3 of 15Image
The U.S. Federal Reserve
In February this year, the Federal Reserve acknowledged that hacktivist collective Anonymous had broken in to a number of government websites as part of "Operation Last Resort" -- and managed to both steal and post the sensitive credentials of 4,600 banking executives.
The compromised and exposed database belongs to The St. Louis Federal Emergency Communications System, the communication system used by seventeen states in a time of crisis, allowing financial institutions and government officials to talk through two-way channels.
The hacktivists posted both the login details and private information -- such as IP addresses and contact information -- in to a public dump, all the while demanding U.S. computer crime law reform. Just to further twist the knife, Anonymous used the government website itself to post the spreadsheet containing the stolen data.
In February this year, the world's largest social network suffered a sophisticated attack caused by a zero day vulnerability.
Facebook said there was "no evidence" that user data was compromised by the cyberattack, which was caused when a number of the social network's employees visited a mobile developer website infected with malicious code. Malware was then installed on these employee's laptops, and the Java-based zero day exploit was able to bypass security systems that keep applets away from system files. As a result, hackers may have been able to access the internal Facebook corporate network.
Law enforcement was notified and the hack investigation is ongoing.
However, this wasn't the end for Facebook's year of being a cyberattack target. Facebook said in a blog post on June 21 that as part of its White Hat scheme -- which rewards notices of system vulnerabilities -- a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them. Approximately 6 million Facebook users had email addresses or telephone numbers shared without their consent before the bug was fixed.
In February, Apple experienced a breach on its corporate servers after employee computers were hit with malware, funnelled through a vulnerability in the Java Web plug-in. This attack took place only a week after Facebook was hit with a similar attack.
On February 19, the iPhone and iPad maker announced the company was working with law enforcement agencies to investigate the security breach, but there was "no evidence that any data left Apple." The tech giant said in a statement:
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network."
A Java malware removal tool was released the same day to prevent Mac users from being hit with the same cyberattack, and Oracle subsequently patched the exploit.
Image credit: Apple