One Billion records Leaked due to Cyber Attack

IBM X-Force reported the leak of personally identifiable information (PII) online in 2014.

According to IBM research team, cyber attackers are using sophisticated approaches for online attacks including DDoS and the use of malware. They steal valuable and sensitive information and use it as identity theft to financial account details. Since 2013, there has been a rise of 25 percent in leaked records, reaching a lurch one billion. Most of these records were stolen from USA.

cyber attack

A number of high-profile attacks have been found to take place over the year. JPMorgan, Sony and several companies have been the victim of cyber attacks and consequently sensitive data of customer and employee records, email and communications was leaked.

The trend of digital attacks has increased over the past years and is improbably to setback.

The company mentioned in its quarterly report, published on Monday, that the use of “designer vulns” is also increasing. These designer vulnerabilities are taking tips from branded exploit kits including Sweet Orange and Blackhole, and are now being identified in memorable ways — such as Heartbleed, Shellshock and FREAK.

Three distinctive themes have been discovered by IBM research team which infuence on the security landscape over 2014. The distributing of private content, such as uploading personal or explicit photos on cloud services was not managed with care which resulted in data theft due to weak passwords and slack policies on brute-force authentication.

The critical vulnerabilities in the foundations of operating systems, open-source libraries and content management software have also been disclosed, which has resulted in the exploitation of websites.  Lenovo’s Superfish debacle is the most recent case concerning this trend. The Chinese PC maker bundled Superfish uses advertisement support software on products shipped between September 2014 and February 2015 and the software was able to obstruct SSL and TLS website connections then use a third-party library to modify the Windows networking stack and install a new root Certificate Authority (CA), leaving the door open for exploit.

According to the security team, there is a lack of fundamental security knowledge and care which allows for violation of data privacy. End-user password use, failure to change default passwords and poor verification processes also contribute to weak security.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...