In December 2013, hackers gained access to Target’s network and caused a massive data breach involving the personal information of 70 million customers, and credit card information of 40 million customers.
  

  Attackers took advantage of a vulnerable security system run by a third-party vendor (Fazio Mechanical Services). The vendor used free anti-malware software (as their primary security measure) without real-time protection against attacks that compromise computers and enable data theft. The hackers were thus able to access Target’s network.
  

  Attackers used their access to initiate a domain admin account and used it to install undetected malware on cash registers remotely.
  

  Approximately 40 million debit and credit cards were stolen, and Target suffered financial damage of more than 150 million dollars.
  

  Investigations revealed that some important security measures were neglected.
Primarily, organizations should not rely on free anti-malware services.
In addition, Target should have strengthened its access control management policies. Steps that should have been taken include using multi-factor authentication and monitoring the Active Directory environment for security issues.

  In June 2017, hackers compromised the update system of MeDoc, a Ukrainian produced software. The software manages the tax payments of many companies, and hackers used it to spread a malicious update that infects computers with Petya-based ransomware when the update is installed.
  

  Attackers took advantage of an SMB vulnerability that is exploited by EternalBlue. It worked in Windows versions prior to Windows 10.
  

  After the malicious update infected the machine, the malware used the EternalBlue exploit to spread over local networks and infect multiple computers.
  

  The damage was estimated at more than 10 billion dollars. The ransomware did not have a decryption engine, so nobody could decrypt their files and they were unable to restore the data.
  

  Defensive measures against such an attack include the MS17-010 patch that was, in fact, available several months before the attack.
After reverse engineering the code, it was discovered that during execution, the malware created two files ‘perfc.c’ and ‘perfc.bat’ in the Windows directory, and ran them at a later time.
Creating the two files manually with read-only permission is sufficient to prevent the malware from executing.

  In October 2013, hackers gained access to Adobe’s IT infrastructure, and stole the source code of some company products, and the personal information of approximately 38 million customers, including nearly 3 million credit card numbers.
  

  The assumption is that the attackers took advantage of a security breach and stole passwords that were poorly encrypted.
  

  It remains unclear exactly how the attack compromised Adobe’s internal system to steal information.
  

  The attack compromised the data of approximeatly 38 million customer. Credit card numbers, order information, customer names, other personal data, and large amounts of source code were stolen.
  

  Since the attack, Adobe took several steps to strengthen their security mechanisms, but for security reasons did not publish information regarding those steps. So far, similar breaches in their networks, if any occurred, were not made public.