The Most Surprising Cyber Hacks That Shook Us in 2019
Cyber security threats kept growing in 2019, and it is expected that they will continue to increase in 2020, despite all efforts to stop it. Every time a weakness is patched, hackers find another system with a vulnerability to exploit. Not to mention, there are still a lot of users who ignore warnings from cybersecurity experts and put their cyber security at risk by acting carelessly. As a result, systems and accounts get hacked, and sensitive information gets leaked. The worst part is that no one is safe. Whether you are a regular user or you work for a huge company, hackers can always find a way to misuse any piece of information or functionality of their hacked system if they can only get their hands on it. Further, in this article, we present the top 5 cyber hacks of 2019 that, in our opinion, shook both regular users and organizations the most. The point of this list is to increase your awareness of various cyber hacks as well as to present tips on how to improve your personal or your company’s cyber security.
Our list of the most shocking cyber hacks of 2019 does not have any data breaches, as we believe such attacks have become so frequent that they should have a list of their own. The attacks we talk about involve hacking popular applications and devices. Without further ado, here is our list of 5 cyber hacks that we believe shocked us the most in 2019.
A flaw in 7-Eleven applications
After exploiting a particular weakness found on the 7pay app used by the 7-Eleven customers in Japan, cybercriminals were able to hack multiple accounts from which they stole around 510 thousands of US dollars. It appears that the app had a poorly designed password reset function that allowed anyone to request a password reset by only providing a user’s email address, date of birth, and a phone number. Unfortunately, since data breaches keep occurring, such information is not that difficult to come by. Also, the 7pay password reset function allowed requesting a new password to be sent to a different email address, which allowed cybercriminals to request new passcodes to be sent to their email accounts. As a result, it is estimated that attackers managed to hack around 900 accounts. 7-Eleven promised to compensate users who lost money due to the flaw in the 7pay app. Hopefully, they will put more effort into ensuring that hackers will not be able to hack their app again.
Attack on Avast
The hacking incident during which cyber criminals gained access to the systems of Avast was probably one of the most shocking ones. It proved that no one is safe from cybercriminals, not even companies that create antivirus products. It was announced that hackers gained access to Avast systems by gaining access to an account that was not protected with Two-Factor Authentication. After detecting this activity, the company allowed hackers to carry on with what they were doing a little bit longer to find out what was their goal. It appears they were trying to implant malware into CCleaner, which is a product of Avast. Fortunately, hackers did not succeed.
Hijacked ATM devices turned into slot machines
2019 brought us a threat called WinPot that can make an ATM device to dispense cash stored in it like a slot machine. Hackers who use these tools are provided with a window that gets to be displayed on an infected device’s screen. This window shows how much money there is and allows clicking SPIN buttons that start the money dispensation. The malware allows hackers to pause the process by clicking the STOP button. Every time this button is clicked, the malicious application should count once more how much money is left, and if the SPIN button is clicked, it should start dispensing cash again. This type of hacking is not unheard of, but it is not as usual as skimming and, without a doubt, might sound mind-blowing.
Hacked database exposed 20.8 million user records
A cyber attack that shook the citizens of Ecuador the most was the hack of the Elasticsearch server. Because of it, cybercriminals might have obtained personal information (including information on victims’ children and financial data) of over 20.8 million Ecuadorians. It is not that the hacked database did not have a password, it was misconfigured. In other words, hackers gained access to it by exploiting the database’s configuration weaknesses. According to Whitehatsec.com, lots of servers have unneeded default applications, configuration files, scripts, and webpages as well as unused enabled services, such as remote administration functionality, that can be exploited if they are not dealt with. Naturally, companies who store sensitive information on servers or databases should make sure they are well-configured if they want to stop cybercriminals from hacking them.
Attack on the McDonald’s app
2019 has also proven that cybercriminals like fast food as much as regular people as they put their effort into hacking the McDonald’s app accounts. It was reported that some of the attackers were so hungry that they placed fraudulent orders worth between $500 and $2000. Thus, the media decided that the most fitting name for these cybercriminals is hamburglars. These incidents also created a dispute between the application’s providers and its users. McDonald’s claimed that the app is secure and that accounts were hacked due to weak passwords. However, some users argued that the company could provide users with more safety measures, such as Two-Factor Authentication or a notification function to alert users when orders are placed from unusual locations.
How to increase your personal or your organization’s cyber security?
Your cyber security depends not only on how secure the applications or platforms you use are but also on how much effort you put into securing them. One of the biggest mistakes that a lot of users still make is set up weak passwords. It is understandable that unique and complex login credentials are difficult to memorize, but you no longer have to do it as there are dedicated password managers that can remember passwords for you. Keep in mind that specialists still recommend creating passcodes from at least 10-12 characters that ought to contain both lower-case and upper-case letters, numbers, and symbols. Having strong passwords is essential both to regular home users and organizations.
In 2019 a lot of applications and platforms started offering the Two-Factor Authentication feature. Two-Factor Authentication is an additional layer of security that can protect your account even if hackers learn your login credentials. With it enabled, the only way to log into an account becomes providing not only the correct login credentials but also a unique code, which is usually delivered to a user’s mobile phone or via email. Of course, even with Two-Factor Authentication, you cannot be certain that no one will be able to hack your account, for example, by tricking you into proving the needed verification code. Nonetheless, it can still increase your cyber security, and we highly recommend using this feature whenever you can for both personal and business accounts.
What we would recommend particularly for organizations is to employ IT specialists who could have a closer look at their systems and determine what could be their weaknesses. Also, it is vital to educate employees on cyber security. A lot of hacks, data breaches, and attacks alike are successfully carried out because people make mistakes, which often happens due to their lack of knowledge. Therefore, we recommend teaching your employees how to browse safely, how to create strong passwords, and how to recognize potentially dangerous content.
What’s more, companies that have databases with sensitive information of their clients or partners should employ more than minimum safety measures. Situations, when a hacked database did not have a password or had a weak password, are rare. Unfortunately, cybercriminals are capable of hacking databases that are protected with more than a strong password. Thus, trying to skimp on cyber security could backfire.
All in all, 2019 once again showed us that hackers can still come up with new ways to hack our accounts and systems. However, more and more companies and regular users not only become aware of cyber threats, but also search for ways to increase their cyber security. Perhaps, this year we will all do better and will be able to stop the growth of cybercrime at last. Thus, if your list of things you wish to achieve in 2020 is still unfinished, we hope you will add “increased cyber security” to it.