2014 by numbers: The year’s biggest breaches, hacks and cyberattacks

6 Jan 2015

Photo by Nomad_Soul/Shutterstock

Big numbers can be intimidating, especially when they are referring to sensitive data under attack as we tot up the year in data breaches, cybercrime and surveillance scandals.

Everything, everyone: online

In just one day in March 2014, a record 64bn messages were sent using WhatsApp. The Cisco Visual Networking Index expected the final match of the 2014 World Cup to generate 4.3 exabytes of IP traffic – three times that generated by Brazil’s entire population of 201m in an average month. In October, analytics from GSMA Intelligence showed that, at over 7.2bn, there are more SIMs on Earth than there are people, while the world’s online population surpassed 3bn in November.

What this all adds up to is a world that is increasingly connected to the internet, and growing more so. The United Nations Broadband Commission believes that, by 2017, half the world will have access to the internet and, by 2020, Ericsson predicts that some 90pc of people over the age of six will have a mobile phone.

Our world is hyper-connected. Our data is easily shared – and, thus, it is increasingly at risk of being compromised.

Please share data responsibly

Information security risks have a lot to do with criminals and hackers up to no good – and we’ll get to those numbers in a moment – but users themselves need to take heed of these figures and examine their own role in securing their data online.

Yes, users became more aware of data security in 2014 following a string of high-profile hacks – yet ‘123456’ is the world’s No 1 password.

Education certainly plays a role, as it can be tricky to explain SSL vulnerabilities to the 11pc of Americans who think that HTML is an STD. Then there’s the six people who agreed to Ts&Cs that required them to give up their children for free Wi-Fi.

World's No 1 Password

The world’s No 1 password in 2014. Photo by Africa Studio/Shutterstock

Big Brother is watching you

And, in 2014, users became painfully aware that it wasn’t just hackers after their data; governments wanted to tap into these online mines of information too.

Verizon Communications estimated that governments were responsible for 87pc of all online spying in 2013 and, last summer, NSA documents appeared to show that the US authorised surveillance of all but four foreign countries.

In its ninth transparency report, Google noted a 120pc rise in user information requests since 2010, while Facebook’s own report charted a 24pc increase in data requests from world governments compared to the previous year.

And where governments weren’t snooping into the affairs of citizens, they were creating sophisticated spyware to infiltrate other governments, as is suspected to be the origin of the mysterious Regin spy bug uncovered by Symantec in November.

Government surveillance protest

A sign pictured during a rally against mass surveillance in Washington, October 2013. Photo by Rena Schild/Shutterstock

The year’s biggest hacks and attacks

In 2013, overall IT security vulnerabilities reached their highest level in 14 years while Android malware saw explosive growth of 600pc in just 12 months. As hacker attacks grew, FireEye calculated an average of 70 new infections in enterprises per day

A record number of DDoS attacks were recorded by Arbor Networks in the first half of 2014, while phishing attacks jumped 43pc in June, according to RSA.

Irish firm Trustev estimates that there are more than 250m compromised identities and credit cards available for sale online and gangs of cyber-criminals are said to be able to sell access to compromised computers for as little as US$0.10 per computer.

Here’s a run-down of some of the year’s biggest cyber-attacks, data breaches and snooping scandals:

January:

February:

April:

  • 22,000 unsuspecting users’ computers were turned into ‘zombie’ hosts to facilitate a DDoS attack
  • 17pc of the internet estimated to be compromised by the Heartbleed OpenSSL vulnerability, which was said to have existed for two years before its discovery
  • 900 tax ID numbers stolen from the Canada Revenue Agency by exploiting Heartbleed
  • Three bank clerks from Lloyds TSB in the UK were alleged to have attempted to steal stg£2m from the bank’s computer system by plugging a hardware device into a colleague’s computer

May:

  • Exactly one month after the Heartbleed security vulnerability was discovered, a security expert claimed 300,000 servers worldwide were still under threat from the bug

Heartbleed

Security company Codenomicon gave Heartbleed both a name and a logo, contributing to public awareness of the issue. Image by Leena Snidate/Codenomicon

August:

September:

October:

November:

Sony Pictures hack by Guardians of Peace

This is what reportedly appeared on the screens of computers in Sony Pictures’ network following a hack by Guardians of Peace. Photo via Reddit

Main data security image by Nomad_Soul via Shutterstock

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com