5 Biggest Security Testing Failures of 2017
- December 13, 2017
Life has become easier with these continuous software inventions making things easier every day. But once a software fails to perform as expected, the users won’t take a chance to shift to the other option, marking it as inefficient for life!
But, how can a software application fail if it was designed and created to serve the sole purpose of meeting its objective tasks? Probably, because it wasn’t meticulously tested for bugs and issues and security loops!
Security Testing Failures are not just a missed shot but they are disrupting our information data on a large scale.
Just a few years back, it was quite easy for an attacker to hack any email account, Facebook profile, or financial information. Back then, information was dangerously vulnerable. But with the passage of time and carelessness of industries these attacks increased and wreaked havoc on even the most security-conscious enterprises.
As per COO of (ISC)2, Wesley Simpson:
“Everyone is susceptible to these attacks. Nobody is immune. It doesn’t matter what type of organization, how strong you think you are, how much money that you’re investing into your hardware and software environment to have the latest and greatest technology. We’re all vulnerable, and you can’t do it alone.”
Surprisingly, in 2016, Yahoo suffered a massive security breach with hackers stealing data of nearly one billion people.
Who knew 2017 would see the worst of times! As per CNBC, 918 cyber breaches exploited 1.9 billion data records only in the first half of 2017. It is a drastic increase of 164% if compared to the previous year 2016. It feels like a nightmare when we begin recalling the drastic Software Failures that stormed the current year.
Here is a reminder for all the stakeholders that there is no space left for outdated security systems anymore!
Following are some of the largest Software Failures in 2017 that occurred because of lack of security testing:
WannaCry – Made Everyone Cry
The mastermind of ransomware, WannaCry hit the security systems on May 12th. The malevolent ransomware attacked over 230,000 systems in more than 150 countries. It drastically crippled major organizations such as UK’s National Health Service, Spain’s Telefonica, FedEx, and there is a long list that got hit one after the other. The attackers encrypted the credentials of the infected computers and asked for Bitcoin as a payment to unlock the hard disks’ content.
It was shocking that WannaCry perpetrators were able to break through the vulnerability in the Microsoft Windows OS using a leaked code, EternalBlue. Surprisingly, the code was generated by the US Security Agency.
The amateur hackers would have kept on doing the evil activity until a young British web security researcher registered a domain that efficiently traced the ransom and stopped the attack. But it was too late!
The Game of Hacks!
Though hell for HBO, the horrifying hack was a treat for the GOT fans. Before it could get released on the decided date, it was already stolen by the witty hackers. These may seem just figures, but they actually stole 1.5 terabytes of information, including to be released GOT episodes and tons of other data. Astonishingly, HBO had to pay a Bitcoin of worth $6 million to get rid of the evil guy.
It was one of its own kind of software failure where the HBO’s performance testers could not resist the burdening load and made it vulnerable!
But it was (Not)Petya
A malicious ransomware that was mistakenly recognized as 2016’s malware Petya, massively scattered across the globe and infected four countries’ systems in a row. But Ukraine faced most of the damage done.
Fortunate at the moment, Petya only asked for some payment to unlock the encrypted hard drives of hacked systems, but NotPetya had done some serious irreversible harm to these hard disks without providing a way back.
NotPetya would spread from one system to the other by using the NSA-manufactured Windows vulnerabilities, EternalBlue, and Eternal Romance. In simple words, it was autonomous and did not need human involvement to spread through the computers.
It is a perfect example of failed load testing!
So, testers would be making the same mistakes you made this year?
Equifax – Another Easy Target
Equifax is the US-based consumer credit reporting group of agencies. It is responsible to collect the information of more than 800 million individuals worldwide. However, recently in September, the information saving bank startled everyone by making an unexpected announcement, its security system could not save the information of 143 million users, chiefly, the UK, Canada, and the US.
Hackers stole Social Security codes, driver’s license’s numbers, credit card credentials, and every private information that could compromise the customer’s security.
It is too careless of the company that it already knew the threat that leads to software failure and devastated millions of user information.
National Security Agency Became Victim of Its Own Code
It is known as the major cyber warrior of the US that fights against all the cyber threats that might affect the security system. Alas! It fell short of its own security and became a victim by “The Shadow Brokers.”
The hackers unveiled some of the most secret exploits that were only used by the NSA’s “Tailored Access Operation” group.
Reportedly, the attackers or the leakers are assumed to be one from the inside of the institution. But who knows?
Let’s pack it all in a box, these are most likely some testing glitches in functional testing, regression testing, performance testing, and of course end-to-end testing that has caused these software catastrophes.
These above-mentioned software failures are not to be forgotten because they did not harm the personal info but has also done some terrific bodily damage as well in the UK’s National Hosptial.
Only the stakeholders are not responsible to prevent such drastic software failures and cyber breaches, but employees can also do a lot in the context.
Every sector and organization needs to change its security patterns from top to bottom and make sure that every employee has a security goal. Moreover, it should improve its testing strategies according to the upcoming tech trends. Because giving up is not just a choice!
If the IT trends are improving, then don’t assume that the cyber attackers are not coming up with more drastic invasion plans. It’s time that every business and major enterprise gears up and set some legitimate and trackable security goals for the coming future.
Do or die a cyber-victim!