> series: anatomy_of_a_breach —— part: 108 —— year: 2017 —— verdict: the_year_cyber_went_nuclear<span class="cursor-blink">_</span>_
2017 was the year the theoretical became catastrophic. WannaCry brought the NHS to its knees — 80 trusts affected, 13,500 appointments cancelled, patients diverted from A&E. NotPetya caused over $10 billion in global damage — Maersk rebuilt its entire IT infrastructure from scratch; Merck's pharmaceutical production halted; FedEx, Reckitt Benckiser, and Mondelēz all suffered hundreds of millions in losses. Equifax lost 147 million Americans' Social Security numbers through a web framework that had not been patched for two months. And Uber's cover-up of a 57-million-record breach led to the first criminal conviction of a CSO for concealing a breach.
All three of 2017's landmark attacks — WannaCry, NotPetya, and the BadRabbit successor — were powered by leaked NSA exploits. The Shadow Brokers released EternalBlue in April; the CIA's tools were published via Vault 7 in March. The world's most capable intelligence agencies had lost control of their cyber weapons, and the consequences were measured in billions of dollars, thousands of cancelled medical appointments, and the permanent destruction of corporate infrastructure.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| # | Breach | Key Lesson |
|---|---|---|
| 097 | MongoDB Ransomware | 28,000+ databases with no passwords. Misconfiguration is the new vulnerability. |
| 098 | Cloudbleed | Cloudflare leaked memory from millions of sites. Your security provider is your risk surface. |
| 099 | Vault 7 / CIA | CIA's hacking tools published. iPhones, Android, smart TVs — everything hackable. |
| 100 | EternalBlue Released | NSA's SMB exploit goes public. The patch was available. The fuse was lit. |
| 101 | WannaCry | NHS: 80 trusts, 13,500 appointments. The patch was available for 59 days. Preventable. |
| 102 | NotPetya | $10 billion damage. Disguised as ransomware. Designed for destruction. Supply chain weaponised. |
| 103 | UK Parliament | 90 email accounts compromised through weak passwords. MFA was not mandatory. |
| 104 | HBO Hack | Game of Thrones leaked. $6 million demanded. Content is extortion leverage. |
| 105 | Equifax | 147 million SSNs. Apache Struts unpatched for 2 months. $700 million settlement. |
| 106 | Bad Rabbit + KRACK | Ransomware returns. Wi-Fi breaks. Foundational protocols are not invulnerable. |
| 107 | Uber | 57 million records. 13-month cover-up. CSO convicted. Concealment is criminal. |
| 108 | 2017 Year in Review | WannaCry. NotPetya. Equifax. The year cyber went nuclear. Everything predicted came true. |
With 108 articles spanning nine years, this series has documented every major evolution of the cyber threat landscape — from lost CDs to nation-state cyber weapons, from SQL injection to supply chain attacks, from £1,000 ICO fines to $700 million settlements. The threats have scaled exponentially. The root causes have not changed. The controls remain the same. And the organisations that implement them — that test, certify, monitor, and prepare — survive. The rest fill these pages.
<a href="/penetration-testing">Test</a>. <a href="/cyber-essentials">Certify</a>. <a href="https://www.socinabox.co.uk">Monitor</a>. <a href="https://www.cyber-defence.io">Prepare</a>. Because 2017 proved that cyber threats are not theoretical — they are existential.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call