The Strategist

Five biggest cybercrimes of 2018

08/01/2018 - 08:14

The first half of 2018 was less rich in high-profile leaks and global hacker attacks than the same period last year. Alas, it’s all good news for now. Corporate security is developing too slowly, investments in the relevant infrastructure are inadequate, and hackers operating in the interests of different countries are becoming bolder and more sophisticated. Here are the main scandals related to cyber security this year.

Christoph Scholz via flickr
Christoph Scholz via flickr
Hacking of the US energy system

In 2017, security experts discovered that a group of Russian hackers had infiltrated the US energy grid; according to some accounts, the attackers even obtained access to the control system. In combination with other high-profile attacks held in 2017, such as the NotPetya extortion virus, the hack has become a sobering revelation. However, the US authorities publicly recognized Russia's participation in these attacks only in 2018. Government officials repeatedly hinted at this, but the Trump administration formally linked the NotPetya virus to Russia only in February this year, and accused attacking the country's power system the Kremlin in March. The public statement of the White House was a key step in developing an appropriate strategy for action by the public and corporate sector.

American universities

In March, the US Department of Justice accused nine Iranian hackers of attacking more than 300 universities in America and other countries. They are suspected of hacking 144 American educational institutions, 176 foreign universities from 21 countries, 47 private companies and attacks on other targets: the UN, the US Federal Energy Regulatory Commission, the state administrations of Hawaii and Indiana. The Ministry of Justice says that, hackers have stolen 31 TB of data with intellectual property worth $ 3 billion in total. Attacks were conducted using phishing emails. The hackers tried to deceive professors and other university staff by using fake links and enter their credentials. The attackers managed to get information about 8 thousand accounts from 100 thousand potential targets. 3,768 of them belonged to employees of American universities. Authorities associate the attack with the so-called Mabna Institute, related to the Guard Corps of the Islamic Revolution. The Institute was founded in 2013 to coordinate activities of cybercriminals. The tensions between Iran and the United States often turn into conflicts in the digital space, and the situation has become much more acute lately.

Insecure data 

Information theft is still a problem. However, one more issue, that is, data insecurity, occurred this year. Often it happens in the public domain due to incorrect configuration of cloud storage and databases. A similar case occurred with the marketing company Exactis, which stored about 340 million records on an unprotected public server. The data did not contain social security numbers or credit cards, but 2 TB of personal information about millions of Americans could get into the hands of the attackers. The problem was discovered by security expert Vinny Troia. Exactis deleted the data, but now there’s a threat of a class action lawsuit. Leaks from cloud storage appear regularly, but problems also arise when data is stored in the wrong place or in the wrong format due to software errors. For example, in early May Twitter reported that it accidentally stored passwords of some users in an unencrypted text form in the company’s internal journal. The company fixed the error immediately after detection, but did not reveal how long the passwords remained public. When unprotected data becomes obvious, companies usually assure users that there is no evidence of their illegal use. Although such a conclusion can indeed be reached by analyzing access logs or other information, the main danger is that there is no way to know exactly who and when the data was discovered and how it was disposed of.

Under Armour

In late February, cybercriminals hacked the MyFitnessPal application, stealing logins, passwords and e-mails of nearly 150 million of its users. Under Armor discovered the invasion on March 25 and revealed the fact to the public during the following week. In addition, it seems that the company quite well protected the most valuable information, such as location, credit card numbers, dates of birth. The passwords were encrypted by hashing or turning into a string of characters. Isn’t that great? However, there was one problem: despite all the protection, Under Armor admitted that only a part of the passwords was hashed using the stable algorithm bcrypt, the rest were encrypted using the weaker SHA-1 scheme. This means that hackers, in all probability, managed to crack some of the stolen passwords for later sale or use in online scams. Although everything ended well enough, hacking MyFitnessPal was another reminder of the deplorable state of security systems in corporate networks.


In late May, US authorities warned of the attack of Russian hackers, affecting more than 500 thousand routers around the world. They installed malware VPNFilter, which allows monitoring and manipulating web activity. Using VPNFilter, it is possible to create large-scale bot networks and use them for spam campaigns, data theft and targeted localized attacks. VPNFilter is able to infect dozens of models of routers manufactured by Linksys, Netgear, ASUS, TP-Link, Huawei and D-Link. Currently, the FBI is working to resolve this problem, while the overall scale and ultimate goals of the attack have not yet been established.