In a world that is hurtling towards total digital transformation, data become a prime resource that’s treasured and safeguarded. Business organisations and governments across the world all have valuable troves of data and supporting infrastructure that needs to be secured.
But having digital assets completely secured is easier said than done. This is evidenced by the numerous attacks that have been unleashed upon digital infrastructures. In no particular order, here are a few which shook the world when it happened.
Top 8 Cyberhacks of All Time
This attack which transpired in 2013-14 has the dubious distinction of having the highest number of accounts being compromised. It took Yahoo until 2016 to announce that over 500 millions of their user accounts had been infiltrated, with personal details such as real names, emails, phone numbers which were leaked.
In addition to this, they disclosed another breach a few months down the line, which racked up the numbers to an additional 1 billion user accounts, which got revised to 3 billion accounts in 2017. At that time, that was their entire user base.
The company was in the midst of an acquisition and these attacks put a serious dent in their valuation price and was an unrecoverable blow to the company’s already fading public image, and future prospects.
With over 148 million of their customers affected, this one might seem like it pales in comparison to the above-mentioned attack. But it’s the sensitivity of the data that was leaked that made this such a headline-grabbing event at the time.
The breach was only discovered a few months after it had happened in 2017. Attackers manage to get away with Social Security Numbers, birth dates, personal addresses and more. A section of users even had the misfortune of their credit card numbers being out in the open.
Equifax has been routinely criticised for delaying the reporting of the leak much later than it had been discovered, and for the weak security measures, such as inadequate systems segmentation that made it easy for hackers to gain access.
3. Mariott International
Another attack which generated a lot of unwelcome attention for a company, with a massive number of accounts being exposed. It took Marriott International until the end of 2018 to announce that over 500 million of their customer accounts had been compromised. The attacks dated back to 2014, originating from Starwood Hotels that they had acquired.
The attackers were able to make away with sensitive data such as credit card numbers (with expiration dates) of over 100 million of those customers, and while extracting phones numbers, passport details and other personal information from the remaining accounts. There have been reports that the attack was orchestrated by a Chinese Intelligence group looking to learn more about American citizens. Attacks like these showcase the importance of who you grant access to your data to, and how a compromised third-party can still affect your data security.
4. Sina Weibo
This one is particularly notable both due to the size of the attack and for the recency. Reported only in March 2020, over 538 million accounts of China’s Twitter clone had been leaked out. The real names of users, their locations, and phone numbers for some were reportedly available for sale on the deep web.
Weibo tried to downplay their culpability by stating that the data was extracted by trying to match contacts against their address book API, but the claim was not convincing as location data is not available on their API. The company has reported the breach to the government, and investigations are underway. The recency of these attacks show that data will continue to be under attack in the near and far future, and the sophistication of the measures being taken to safeguard it should only increase with the times.
That’s a brief overview of the worst data breaches in history. Now let’s take a look at infrastructure attacks:
The WannaCry attacks which transpired in 2017 made the world sit up and take notice of ransomware. It rapidly spread across 100+ countries in just a few hours, with government institutions, corporates, individual users being equally affected. The ransomware software locked people out of their computers and demanded cryptocurrency payments to have them released. The disabled computers led to escalating costs that ran up to millions of dollars all over the world. Investigations revealed that North Korean actors might have been behind the attack.
6. The Morris Worm
One of the progenitors of the worm (and viruses in general) category, the Morris Worm snaked out way back in 1988 by its namesake student at Cornell University. The road to hell is always paved with good intentions, and Mr Morris claimed that he intended no harm, and was merely trying to understand the size of the internet. The unintended consequence of that action came into fruition when his piece of programming ran into an error and started to rapidly replicate, rendering useless many computers connected to the network. This type of attack set the blueprint for all the DDoS (Distributed Denial of Service) attacks that we see in the present day.
7. The Melissa Virus
This little mishap which ended up spreading damages worth $80 million showed the world that viruses didn’t have to be very sophisticated but still had the potential to wreak havoc in large scales.
Microsoft Word was the reigning leader of word-processing software, and this virus transmitted itself through email attachments. The attachments when opened would lead to adult websites and further mail itself to more people on the recipients’ address book. All the damages caused were a result of the disrupted personal computers and networks. This was the virus that has largely been attributed to the rise of anti-virus software, having made clear that threats and risks associated with computer and internet use.
An attack that was launched by a 15-year old high school student way back in 2000. How bad can it be, right? A Canadian high school student let loose a massive DDoS attack on the biggest websites of that time – Yahoo, Amazon, CNN, eBay and more, racking up damages worth $1.2 Billion, which was (and still is) a huge amount for that time. This attacked showed how vulnerable online business are to attacks, and how easy it is for even teenagers to bring major corporations to their knees.
While these attacks have happened in the past, we can expect more such instances in the future as the value of data and the complexity of digital infrastructure goes up. Each organisation and institution would need an army of cyber security experts to keep these attacks at bay and mount their defences. Professionals can upskill themselves in this in-demand field with this industry-relevant program.0