Biggest Cyber Attacks in History
26.09.2022Back to blog list
Biggest Cyber Attacks in History
Some of the most notorious cyberattacks
Epidemics, espionage and destruction: let ua present some of the most significant and biggest cyberattacks happened in recent years.
A large part of all cyberattacks can be classified as relatively banal. In the worst case, a ransom note appears on the user's screen, indicating that the computer has been encrypted and can be unlocked only after ransom is paid. Often, attacks can be barely seen with a naked eye; this is because many malwares behave as inconspicuously as possible to maximize amount of data stolen before being caught. Some cyberattacks, on the other hand, are impossible to go undetected due to their scale or sophistication. In this post, therefore, we would like to share with you some of the most infamous cyberattacks of the last decade.
WannaCry: a global malware epidemic
WannaCry, the largest ransomware attack in history, suddenly made ransomware and computer malware in general a worldwide discussed topic. It was a crypto Trojan that spread rapidly across the Internet and local networks. The four-day WannaCry infection wave paralyzed more than 200,000 computers in 150 countries; among them were critical infrastructures: for example, the malware encrypted all devices in some hospitals, including medical equipment, and many factories had to stop production for the time being. Among recent cyberattacks, WannaCry is considered by far the cyber attack with the most far-reaching consequences.
NotPetya/ExPetr: the costliest cyberattack to date
It maybe logically supposed, that mentioned earlier WannaCry cyberattack was the most expensive one. However, it’s not right. In fact, this ‘title’ goes to the cryptoransomware (technically a wiper) ExPetr, also known as NotPetya. However, the way it worked was the same as for its predecessor WannaCry: with the help of the exploits EternalBlue and EtrernalRomance, the worm made it way through the web, irrevocably encrypting everything in its path. Although the number of infected devices was much smaller, the NotPetya epidemic mainly targeted businesses, partly because one of the original spread vectors was the financial software MeDoc. The cybercriminals managed to gain control of the MeDoc update server. As a result, numerous customers who worked with the software, installed the malware disguised as an update, which was then able to spread throughout the network. Damage from the NotPetya cyberattack is estimated at about $10 billion; on the contrary, consequential damage from the WannaCry cyberattack is estimated to be between $4 billion and $8 billion. NotPetya is considered the costliest global cyberattack ever. Let’s hope this record will never ever be broken.
Stuxnet: A precision bomb
Perhaps the best-known cyberattack was the complex, multi-layered Stuxnet malware, which disabled Iran's uranium enrichment control technology and slowed the country's nuclear program for several years. In addition, the Stuxnet computer worm first sparked discussion about the misuse of cyberweapons in the context of industrial systems. At the time, no other cyberattack could match the Stuxnet in terms of complexity and sophistication. The worm was able to spread imperceptibly via USB flash drives and even find its way onto computers that were not connected to the Internet or a local network. Over time, Stuxnet has infected hundreds of thousands of computers worldwide. However, the worm only made itself felt on computers with programmable controllers and software from the manufacturer Siemens. If the worm got onto such a device, it reprogrammed these controls and physically destroyed them by setting the rotation speed of the centrifuges for uranium enrichment too high. Stuxnet generated plenty of discussion in the sphere of cyber security; even a book about the computer worm was published.
DarkHotel: Spy in the hotel room
It is no secret that public Wi-Fi networks in cafes or airports are not secure. Unfortunately, many users think, that it’s not true for WLAN networks in hotels, as they require some kind of authorization despite being publicly accessible. This misunderstanding has cost numerous top managers and high-ranking officials dearly. Just after connecting to a hotel network, they were prompted to install a seemingly legitimate update for a popular software. However, upon installation, their devices were immediately infected with the DarkHotel spyware that the cyber attackers had injected into the network a few days earlier. The spyware logged keystrokes and allowed the cybercriminals to carry out targeted phishing attacks.
Mirai: The collapse of the Internet
Although botnets have been around for half an eternity, the development of the IoT added a new impetus. Devices, which security had never been considered before and for which there were no AV programs were suddenly and massively infected. This mass infection, based on a malware called Mirai (Japanese for "future"), took on incredible proportions while the malware silently waited for further instructions from its developers. Then, on October 21, 2016, the owners of the massive botnet decided to test its capabilities by causing millions of digital video recorders, routers, IP cameras, and other "smart" devices to flood the DNS service provider Dyn with requests. Dyn was unable to withstand the massive DDoS attack, and the DNS and services relying on it became unavailable: PayPal, Twitter, Netflix, Spotify, PlayStation online services and many more in the US were affected by the attack. Although Dyn recovered, the scale of the Mirai attack got the world thinking about the security of "smart" gadgets.
Schneider Electric – industrial giant under massive attack
In a 2017 cyber attack, Schneider Electric's security technology, used in numerous power plants and factories was attacked. IT security firm FireEye found a cyberattack that targeted Schneider Electric's Triconex industrial security technology. Suspicions from other IT security firms suggest it was a company in Saudi Arabia. Triconex is widely used in factories as well as power plants and oil and gas refineries around the world.
Comodo – a case which shows, that any organization may be vulnerable to attack
Comodo is the U.S. based cybersecurity company, former SSL certificate issuer and currently is involved in development of protective softwar. In 2019 an intruder gained access to internal Comodo documents. The hacker was able to log into the security company's cloud service using an unintentionally published email address and password, despite two-step authentication. It was reported, that the credentials were found in a public GitHub repository. The attacker was able to access internal sales documents, employee resumes, contact information including phone numbers and email addresses, photos, customer data, and much more. The user disseminated screenshots of calendar entries with customers.