TOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

The year 2017 experienced many sophisticated cyber attacks which have been made a huge impact on the organization as well as individuals.

Here we have listed TOP 10 Cyber Attacks and critical Vulnerabilities that was playing the major role in 2017.Ransomware continues to dominate the cybersecurity world.

Wannacry

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin.

This Attack Started on 12 May 2017 and Infected more than 3,00,000 computers in over 150 countries which consider as one of the biggest Ransomware cyber Attack which world Never Faced.

Petya

A Ransomware called “Petya” Attack Large  Number of Countries across the Globe on June 2017 and it affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France, India,etc..

This Ransomware attack Started in Ukraine First, Especially Ukraine’s government, banks, state power utility and Kiev’s airport and the metro system have infected by Petya very badly then its Spreading Across the World.

Locky

The onset of Locky Ransomware campaign was thought to be evolutionary, but around the clock, the campaign has grown to be revolutionary.

The other day 711 million addresses were found to be leaked onto the internet by Online Spambot. The profound dump had found coherencies with recent Locky malspam activities.

The countries housing the most attack servers are Vietnam, India, Mexico, Turkey, and Indonesia.

Krack Attack

Highly Secured WiFi Protocol “WPA2” Critical Weakness allows to Break any WiFi Network using Key Reinstallation Attack (KRACK Attack) and this flow is given an Ability to Attacker to crack any of Victims WiFi Modem within The Range of Network.

This Critical KRACK Attack allows an Attacker to Steal the Sensitive Information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

An attacker can Accomplish this KRACK Attack by Performing Man-in-the-Attack and force network participants to reinstall the encryption key used to protected WPA2 traffic.

Sambacry

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and this Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

Super Privilege Access has been successfully takeover by this Sambacry Payload once payload has injected into the Linux Server.

SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.

Blueborne

Blueborne attack leads attackers to gain complete control over your device and from your device they can migrate to corporate networks and even to most secured Air-gapped computers.

This attack spreads through the air and attacks Bluetooth devices. All the Bluetooth devices mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable.

Duck Attack

DUHK attack allows hackers to recover encryption keys and to decrypt the encrypted web traffic.

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions.

VLC Player

Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to completely take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Grabos Malware

Android Malware called “Grabos”  Found in 144 Google Play apps and it is considered as one of the mass distribution play store Malware by huge number play store apps.

There is no surprise now to see a malicious app on Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

Apache Struts

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

1 hour ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

1 hour ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

1 hour ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

1 hour ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

1 day ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

1 day ago