Tuesday, November 12, 2024
HomeInfosec- ResourcesTOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

TOP 10 Cyber Attacks and Critical Vulnerabilities of 2017

Published on

Malware protection

The year 2017 experienced many sophisticated cyber attacks which have been made a huge impact on the organization as well as individuals.

Here we have listed TOP 10 Cyber Attacks and critical Vulnerabilities that was playing the major role in 2017.Ransomware continues to dominate the cybersecurity world.

Wannacry

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin.

- Advertisement - SIEM as a Service

This Attack Started on 12 May 2017 and Infected more than 3,00,000 computers in over 150 countries which consider as one of the biggest Ransomware cyber Attack which world Never Faced.

Petya

A Ransomware called “Petya” Attack Large  Number of Countries across the Globe on June 2017 and it affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France, India,etc..

This Ransomware attack Started in Ukraine First, Especially Ukraine’s government, banks, state power utility and Kiev’s airport and the metro system have infected by Petya very badly then its Spreading Across the World.

Locky

The onset of Locky Ransomware campaign was thought to be evolutionary, but around the clock, the campaign has grown to be revolutionary.

The other day 711 million addresses were found to be leaked onto the internet by Online Spambot. The profound dump had found coherencies with recent Locky malspam activities.

The countries housing the most attack servers are Vietnam, India, Mexico, Turkey, and Indonesia.

Krack Attack

Highly Secured WiFi Protocol “WPA2” Critical Weakness allows to Break any WiFi Network using Key Reinstallation Attack (KRACK Attack) and this flow is given an Ability to Attacker to crack any of Victims WiFi Modem within The Range of Network.

This Critical KRACK Attack allows an Attacker to Steal the Sensitive Information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

An attacker can Accomplish this KRACK Attack by Performing Man-in-the-Attack and force network participants to reinstall the encryption key used to protected WPA2 traffic.

Sambacry

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and this Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

Super Privilege Access has been successfully takeover by this Sambacry Payload once payload has injected into the Linux Server.

SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.

Blueborne

Blueborne attack leads attackers to gain complete control over your device and from your device they can migrate to corporate networks and even to most secured Air-gapped computers.

This attack spreads through the air and attacks Bluetooth devices. All the Bluetooth devices mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable.

Duck Attack

DUHK attack allows hackers to recover encryption keys and to decrypt the encrypted web traffic.

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions.

VLC Player

Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to completely take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Grabos Malware

Android Malware called “Grabos”  Found in 144 Google Play apps and it is considered as one of the mass distribution play store Malware by huge number play store apps.

There is no surprise now to see a malicious app on Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

Apache Struts

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

10 Best Linux Distributions In 2024

The Linux Distros is generally acknowledged as the third of the holy triplet of...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...