Worst Social Engineering Attacks of 2018, So Far

January 21, 2020

Taking a look back at the first six months of 2018, there have been many significant social engineering attacks. Below are some of the worst confirmed social engineering attacks during the first half of this year.

Florida’s Agency for Health Care Administration
Month: January 2018
Attack Type: Phishing
Impact: 30,000 records exposed

In November of 2017 an employee of the Agency fell victim to a malicious phishing attack. This gave the attacker access to information for up to 30,000 Medicaid enrollees. This included information such as names, Medicaid IDs, birthdates, Social Security numbers, diagnoses, and more. Prior to this attack taking place, the Agency had put in place a continual staff training program, however this incident has resulted in a review of that program. The attack was made public in January 2018.

Bee Token ICO
Month: January 2018
Attack Type: Scam
Impact: $1M worth of Ethereum stolen from investors

No surprise an ICO-related attack is included in this post. Investors who were looking to buy Bee Tokens during their initial coin offering (ICO) were tricked into sending money to scammers. Investors were sent a scam email that looked like it was from Bee Token stating that the ICO was now open and they could invest. The scammers got away with nearly $1 million in Ethereum.

Sample paid ads by the Coinhoarder group

Various Individuals 
Month: February 2018
Attack Type: Phishing Website
Impact: $50M lost by individuals

In February of this year it was reported that a Ukrainian cybercrime group used Google ads to drive people to Bitcoin phishing sites. These ad campaigns took place over a three year period. One campaign took place from September 2017 to December 2017 and the group made away with about $10 million. In total, the group made an estimated $50 million before the Ukrainian cyber police shut down the servers hosting these sites.

City of Atlanta
Month: March 2018
Attack Type: Ransomware
Impact: $2.6M spent to recover (so far)

The City of Atlanta SamSam ransomware attack was one of the more publicized attacks so far this year. The attack crippled the city for nearly a week and impacted more than a third of Atlanta’s 424 necessary programs. Close to 30% of these programs were mission critical. It also impacted revenue collection as residents weren’t able to pay their water bills for a few days. The attackers demanded $6,800 to unlock each computer or $51,000 to unlock all computers. It has not been confirmed whether the city paid the ransom or tried to pay, however, the payment portal was quickly taken offline. Atlanta has spent around $2.6 million so far in incident response and recovery and it is estimated they’ll need an additional $9.5 million to recover over the next year.

Liberty Life
Month: June 2018
Attack Type: Ransomware
Impact: Potentially millions

This attack was discovered by well-known global security researcher Troy Hunt. It is still under investigation but it looks like it could be “the biggest breach yet of a financial services corporation in SA [South Africa],” says Arthur Goldstuck, MD of World Wide Worx. The hackers obtained sensitive data about some of the insurer’s top clients and are demanding millions to prevent them from releasing the data. It has been speculated that the attackers targeted the email repository because email appears to be a weak link. Goldstuck also says, “However, the real weak link is the human being. The easiest form of hacking is what is called social engineering, which is the use of trickery to get information from employees.” No reports of how many people are affected but its estimated that it could be millions.

Companies that are still relying on traditional filtering security and/or their employees to stop attacks are leaving their organizations extremely vulnerable as these attackers continue to expose weaknesses in these solutions. To learn more about how Graphus® leverages our patented AI technology, the TrustGraph®, to automatically stop social engineering attacks, schedule a demo today.