In a recent press conference, the FBI’s top brass got together to give the world a warning. The message was clear and simple: Nobody is safe.
500 million financial records have been stolen in the last 12 months alone. 80% of the victims never knew that they had been hacked and their data had been stolen, until it was too late. A lot has changed in the last five years, and cyber security experts underestimated the speed with which the situation would get out of hand.
Here is a run-down of the top hack attacks that took place last month:
China’s Man in the Middle Attack targets iCloud Users
Remember the Great Firewall of China? Well say hello to the great Cyber Tsunami of China! Chinese authorities exploited their control over Chinese cyberspace in order to redirect all DNS requests to iCloud.com and forward them to a page that looked exactly like the iCloud page.
The result: Apple’s users handed their login credentials to the Chinese authorities when they entered in their usernames and passwords. A classic Man In The Middle (MITM) attack.
This is not the first time that Chinese authorities have taken open measures to impact Apple’s operations in China. Numerous press statements in the past have confirmed China’s reservations towards Apple. Chinese authorities allege that Apple collects Chinese Apple users’ data (through popular devices such as the iPhone) and provides it to the American Government.
Apple only recently upgraded its encryption in response to the recent iCloud hack (and subsequent leak) that became popular as ‘The Fappening’. But encryption can be expected to provide little protection when you use an unencrypted and untunneled connection to hand over your login details to the third party.
Updates are expected to pop up in a few hours but it can be expected that the only ones lucky enough to have survived the MITM would be those who connected to foreign VPN servers and accessed the real iCloud.com.
Cyberwarfare Rages in the East
On 19th October, a 16 year old boy in India who goes by the alias “Bl@ck Dr@gon” hacked the website of a Pakistani political party. The purpose behind the attack was to deface the website and is the direct result of political friction between the two countries. This hack attack made our list because it came with a reaction!
On 20th October, a group of Pakistani hackers hacked the website of an Indian political party, performing a similar defacing of the website and leading the site administrators to take it offline.
Hack attacks like these have become fairly common around the world. Government websites are targeted with the singular purpose of disabling them and sending a message to the masses. Government websites that internet-based services to users are jackpots for these hackers because they manage to make off with loads of user info in addition to achieving the primary objective of disabling the website.
Dropbox Users get Sleepless Nights
If you or anybody you know uses Dropbox, now is the time to change your passwords. According to posts observed on Pastebin, hackers have managed to make off with the login credentials of around 7 million users. The news is not making the headlines that it should because Dropbox is insisting that the hack attack did not target and penetrate Dropbox servers.
According to Dropbox:
“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well”
However, the cause for concern is very real when considered in light of the recent Fappening and the much more recent Snappening that leaked user data on to the internet. The service provider always insists that everything is fine, until the victims find their personal data strewn across the internet.
Dairy Queen Mourns Malware Strike
Dairy Queen will be giving around 600,000 customers free identity repair services for the next one year. This is because Dairy Queen fell victim to a Malware driven hack that allowed hackers to steal the personal details and Credit Card info of Dairy Queen customers across the US.
It became clear that the malware attack was clearly a high intensity incident when the Secret Service got involved and confirmed that the technique has been used to attack over a thousand businesses in the past.
Even though this hack attack was not as bad as the ones that had targeted JP Morgan, Target and Home Depot, it confirms the growth of a much dreaded trend. Cybercriminals are now targeting high stakes targets instead of engaging in small time hack attacks.
However, there is little doubt in the fact that hack attacks like these take time, planning and patience to execute. Individual pieces of data have to be collected in order to inject the malware into the network architecture. These pieces are collected by covertly accessing and stealing the data of unencrypted and unprotected users. So the next time you access a public WiFi without activating your VPN, you might be putting your company at risk in addition to your personal information.
The Biggest Bank in America Gets Hacked
JP Morgan got hacked this month when hackers managed to target 76 million private and 7 million business accounts. In a report to the Securities and Exchange Commission (SEC), JP Morgan insisted that everything was fine and told customers that they did not have to change their passwords as the hack attack was not of a potent nature.
JP Morgan further stated that no unusual customer fraud has been observed that would indicate fallout from this incident. What JP Morgan failed to factor in was that if the hackers had the brains to hack the biggest bank in the US then you can trust them to have the brains to use the stolen data without leaving any breadcrumbs.
There is suspicion that this hack attack may have been a response to the recent sanctions placed on Russia by Western countries. However, the FBI has rejected this idea and asserts that there is a need for more evidence before any fingers can be pointed.
In all of this mess, JP Morgan claims no responsibility and has taken a rather rigid stand insisting that it would not be offering its customers any assistance of any sort with relation to the incident. Either the hack attack never happened and the entire SEC filing was a lie, or JP Morgan is exploiting its position as the biggest banking institution in the US.
Nobody is Safe
It is getting very messy and there is very little hope for the unprotected internet user. Here are a few all-purpose tips you can implement to avoid becoming a cybercrime statistic:
- Never log on to the internet without activating your VPN
- Use two-step activation wherever the feature is available
- Use a unique password for every account and never recycle your passwords
- Check your activity and access logs regularly
- Check your bank statements regularly
- Only buy/sell to/from trusted online vendors
- Never ever put any data on the cloud that you do not want shared publicly
- Never send your login credentials to anybody through any medium over the internet
Hack attacks are sequential and strategic operations that are designed by the cleverest and sharpest minds in the world. If you do not have the ability to take them down, you can always defend yourself by encrypting and tunneling your data.