The three biggest cyber-attacks of 2016

Cybercrime continues to escalate. It has become this year’s second most reported economic crime according to PwC’s Global Economic Crime Survey 2016.

Although we are only halfway through 2016, this year we have witnessed some of the worst cyber-attacks affecting critical infrastructure and personal data. From national power grid shutdowns to banks being heisted millions of euros. 

Ukraine attack on power grid

On December 23, 2015, regional energy distribution companies in Ukraine suffered a coordinated cyber-attack, leaving approximately 225,000 customers without power across various regions. This unprecedented cyber-attack was reportedly synchronized and coordinated. The attackers used stolen user credentials to remotely access and manipulate the industrial control systems and shut down power in multiple Ukrainian central and regional facilities. Operational staff could only watch helplessly as remote attackers took control of their mission-control systems and systematically shut down 30 energy substations

Although the attack occurred in December, its consequences centered the cybersecurity debate in the first part of 2016, when experts tried to figure out how a denial of service attack was able to black out Western Ukraine. According to the SANS analysis of the attack, network security monitoring could have helped detect the attackers before they shut off the power. Also, the study points out the need for a “cyber” element in incident response and disaster recovery plans.

The Central Bank of Bangladesh heist

On February 4, 2016, a cyber-attack on the central bank of Bangladesh resulted in losses of $81 Million and prevented another $850 Million in transactions from being processed. The methods deployed were highly sophisticated, involving a combination of technical skills and a deep knowledge of how Bangladesh Bank interfaced with SWIFT.

SWIFT is a consortium that operates a trusted and closed computer network for communication between member banks around the world. Hackers used SWIFT credentials of Bangladesh Central Bank employees to request the Federal Reserve Bank of New York to transfer nearly $1 billion of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka and other parts of Asia. By targeting the SWIFT network, the hackers undermined a system that until now was considered as flawless.

Hackers steal tax and salary data from nearly 640,000 companies

Payroll company ADP suffered a breach in May 2016 that disclosed the payroll, tax and benefits information from nearly 640,000 companies, including the US National Bank. A vulnerability in the company’s customer portal provided hackers with access to W-2 data from an estimated 1,400 employees. The stolen tax and salary data has the potential to be used to file a fraudulent income tax return under the employee’s name.

The incident is an example of an increasingly sophisticated population of identity thieves, which uses complex, multi-stage attack vectors to breach into company’s networks.

Evolving security solutions

RHEA Group security solution addresses the evolving nature of security threats, providing full coverage throughout the implementation lifecycle, leaving your organization free to operate and optimize its resources.