The year 2019 is on the verge of its end! Unfortunately, it has been a year for cyber security downturn with the hackers targeting big private corporations and even government agencies.
Data breaches have now become a familiar phenomenon, and federal agencies have realized the consistent intimidations of exploits. But in 2019, it has been a year of total trailblazing attacks, including systems that were previously impenetrable.
The reason behind such hacks was solely monetary ambitions. However, hacks are traced by the government all around the world to keep individuals under a watch.
Every year, governments of each country release new drafts on cyber security standards
, setting the norms that should be followed by government contractors to prevent such hacks.
Here are the 11 biggest hacks that represent the most impressive feats of hackers in 2019 so far.
1) HACKING STORY OF WHATSAPP WHEN A SPYWARE WAS INSTALLED ON USERS’ PHONES
In May 2019, hackers managed to install surveillance technology on the WhatsApp users’ phones. It was prominent in the case of users who used WhatsApp as a medium for calling. WhatsApp is used by over 1.5 billion users worldwide, and it was a severe threat to that number of people.
Also, the real number of victims falling for the attack is unclear. If the reports by the Financial Times are to be believed, then this spyware was designed by the NSO group of Israel. However, that firm denied any involvement in hacking. In a statement, WhatsApp said that it had a hallmark of a private organization that was accustomed to some government agencies.
2) WHEN FORTNITE WITH ITS 250 MILLION PLAYERS FELL VICTIM TO RANSOMWARE
Fortnite is one of the prominent games in the present tech-freak world that has accumulated over 250 million users across the globe who are competing to be the best player to crack all the levels. There was much vulnerability discovered by the Check Point Research; the researchers concluded that it could have allowed any threat actor to take over any game player.
That implies that the threat actor had the privilege to view their personal account information and buy V-bucks. For cyber criminals, it is very common to fake landing pages on the popular online game that encourages in-game money while phishing for credentials.
The researchers from Check Point Research didn’t have to create a fake to find out about the breach. They also didn’t require any game-player (user) for logging-in information. They just dug hard into Fortnite’s sub-domains and found out that these allowed XSS attacks if the user clicks on the link that is sent by the attacker.
3) IPHONE HACK THAT TARGETED UIGHUR MUSLIMS IN CHINA, NEVER HAPPENED BEFORE!
For over two years now, hacked websites have been being used to attack iPhones. The hackers tried to attack every potential drawback that iPhones could ever have. Cyber security researchers, in collaboration with Google’s Project Zero, discovered some sophisticated hacks and declared that iPhone users who visited certain malicious websites might want to get their iPhone’s entire software scanned, including passwords, messages, and location data.
These attacks were identified with a sign of a state-backed effort and were suspected to be an attempt by the Chinese government to monitor Uighur Muslims. Apple moderated the scope of the attack, stating that the problem was fixed within 10 days of discovery and that the malicious website was specifically targeting Uighur users.
4) HACKERS STOLE THE USA CUSTOMS AND BORDER PROTECTION DATA
In June 2019, hackers penetrated through a database
of images that was maintained by the US Customs and Border Protection. This database was a collection of the images of the travelers’ faces and license plates. Had the breach been successful, it could have affected the data of over 100,000 travelers. CBP stated that the images were acquired via the subcontractor’s network but was declining to name the subcontractor. But later, the name was revealed in an announcement of breach by CBP; the agency called a subcontractor offering license plate reading technology – Perpectics. It suggested that they must have been involved.
5) EMOTET MALWARE ATTACKED A FEDERAL DEFENSE CONTRACTOR
In September of 2019, a government technical contractor, based in Virginia was hacked. Several of its systems were uploaded for sale on the dark web. This incident was reported by a Cyber security supervisor, Brian Krebs, though the loss from the breach wasn’t evident immediately. Fortunately, the contractor had links with the National Institute of Health, the US Department of Transportation, and the US Department of Homeland Security. It was found out the contractor was attacked by a malware strain called Emotet, typically distributed through email attachments.
