UK Blames Russia’s Star Blizzard for Years of ‘Sustained’ Cyber Attacks
Cyber attacks and digital criminals aren’t new in today’s tech-focused world. Ever since the advent of the internet and the rise of computer-based technology, we’ve been dealing with an ever-growing number of threats. As the web and the tools, we use in the business landscape continue to evolve however, these attacks are becoming more worrisome.
According to IT Governance, the number of cyber attacks taking place between 2020 and 2021 increased by 11%. What’s more, new forms of threats are emerging all the time, forcing organisations to implement new security strategies.
Today, we’re looking at some of the most notorious cyber attacks in history, and the impact they had on the companies and users involved
In 2021, experts began investigating what appears to be the biggest password leak of all time. A forum user on the web posted a huge text file containing 8.4 billion entries of passwords, combined from previous leaks and data breaches. The compilation was dubbed “RockYou2021” in reference to the previous RockYou data breach which took place in 2009.
The breach led to the development of various new tools on the web designed to help users determine if their passwords had been made vulnerable. According to researchers, the password likely contains the passwords of multiple users on various different accounts, due to its size.
Marriott Hotel Data Breach
The Marriot hotel group revealed in 2018 it had been hit by a massive database breach revealing the personally identifiable information of around 500 million guests. The issue was apparently lurking in the background of the company’s technology for a number of years, and didn’t come to light until 2018. Only two years later, another data breach exposed the data of 5.2 million guests.
The Marriott hotel chain has also been victim to other attacks since. In 2022, the chain confirmed it had been hit by another data issue in which hackers stole around 20GB of data, which included customer payment information and business documents held by the brand.
One of the most recognised cyber criminal events in the world today, the WannaCry Ransomware attack was a global event which took place in 2017. Implemented by the WannaCry Ransomware cryptoworm, this attack targeted various computers running the Microsoft Windows operating system. Users had their data encrypted, and criminals demanded Bitcoin in payment.
The event is estimated to have affected more than 200,000 computers in 150 countries. The total damages of the attack ranged anywhere from hundreds of millions to potentially billions of dollars. A new version of the WannaCry ransomware attack also appeared again in 2018.
Ukraine Power Grid Attack
Another major cyber event which ended up affecting an entire country, the Ukraine Power Grid attack took place in 2015. The event resulted in power outages for around 230,000 customers across the Ukraine for between 1 and 65 hours. The issue was attributed to an advanced persistent threat group known as “Sandworm”, and became the first publicly-acknowledge attack on a power grid.
The attack is considered one of the most significant threats implemented by a cyber criminal to an entire community or country of people. At the same time as this attack, consumers of two other energy distribution companies were also being affected by cyber issues on a smaller scale.
The 2014 Yahoo Attack
In 2014, Yahoo became the victim of one of the biggest data breaches in history. Approximately 500 million accounts were hacked by a state-sponsored actor. The theft was the biggest known cyber breach recorded at the time, and criminals were said to have stolen everything from names and email addresses to telephone numbers, passwords, and date of birth details.
Although the attack officially took place in 2004, Yahoo only discovered the incursion after later reports were filed relating to a secondary breach. All the reports issued turned out to be false, the investigation revealed significant details about the 2014 attack.
Adobe Cyber Attack
In 2013, Adobe, one of the world’s leading software developers, confirmed a cyber attack had compromised around 38 million accounts among active users. Originally, the firm had believed around 2.9 million accounts had been affected. Adobe further announced the hackers had stolen parts of the source code to Photoshop, it’s picture-editing technology.
Following news about the attack, a spokeswoman for Adobe revealed the initial statement made by the brand did not reveal the full scale of the problem. Adobe was fined over $1 million in a multi-state suite over the breach. What’s more, the reputation of the company was significantly damaged.
The PlayStation Network Attack
Sony is one of the better-known companies in the digital landscape, but its no stranger to cyber threats. The 2011 PlayStation Outage, sometimes referred to as the PSN Hack, was the result of an external intrusion into the PlayStation Network, in which persona user details form approximately 77 million accounts were compromised. A huge number of accounts and consoles were also prevented from further accessing the network.
In May 2011, Sony admitted the personally identifiable information from all of the accounts had been exposed. What’s more, the outage caused by the event lasted for a total of 23 days. At the time, it was one of the largest data security breaches, and longest PS outages in history. The event led to around $1781 million in costs for Sony, and caused multiple law suits.
Estonia Cyber Attack
During 2007, Estonia became the host of the first cyber attack launched on an entire company. During this time, around 58 Estonian websites were taken offline, which included the websites of government official groups, media outlets, and banks. The issue was caused by a DDOS attack which overloaded Estonian servers, and used “zombie” computers to amplify the effects.
According to some studies into the major digital event, the attack followed a political argument in retaliation to the relocation of a specific group into the outskirts of the city. The event is said to have resulted in around $1 million in costs.
The NASA Cyber Attack
Another major cyber security event to take place in 1999, the NASA cyber attack involved the breach and subsequent shutdown of NASA’s crucial computers for around 21 days. Around 1.7 million pieces of software were also downloaded during the attack, which cost the space company to spend around $41,000 on repairs. What made this attack so famous wasn’t the expense associated with the crime, but the criminal responsible for the action.
Soon after the attack took place, a fifteen-year-old computer hacker pleaded guilty to the issue, and was sentenced to six months in jail. As part of his sentence, the boy was required to write letters of apology to both the NASA administrators and the secretary of defence.
The Melissa Virus
One of the earliest cyber attacks to highlight the importance of digital security in the tech-driven world was caused by the Melissa Virus. In 1999, a programmer called David Lee Smith hacked an AOL account and used it to publish a file on the internet. The posting promised access to dozens of free passwords to fee-based adult websites. When users downloaded the document, it set a virus free on their computers.
The virus resulted in significant damage to a huge range of users and companies, including Microsoft. While cyber security managed to contain the spread of the virus within a relatively short space of time, it took a while to remove the infections entirely. The collective damage of the attack was estimated to equal around $80 million.
Nomad Data: Unveiling the Value of Data: Insights from a CDO Roundtable
Palo Alto Networks: Using Threat Intelligence Effectively in Incident Investigation
Fivetran: The Biggest Challenges Facing Data Leaders Today - And How to Solve Them
Informatica: Harnessing Data, AI and Cloud for a 360-Degree View of your Business
Zero Networks: Reinventing Identity Security
Fivetran: Modern Data Leader’s Guide to Improved Customer Outcomes
Radware: 360 Application Protection and Why Companies Need It
HID Global: Choosing the Right Visitor Management Solution
Huntress: Doing More With Less in Your Cybersecurity Strategy
Savvy: SaaS Identity Discovery and Visibility