Thursday, March 28, 2024

TOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

The year 2017 experienced many sophisticated cyber attacks which have been made a huge impact on the organization as well as individuals.

Here we have listed TOP 10 Cyber Attacks and critical Vulnerabilities that was playing the major role in 2017.Ransomware continues to dominate the cybersecurity world.

Wannacry

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin.

This Attack Started on 12 May 2017 and Infected more than 3,00,000 computers in over 150 countries which consider as one of the biggest Ransomware cyber Attack which world Never Faced.

Petya

A Ransomware called “Petya” Attack Large  Number of Countries across the Globe on June 2017 and it affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France, India,etc..

This Ransomware attack Started in Ukraine First, Especially Ukraine’s government, banks, state power utility and Kiev’s airport and the metro system have infected by Petya very badly then its Spreading Across the World.

Locky

The onset of Locky Ransomware campaign was thought to be evolutionary, but around the clock, the campaign has grown to be revolutionary.

The other day 711 million addresses were found to be leaked onto the internet by Online Spambot. The profound dump had found coherencies with recent Locky malspam activities.

The countries housing the most attack servers are Vietnam, India, Mexico, Turkey, and Indonesia.

Krack Attack

Highly Secured WiFi Protocol “WPA2” Critical Weakness allows to Break any WiFi Network using Key Reinstallation Attack (KRACK Attack) and this flow is given an Ability to Attacker to crack any of Victims WiFi Modem within The Range of Network.

This Critical KRACK Attack allows an Attacker to Steal the Sensitive Information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

An attacker can Accomplish this KRACK Attack by Performing Man-in-the-Attack and force network participants to reinstall the encryption key used to protected WPA2 traffic.

Sambacry

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and this Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

Super Privilege Access has been successfully takeover by this Sambacry Payload once payload has injected into the Linux Server.

SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.

Blueborne

Blueborne attack leads attackers to gain complete control over your device and from your device they can migrate to corporate networks and even to most secured Air-gapped computers.

This attack spreads through the air and attacks Bluetooth devices. All the Bluetooth devices mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable.

Duck Attack

DUHK attack allows hackers to recover encryption keys and to decrypt the encrypted web traffic.

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions.

VLC Player

Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to completely take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Grabos Malware

Android Malware called “Grabos”  Found in 144 Google Play apps and it is considered as one of the mass distribution play store Malware by huge number play store apps.

There is no surprise now to see a malicious app on Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

Apache Struts

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles