts for iMesh, a now defunct file sharing service, are put on sale on the dark web. | Unknown |
File Sharing
|
theinfosecguru.wordpress.com 