6) FACEBOOK SUFFERED ONE OF THE BIGGEST DATA BREACHES IN SOCIAL MEDIA HISTORY
In April 2019, news spread wherein all Facebook users were urged to change their passwords. It was reported as one of the biggest data breaches in social media history. The whole fuss was about those two-thirds of Facebook apps holding large datasets, which left the stored data exposed to the public.
The data breach from Cultura Colectiva’s app was holding 540 million records that included FB ID’s, reactions, likes, etc.
‘At the Pool,’ another Facebook app backup contained millions of user IDs, and scope for Facebook likes, music, movies, books, photos, events, group-group chats, check-ins, interests, and much more was also at risk. This affected roughly 22,000 users.
7) WHEN 11.9 MILLION PATIENTS’ MEDICAL AND FINANCIAL DATA WAS AT BREACH RISK—EXPOSED QUEST DIAGNOSTICS
In June 2019, a famous clinical laboratory, Quest Diagnostics, proclaimed that an unauthorized user had accessed data on 11.9 million patients that included credit card information and even social security numbers. However, the company did not reveal instantly the breaching of data as it would panic all the patients and other related personnel. Later, they disclosed that some unauthorized user had accessed the stored informational data. The company put the blame on a debt collector that handled the data who worked at American Medical Collection Agency. Thereby, AMCA had to lose its 4 of its major clients, one being Quest Diagnostics, following the breach. AMCA filed a complaint for Chapter 11 protection and is hoping to liquidate.
8) EVEN MICROSOFT WASN’T SPARED; HACKERS PENETRATED INTO MICROSOFT’S VISUAL STUDIO AND SUCCESSFULLY AFFECTED AT LEAST THREE VIDEO GAMES
In the month of April, Microsoft found out that the hackers had hijacked its development tool,Visual Studio, which opened the backdoors into three other video game companies that used the similar tool. If reports are to be believed, over 92,000 computers were running with the malicious versions of the affected video games. WIRED stated that there was a likelihood of its being a Chinese hacker group called Barium. This attack was a sample to chain hack, where hackers plant malicious code into a company’s software distributed to the clients in turn. What’s the worst part here—the supply chain hack was particularly challenging to detect as the video game companies, before distributing the games, digitally signed their software and marked them as authentic even if they contained malware.
9) RANSOMWARE ATTACKS SHOCK THE LOCAL GOVERNMENTS ALL OVER THE US
In 2019, ransomware
attacks continue to shock the local government all over the US. Over the past years, continuing a trend, hackers always used ransomware to extort the local governments across the nation for monetary aims. If it is calculated, then all the major cities/states were targeted starting from the city of Baltimore, a Georgia court agency, a group of cities in Florida, and many local agencies in Texas. It is a shame, but Florida cities agreed to pay over $1 million as ransom. Some managed to refuse, instead shelling out a million dollars to rebuild their infrastructure from scratch, and there still is no guarantee to protect them from future hacking completely.
10) ON THOUSANDS OF ASUS COMPUTERS HACKERS MOUNTED BACKDOORS USING ITS OWN SOFTWARE
It all started in 2018, but it wasn’t discovered until a 2019 incident in which hackers seeded a malicious backdoor in thousands of computers made by Taiwan-based hardware company ASUS. The operation was first reported by Motherboard, which placed malicious files in an ASUS software update. It was unknowingly distributed to users by its Live Update Utility feature. Once again, the responsible hacking group turned out to be China-based Barium, reported WIRED. This group was also reported to be accountable for the supply-chain hacking of Microsoft’s Visual Studio.
11) LOCKERGOGA RANSOMWARE ATTACKING MANUFACTURING FIRMS ALL AROUND THE WORLD
In 2019, roughly five manufacturing firms have been attacked by ransomware famous as LockerGoga. Like any other violent forms of ransomware, LockerGoga was capable of shutting down computers and locking out users until the hacker is paid with the ransom. This malicious software was also able to shut down physical equipment temporarily and to cripple many manufacturing companies. According to a report by WIRED, users were anxious to see that files were becoming non-editable within a matter of minutes. The data that was being accessed was “ReadMe’, which said, “Greetings! There was a significant flaw in the security system of your company. You should be thankful the flaw was exploited by serious people and not by some rookies. They would have damaged all your data by mistake or for fun.”