One Billion records Leaked due to Cyber Attack

IBM X-Force reported the leak of personally identifiable information (PII) online in 2014.

According to IBM research team, cyber attackers are using sophisticated approaches for online attacks including DDoS and the use of malware. They steal valuable and sensitive information and use it as identity theft to financial account details. Since 2013, there has been a rise of 25 percent in leaked records, reaching a lurch one billion. Most of these records were stolen from USA.

cyber attack

A number of high-profile attacks have been found to take place over the year. JPMorgan, Sony and several companies have been the victim of cyber attacks and consequently sensitive data of customer and employee records, email and communications was leaked.

The trend of digital attacks has increased over the past years and is improbably to setback.

The company mentioned in its quarterly report, published on Monday, that the use of “designer vulns” is also increasing. These designer vulnerabilities are taking tips from branded exploit kits including Sweet Orange and Blackhole, and are now being identified in memorable ways — such as Heartbleed, Shellshock and FREAK.

Three distinctive themes have been discovered by IBM research team which infuence on the security landscape over 2014. The distributing of private content, such as uploading personal or explicit photos on cloud services was not managed with care which resulted in data theft due to weak passwords and slack policies on brute-force authentication.

The critical vulnerabilities in the foundations of operating systems, open-source libraries and content management software have also been disclosed, which has resulted in the exploitation of websites.  Lenovo’s Superfish debacle is the most recent case concerning this trend. The Chinese PC maker bundled Superfish uses advertisement support software on products shipped between September 2014 and February 2015 and the software was able to obstruct SSL and TLS website connections then use a third-party library to modify the Windows networking stack and install a new root Certificate Authority (CA), leaving the door open for exploit.

According to the security team, there is a lack of fundamental security knowledge and care which allows for violation of data privacy. End-user password use, failure to change default passwords and poor verification processes also contribute to weak security.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...