1.The Persirai botnet
In 2017, an Internet of Things (IoT) botnet, Persirai, targeted over 1,000 different models of Internet Protocol (IP) cameras, accessing open ports to inject a command that forced the cameras to connect to a site which installed malware on them. Once the malware was downloaded and executed, it deleted itself and was therefore able to run in memory to avoid detection.
Over 122,000 of these cameras from several different manufacturers were hijacked and used to carry out distributed denial-of-service (DDoS) attacks, without the knowledge of their owners. A DDoS attack occurs when multiple devices infected with malware flood the resources of a targeted system.
The IoT is connecting more and more devices, creating more opportunities for cybercriminals to attack.
2.Equifax Inc.
In September 2017, Equifax, a consumer credit reporting agency in the United States, publicly announced a data breach event: Attackers had been able to exploit a vulnerability in its web application software to gain access to the sensitive personal data of millions of customers.
In response to this breach, Equifax established a dedicated website that allowed Equifax customers to determine if their information was compromised. However, instead of using a subdomain of equifax.com, the company set up a new domain name, which allowed cybercriminals to create unauthorized websites with similar names. These websites were used to try and trick customers into providing personal information.
Attackers could use this information to assume a customer’s identity. In such cases, it would be very difficult for the customer to prove otherwise, given that the hacker is also privy to their personal information.
Comments
Post a Comment