Top 30 Cyber Attacks of 2016

Every Year we are witnessing a huge surge in Cyber Attacks worldwide from APT’s, to headless worms, targeted attacks, Ransomware, machine-to-machine attacks to DDoS, the attacks are becoming more and more diverse with Malwares piggybacking each other and collaborative approach towards exploiting vulnerabilities. Gartner predicts there will be 6.8 billion connected devices in use in 2016, a 30 percent increase over 2015. By 2020, that number will jump to more than 20 billion connected devices. The Cyber criminals had a hey-day in 2016 and will continue to do so in 2017 as well. With an increased concentration on Drive-by attacks, the emergence of “Internet of Things” is elevating the challenges poised not just to Organizations but, it brings the battle to our Homes.

These are the Top 30 Cyber Attacks faced globally in the bygone year. These attacks have been listed here based on a criteria that includes Target, Magnitude and complexity.

(Courtesy~Hackmageddon)

Date Target Description Attack Type Domain/Industry
16/02/2016 Spotify Hundreds of Spotify Premium account details are compromised and leaked online by an unknown hacker. A number of separate data dumps containing email addresses, passwords, account types and renewal dates appear online. Bruteforce Music Streaming
21/10/2016 DynDNS A distributed denial of service attack against Dyn, the dynamic DNS service, affects the availability of dozens of major websites and Internet services this morning, including Twitter and Reddit. DDoS Internet Services
16/01/2016 KickassTorrents kat.cr KickassTorrents (kat.cr) is taken down by a DDoS attack. DDoS Torrent Tracker
17/01/2016 Crelan Belgian bank Crelan is the last victim of fraudsters, with a damage of over EUR 70 million (around $75,8 million). Account Hijacking Finance
30/01/2016 Pastebin.com Pastebin is taken down by a huge DDoS attack. DDoS Online Services
29/01/2016 HSBC HSBC is hit by an apparent DDoS attack on its online banking system. DDoS Finance
04/04/2016 US Government and Commercial Networks FBI unusually warns that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, has compromised and stolen sensitive information from various government and commercial networks since at least 2011. Targeted Attack Government
04/04/2016 Trump Hotel Collection The Trump Hotel Collection suffers another breach of its credit card system. POS Malware Industry: Hotel and Hospitality
05/04/2016 50 Million Turkish Citizens Turkish authorities investigate the alleged leak of nearly 50 million citizens’ sensitive, personal data (almost two-thirds of the country’s 75 million-strong population). According to reports, a database that was uploaded online appeared to have been stolen in 2009 from a state agency which issues national ID cards. Unknown Government
12/04/2016 NaughtyAmerica.com and affiliates websites including Suite703.com An unknown hacker offers a database containing emails and passwords of 3.8 million of Naughty America porn accounts for a mere $300 Unknown Adult Sites
10/03/2016 Bangladesh Central Bank Reuters reports that unknown hackers were able to breach the Bangladesh Bank’s systems and steal its credentials for payment transfers, using them to transfer money to entities in the Philippines and Sri Lanka. The hackers were able to get away with a bounty of about $80 million, but a spelling mistake helped prevent a further nearly $1 billion theft. Account Hijacking Finance
10/03/2016 21st Century Oncology US cancer clinic 21st Century Oncology admits that a breach on its systems may have exposed private information on 2.2 million patients and employees. The breach happened in November 2015 but the FBI asked 21st Century to hold off from disclosing the incident until a thorough investigation had been completed. Unknown Healthcare
14/03/2016 Several high profile websites including The New York Times, the BBC, MSN, and AOL Several security vendors including Trend Micro and Malwarebytes reveal the details of a large scale malvertising campaign targeting high profile sites, including The New York Times, the BBC, MSN, and AOL Malvertising Media
05/05/2016 Several databases Another massive breach discovered. A trove of 272.3 million accounts belonging to several services including mail.ru, Google, Microsoft is put on sold on the dark web. Unknown Unknown
