Start the conversation
From phones to cars to bank accounts, hackers got imaginative in their exploitation tactics. And this year they didn't just access emails and passwords - they went for even more intimate data, including fingerprints.
Here are the five scariest hacks of 2015...
The Five Scariest Hacks of 2015 Countdown
Scariest Hack No. 5 - The Carbanak Malware Attack: The banking and financial sector saw the greatest increase in the number of reported attacks in 2015 - up 84% from 2014, according to Russian security company Kaspersky Lab. Of all of these hacks, the Carbanak malware attack was the most innovative and most dangerous. While the cyberattack initially started sometime in 2013, reported Kaspersky, its total damage was not fully realized, nor was it reported to the public, until mid-February of this year. The group behind the attack purportedly stole between $500 million and $1 billion from over 100 banks and individual customers in 30 different countries, according to USA Today. The attack began with a phishing email sent to an employee on the bank network. The malware then sat in the network and observed how transactions occurred. From there, the hackers manipulated accounts by pumping small amounts of money into them before transferring it all back to their own accounts. Since this didn't affect the account holder's original balance, the operation went undetected.
One of the more unique aspects of the Carbanak malware was its ability to make ATMs pump out money to a waiting accomplice, apparently without a bank card ever being used. Overall, the colossal financial damage done by this hack and the complexity of its architecture make it one of the most significant, and certainly most frightening, attacks of the year.
Scariest Hack No. 4 - Stage Fright 2.0: Stage Fright was a bug that targeted Android devices... up to one billion of them. Merely by using Android's preview function to listen to or watch a specially-created MP3 or MP4 file, hackers could access an Android device's code and make changes remotely. From there, they could track or steal information.
The original Stage Fright bug surfaced in July. It exploited a flaw in Alphabet Inc.'s (Nasdaq: GOOG; GOOGL) - formerly known as Google - chat apps Hangouts and Messenger when they were sent multimedia video files containing the bugged MP3s. Although Alphabet patched the initial vulnerability, the bug persisted with different modes of attack - most notably in PDF and MP3 format.
On Sept. 11, PCMag.com posted an article outlining exactly how the bug worked and how Android users could check and repair their own devices.
Still, it's important to remember: Be careful about what you download - no matter who sends it to you...
Scariest Hack No. 3 - The Anthem Breach: When health insurer Anthem Inc. (NYSE: ANTM) revealed it was hacked on Feb. 4, it made history as the biggest data breach regarding healthcare information. It was also the largest and earliest cyberattack of 2015.
The Anthem hackers gained access to over 78.8 million patient files and 8.8 million to 18.8 million employee records, according a Feb. 24 article in The Wall Street Journal. The latter is believed to include names along with dates of birth, addresses, and Social Security numbers.
Scariest Hack No. 2 - The "I Bought a Jeep" Hack: On July 24, Fiat Chrysler Automobiles NV (NYSE: FCAU) announced it was issuing a formal recall for 1.4 million vehicles that may have been affected by a hackable software vulnerability in dashboard computers. The recall was prompted by a July 21 expose in Wired magazine that revealed two "white hat" hackers were able to remotely disrupt the driving of a 2014 Jeep Cherokee. Jeeps are manufactured by Chrysler.
[mmpazkzone name="in-story" network="9794" site="307044" id="137008" type="4"]
At first the hackers toyed with the driver by blasting cold air and loud music at him. But then they stepped their game up a little and stalled the car's transmission mid-drive.
Chrysler released a statement alongside its recall announcement letting the public know that the hacking technique used in the Wired demo had never been utilized outside of that setting. The "white hat" hackers themselves even admitted it had taken them a year to break into the vehicle's code.
Scariest Hack No. 1 - The OPM Breach: The attack on the U.S. government's Office of Personnel Management is arguably the biggest data breach of 2015 due to the sensitive nature of the data that was stolen. Chinese hackers were able to infiltrate and stay under the radar within the office's networks for over a year. The breach was finally reported to the public on June 11 of this year.
Initially, estimates indicated that there were some four million victims, reported The Atlantic on Sept. 23. However, that figure soared to 21.5 million after further investigation, consisting of 19.7 million applicants for security clearances who had undergone background checks and 1.8 million spouses and other partners. Also, the federal agency said 5.6 million people's fingerprints were compromised - not 1.1 million, as previously thought.
OPM released a statement on its website on Sept. 23 alerting the public that it would begin mailing letters to all affected victims. It would also offer them free credit monitoring, though the agency did not specify for how long.
The Stock Buyback Con Game: Stock buybacks make sense for some companies, but not for all. These days, they're often used to manipulate stock prices - and they've hit record levels lately. What's driving this growth is dangerous for you and our economy...