The Top 10 Most-Infamous Cyber Attacks
There have been some absolutely astounding cyber security threats in recent years. Wide-ranging, costly, and damaging the activity of large Australian businesses for days.
And while cyber security threats are becoming more insidious, and more targeted, they don’t always make the news.
So let’s look at 10 of the most infamous cyber attacks in history, and the flow-on effects these have had to cyber security for Adelaide businesses.
1. The Cambridge Analytica data scandal
Call it what you will, but the Facebook Cambridge Analytica data scandal was a sophisticated social engineering hack that was effectively hidden in plain sight.
Facebook engaged consulting firm Cambridge Analytica to create an app, This Is Your Digital Life, for research purposes. It was supposed to collect personal information from those that opted in—but ended up collecting the information from their unsuspecting friends, too.
While only 270,000 people downloaded the app, data was collected on 87 million users. This included things like names, relationship status, religion, birthdate, employers, search activity, and check-ins. The data was then used by both Senator Ted Cruz and President Trump to gain information on the political preferences of Americans during their political campaigns.
While many may not see this as a cyber attack, it was definitely one of the biggest cyber security threats in recent year, the fallout of which has changed how we view social media and its use.
2. Ashley Madison
Ashley Madison, the infamous online dating site for those already married or in relationships, was famously hacked in 2015. An online group known as The Impact Team notified the site that it had stolen the personal information of 32 million of their members, and threatened to post it online unless the site closed down.
Ashley Madison ignored them, and much to the shock of those using the site, the hacking group followed through and posted their sensitive data online, exposing those users to public scrutiny.
This breach cost the company almost $30 million in fines and damages—and untold heartache in homes all over the US.
3. Sony’s double-header
Entertainment giant Sony found itself under attack twice in the early 2010s.
In 2011 hackers stole the personal data of 77 million PlayStation users, including credit card and financial information. A distributed denial of service (DDoS) attack shut the PlayStation network down for 23 days, costing the company $15 million in compensation to its users.
They bore the brunt of further cyber security threats in 2014, falling victim to a malware attack. The hackers gained access to employee emails, confidential film scripts, employee salary information, and copies of unreleased films. They then used wiping malware to attack Sony’s computing infrastructure.
It was determined that the attack came from a North Korea-sponsored group, in response to their views against the Seth Rogen and James Franco film, The Interview.
Globally-used and loved creative platform Adobe fell victim to a cyber security threat in 2013, when they announced a backup server had been hacked. The hackers stole the personal data of 153 million of its users, including usernames and passwords. This information was then dumped online.
Celebgate wasn’t a large-scale attack, but it was certainly well publicised. In 2014, a group of hackers used spearphishing tactics, creating emails that mimicked official Google and Apple emails, to gain the usernames and passwords to celebrity cloud accounts. Their goal was to steal private images of female celebrities.
Hundreds of big-name actors were impacted by this, and had their personal and private images dumped onto imageboards across the internet.
The cyber security threat implications of this attack are still being felt, and similar instances continue to occur. It goes to show that cyber crime isn’t always about dollars; often it’s purely out of spite, to cause chaos.
The 2017 Wannacry ransomware attack was a cyber security threat that impacted around 230,000 computers in more than 150 countries. The hackers target computers running Microsoft Windows, demanding payments in BitCoin.
What was particularly insidious about this attack was that it included a mechanism that enabled it to copy and then spread by itself. Users that hadn’t installed the most recent April 2017 Windows security patch fell victim to the attack. And it was a vicious one, with victims hearing reports that no infected businesses who paid the ransom ever actually received their data back.
At the end of the campaign, a total of 327 payments had been made, totalling US$130,634.77
Notably, the UK’s National Health Service, Indian State Government organisations, Nissan, Boeing, and FedEx were all hit by the Wannacry attack.
December 2020 saw the US Government fall victim to a mammoth cyber attack. Unknown actors inserted malicious code into SolarWinds’ Orion network management software used by Fortune 500 companies all over the world, including firms like Microsoft. At least 6 US government departments were impacted. This included, concerningly, the National Nuclear Security Administration, and the Department of Homeland Security.
This code went undiscovered, and SolarWinds even sent a security update to its users that included this malicious code.
It’s unclear to what extent these users have been breached, or even what data has been stolen, making this one of those significant cyber security attacks ever.
As the world shifted to working remotely, businesses and individuals were quick to roll out the Zoom platform. But as its user base grew, so too did interest from cyber criminals.
One well-publicised cyber security threat saw the user account credentials, passwords, and meeting URLs stolen, and put up for sale on the dark web.
Zoom reacted by implementing crucially-missing security measures, including meeting IDs and passwords.
Yahoo! just can’t seem to catch a break. The search has fallen victim to cyber security threats on at least three separate occasions.
In 2014 they had 500 million user accounts breached, where senstive personal information like phone numbers, passwords, and birth dates were stolen. In 2018 it reported a breach of 32 million user accounts.
But neither of these compare to their 2013 breach, where it revealed that 3 billion user accounts had been stolen.
10. Target’s bad luck with credit card details
Target’s attacks are notable as the first time a retailer of this size was the victim of an attack on this scale.
In 2013 in the US, during the Black Friday, the details of 40 million Target customer credit card accounts were compromised. This happened again in 2014, with another 70 million credit card account details being compromised.
So, what have we learned?
While it seems that some of these businesses haven’t put their learnings into action, that doesn’t mean you can’t.
GPK Group provides smart cyber security for Adelaide businesses, so you get peace of mind that you’re protected against cyber security threats.
Reach out to us today for a free, no-obligation discussion on how we can help your business remain safe and secure against the latest cyber security threats—and so you don’t see your name in this list.