- The Yahoo Breach compromised the information of over 1 billion users.
- The Stuxnet worm was designed to target Iran's nuclear program.
- The WannaCry Ransomware affected upto 200,000 devices across 150 countries and affected big organizations like the NHS.
According to a study by researchers from the Clark School's Center for Risk and Reliability and Institute for Systems Research at the University of Maryland, hackers are trying to attack computers with Internet connection every 39 seconds. A separate study by research firm CyberEdge meanwhile found that among those organizations they surveyed 81% were affected by a cyberattack last year. These figures are expected to go higher as cybercriminals become smarter and stealthier.
Damages as a result of cyberattacks are expected to cost the world up to $6 million annually by 2021. In the past, cybercriminals have managed to infiltrate the database of many major companies compromising the passwords and information of millions of users. The information that they manage to steal from companies is sometimes sold on the dark web, where other criminals use them to perform frauds and other illegal activities. Among the hundreds if not thousands of cyber attacks in history, some have managed to cause damages that cost companies billions of dollars. Here are ten of the biggest cybercrimes that made news in the past years.
Yahoo Data Breach
In 2016 Internet company Yahoo announced that they have become the victim of the biggest data breach in history. The first attack happened in 2013 which compromised the data of approximately 500 million users, the second attack came four months later in 2014 which compromised the accounts of 1 billion users. Among the information stolen were names of users, email addresses, telephone numbers, birthdates, encrypted passwords, and answers to security questions.
Home Depot Credit Card Data Breach
In September 2014, the shopping store giant, Home Depot admitted that its payment data system had been hacked. The breach compromised 56 million credit card and debit card information of customers who used payment cards to shop in their US and Canada stores. In an official statement, the company’s CEO announced: “We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue." The attack started in April that year and customers were offered free identity protection services, including credit monitoring by the company to make up for it.
In 2016 a massive cyberattack brought down much of America and Europe’s Internet. The DDoS (distributed denial of service) attack was targeted at DNS (domain name system) company Dyn. It affected the company’s servers and database which controlled much of the Internet’s domain name system. The company suffered sustained attacks throughout that day which brought down sites like Twitter, Netflix, Reddit, and CNN among many others. In 2018 a stronger DDoS attack, the biggest one to date, targeted development platform GitHub although the company managed to get help from DDoS mitigation service, Akamai Prolexic. The latter managed to stop the attack after a few minutes.
Friend Finder Network Breach
In 2016, hackers managed to get access to 20 years worth of user data from the friend finder network. The attack compromised 412.2 million accounts leaking users’ names, email addresses, and passwords. It was one of the biggest data breaches in history affecting six databases under the California-based company Friend Finder Network Inc. A source said that the attack was able to crack 99 percent of all passwords in the network which also includes other information like browser information and IP addresses.
In 2010, a nasty computer worm was discovered, but unlike any of its predecessors, this one was believed to be part of an ultra-sophisticated digital warfare designed to cause physical harm. It was originally aimed at Iran’s nuclear facilities. Stuxnet was a 500-kilobyte computer worm that damaged the software of 14 different industrial sites in Iran. Throughout its spread, it has managed to mutate and target water treatment plants, water plants, and gas lines. It infiltrated a system through a USB which was widely used back then, it then wormed its way around the network to infect Microsoft Windows computers eventually destroying control systems that were supposed to operate equipment like centrifuges without the knowledge of the operators.
In May 2017, a ransomware worm called WannaCry quickly spread across computer networks worldwide. It infected 200,000 devices across 150 countries in just a few days. Ransomware works by getting into a person’s computer, encrypting all the computer files, and then sending a digital ransom letter demanding hundreds if not thousands worth of Bitcoin payment in exchange for the files. WannaCry attackers told victims if they didn’t pay $300 in bitcoin all their files will be deleted. Thus the name ransomware.
It spread so widely it even affected big organizations and companies like Nissan, Spanish telecom company Telefonica, and worst even the NHS. The attack severely affected hospital services in the UK that ambulances were rerouted and appointments were delayed.
Marriott International Data Breach
In late 2018, the famous hotel chain announced that they have been victimized by a cyber attack. One of their reservation systems was compromised which exposed the account information of around 500 million customers. Many of the information included sensitive information like credit card numbers and passport information.
Their team found a Remote Access Trojan (RAT) and a MimiKatz (used to crack username password combinations) which gave attackers access to administrators' accounts. They believe these might have been downloaded from phishing emails.
Sony Pictures Hack
In 2014 a hacker group called “Guardians of Peace” got access to Sony Pictures’ computers then leaked 40 gigabytes of confidential and sensitive company data. After stealing their files, the hackers erased these from the victims’ computers and threatened to release them if Sony won't give in to their demands.
The attack continued for several weeks, employees did not have access to their computers and were forced to use whiteboards in the office. The hackers then released the information online several batches at a time. A few of the emails which included private correspondence and Sony executives’ salaries were even sent to journalists.
In April 2015 staff of the United States Office of Personnel Management (OPM) reported that some of their files have been hacked. Records of up to 21.5 million federal employees and civil servants were exposed during what many consider as one of the biggest breaches affecting a government database. Information that was compromised included people’s social security number, birthday, birthplace, health and financial information, even fingerprints of others who were subjected to background checks.
Google China Hack
In early 2010, Google announced in a blog post that it along with other companies had been a victim of an attack by hackers which they believe were trying to access the email accounts of human rights activists. The company also discovered that dozens of other accounts linked to human rights activists not just in China but also in the US and Europe were accessed by third parties through phishing scams and malware that was downloaded onto the users’ computers. During the attack, some intellectual properties were stolen although Google didn’t want to go into detail, the attackers also targeted source codes.