Start the conversation
From phones to cars to bank accounts, hackers got imaginative in their exploitation tactics. And this year they didn't just access emails and passwords – they went for even more intimate data, including fingerprints.
Here are the five scariest hacks of 2015…
The Five Scariest Hacks of 2015 Countdown
Scariest Hack No. 5 – The Carbanak Malware Attack: The banking and financial sector saw the greatest increase in the number of reported attacks in 2015 – up 84% from 2014, according to Russian security company Kaspersky Lab. Of all of these hacks, the Carbanak malware attack was the most innovative and most dangerous. While the cyberattack initially started sometime in 2013, reported Kaspersky, its total damage was not fully realized, nor was it reported to the public, until mid-February of this year. The group behind the attack purportedly stole between $500 million and $1 billion from over 100 banks and individual customers in 30 different countries, according to USA Today. The attack began with a phishing email sent to an employee on the bank network. The malware then sat in the network and observed how transactions occurred. From there, the hackers manipulated accounts by pumping small amounts of money into them before transferring it all back to their own accounts. Since this didn't affect the account holder's original balance, the operation went undetected.
One of the more unique aspects of the Carbanak malware was its ability to make ATMs pump out money to a waiting accomplice, apparently without a bank card ever being used. Overall, the colossal financial damage done by this hack and the complexity of its architecture make it one of the most significant, and certainly most frightening, attacks of the year.
Scariest Hack No. 4 – Stage Fright 2.0: Stage Fright was a bug that targeted Android devices… up to one billion of them. Merely by using Android's preview function to listen to or watch a specially-created MP3 or MP4 file, hackers could access an Android device's code and make changes remotely. From there, they could track or steal information.
The original Stage Fright bug surfaced in July. It exploited a flaw in Alphabet Inc.'s (Nasdaq: GOOG; GOOGL) – formerly known as Google – chat apps Hangouts and Messenger when they were sent multimedia video files containing the bugged MP3s. Although Alphabet patched the initial vulnerability, the bug persisted with different modes of attack – most notably in PDF and MP3 format.
On Sept. 11, PCMag.com posted an article outlining exactly how the bug worked and how Android users could check and repair their own devices.