15/03/2016 Bayley’s Outdoor equipment retailer Bailey’s Inc. notifies its customers that an attacker may have stolen payment card information of 250,000 customers from the company website and that the length of the breach was longer than once thought (between Dec. 1, 2011 and Jan. 26, 2016). Unknown Industry: Retail
07/05/2016 Several Banks Worldwide OpIcarus continues and the Anonymous take down other banks across the world, including: The Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives, the Dutch Central Bank, the National Bank of Panama, the Central Bank of Kenya, the Central Bank of Mexico and the Central Bank of Bosnia and Herzegovina. DDoS Finance
27/05/2016 MySpace A hacker hiding behind the email address Tessa88@exploit.im publishes a database containing 360 million records belonging to MySpace. The database is the alleged result of a breach occurred in 2013. Unknown Social Network
30/05/2016 Tumblr 65 million passwords of Tumblr are on sell on the underground. The company admitted to have suffered a breach on May 12. Unknown Social Network
04/10/2016 store.nrsc.gov Suspected Russian hackers are believed to have been skimming credit card information of Republican donors for the past six months. The NRSC is among more than 5,900 e-commerce sites victims of the same attack. Malware Org: Political Party
14/10/2016 Evony Gaming LeakedSource reveals that Evony Gaming suffered a massive breach involving the usernames, email addresses, unsalted MD5 and SHA-1 passwords and IP addresses of 33 million gamers. Unknown Industry: Video Games
20/10/2016 Several Top Indian Banks Details of more than 3.2 million cash cards of customers of top Indian banks (Visa, Mastercard, RuPay) have reportedly been stolen in what could be one of the biggest financial data breaches in the country. While it is unclear who is behind the alleged operation, reports suggest that unauthorised transactions can be traced to various locations in China. Malware Finance
18/10/2016 AdultFriendFinder Adult dating and entertainment company FriendFinder Networks has reportedly been hacked in a massive data breach exposing more than 412 million accounts and user credentials collected over two decades. The breach is believed to have occurred in October with email addresses and passwords from six adult-oriented FriendFinder Networks websites (including cams.com and penthouse.com) dumped online. Local File Inclusion Adult Site
15/11/2016 civilsupplieskerala.gov (Kerala government’s civil supplies department) Confidential personal records of over 34 million residents in the Indian state of Kerala are compromised, after an Indian man living in Tokyo posts them on Facebook after the Indian government failed to address security flaws in website Unknown Government
23/11/2016 US Navy Hackers manage to get their hands on personal and sensitive information of over 130,000 US Navy officials after a laptop of an HPE Navy contactor is hacked. The breach was acknowledged on October, 27th. Unknown Military
26/11/2016 Deutsche Telekom 900,000 Deutsche Telekom customers are knocked off the internet when their routers are hit by a malware attack launched through the Mirai Botnet exploiting a SOAP Remote Execution Vulnerability. Malware ISP
30/11/2016 Android 4 and Android 5 Users Researchers at Check Point Software Technologies uncover a new malware variant called Gooligan that to date has hacked one million Google accounts worldwide by rooting the user’s Android device, at an alarming rate of some 13,000 devices per day. Malware Individuals
29/11/2016 European Commission The European Commission (EC) is the target of a distributed denial of service (DDoS) that leads to a breakdown in internet services for hours. DDoS Org: Politics (EU Institution)
10/07/2016 Shadi.com Dating/Matchmaking Website Shadi.com hacked. Which suffered 2 Million accounts dumped online, including clear text passwords. Unknown Dating
20/05/2016 Bank in Ecuador Third victim of the SWIFT hack: bank in Ecuador was also the victim of a similar attack in 2015 which saw cybercriminals stealing around $9 Million. Targeted attack Finance
13/06/2016 iMesh 51 Million user accounts for iMesh, a now defunct file sharing service, are put on sale on the dark web. Unknown  

File Sharing

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s