Cyber Attacks That Shook-up the World | TechTree.com

Cyber Attacks That Shook-up the World

The more we talk about cyber security, the smarter the cyber hackers are getting and in the race over one-upmanship, there are a few notable instances where the criminals got away

 

Cybercrime is as cyber space and so long as there is something valuable available, there would be a tendency to acquire it by any possible means. Ever since data became the new oil, data breaches have been akin to the Gulf War as everyone seeks to corner the largest share of the pie.

Over the past decade, there have been any number of data breaches where everything from medical data to account credentials, corporate emails, sensitive intelligence to user profiles have been acquired through illegal means by unethical hackers. Cyber experts and governments have joined hands to warn industry and individuals about their data but criminals have been ahead by a step.

So, enterprises usually jump into overdrive after data breaches by bringing in third-party investigators to probe the causes and then get external experts to help plug the leak and build security walls. All till such time as that wall gets breached and once again generates a similar activity cycle. Which is why the CISO is suddenly making news!

As per IBM’s latest Cost of a Data Breach study, the average data breach now costs a whopping $3.92 million that includes monies spent on notification, investigation, damage assessment and control, repairs, regulatory fines, lawsuits and a whole lot of other stuff. And, these costs have gone up by one-tenth over the past five years – all in spite of the fact that enterprises talk cybersecurity non-stop! Techtree.com takes a look at some of the top cybercrimes of the decade:

 

  1. Among the earliest of malware that caused physical damage was created by the US government in conjunction with Israel. Called Stuxnet, the worm was used in 2010 to destroy Iranian nuclear enrichment facilities. The worm targeted Microsoft Windows and then seek and destroy industrial control software that ties to centrifuges. While national security was the obvious reason given for this attack, there’s no way one can control similar crimes over other industries.
  1. Another software that was used to clean Windows was the Shamoon that seeks and destroys master boot records of computers it infects and has the venom to spread across a network, a feature that was used to telling effect in August 2012 on Saudi Aramco. The attack messed up with more than 30,000 computers at Aramco before destroying hardware at Qatar’s RasGas. Reports then suggested that Iran-backed hackers were inspired by Stuxnet’s success to create Shamoon.
  1. The Sony Pictures strike was among the earliest to create a showtime effect. In the winter of 2014, systems at the US headquarters of the company opened to show a red skeleton to suggest they had been hacked and the criminals called themselves “Guardians of Peace” claiming they acquired more than 100 TB of data. Lots of movies, emails, remuneration details, medical data etc. were randomly dumped by the hackers before releasing malware that forced Sony to rebuild its digital infrastructure from scratch. Investigators claimed that North Korea was behind the attack.
  1. These attacks coincided with efforts allegedly orchestrated by China during the same time to hack into the US government’s Office of Personnel Management. Investigations revealed that hackers invaded the network to first steal technical blueprints before making a virulent attack to gain control over the administrative server to steal millions of records of Federal staffers. However, none of the data showed up anywhere leaving experts in no doubt that the operation was part of China’s market intelligence efforts.
  1. There were reports of how Russia had taken down Ukraine’s power grid to cause a few blackouts in the region while engaged in a real war.  The crime was tracked to Russia’s Sandworm group who managed to place malware to steal credentials and then turn off circuit breakers. The guile and the expertise used in this attack stunned the world and opened their eyes on how cyberwar could be the real battle of the future between countries seeking economic superiority.
  1. The WannaCry ransomware was used by North Korean hackers to hit public utilities and large enterprises across Europe, especially in the UK where it crippled the hospitals. Experts had argued that it was some sort of an experiment gone wrong as the hackers working on it lost control of things which eventually helped experts track and kill it. However, what caused consternation was the fact that the virus used Eternal Blue, a cyber-attack exploit developed US security agencies and questioned if the Americans actually had the ability to protect their own spyware.

 

2016 US Presidential Hack

Russian hackers didn't just spend the last decade terrorizing Ukraine. They also launched a series of destabilizing data leaks and disinformation campaigns against the United States during the 2016 presidential election campaign season. Two groups of Russian hackers known as APT 28 or Fancy Bear and APT 29 or Cozy Bear ran massive social media disinformation campaigns, used email phishing attacks to breach the Democratic National Committee and publicly leak the organization's embarrassing correspondence, and infiltrated the email account of Hillary Clinton campaign head John Podesta. Russian operatives leaked the stolen data through the anonymous platform WikiLeaks, stoking controversy just as US voters were forming their opinions about who they might vote for on election day. Russian hackers would later meddle in the French presidential election in 2017 as well.

Russia is far from the only country to attempt to promote its interests through election intereference. But the country was perhaps the most brazen ever and chose a high profile target by focusing on the US in 2016.

NotPetya

On June 27, 2017 a wave of what appeared to be ransomware rippled around the world. But NotPetya, as it would come to be called, was not a ransomware attack—it was destructive malware built to lock down computers, devastate networks, and create chaos. NotPetya was developed by the Russian hacking group Sandworm, seemingly to target Ukraine. The damage in Ukraine was extensive, but the malware turned out to be too virulent and spread around the world, hitting multinational companies, including in Russia. In all, the US government estimates that NotPetya resulted in at least $10 billion in damages, disrupting pharmaceutical companies, shipping, power companies, airports, public transit, and even medical services in Ukraine and around the world. It was the most costly cyberattack ever to date.

NotPetya was a so-called supply chain attack. Hackers seeded the malware out into the world by compromising the system updates of the ubiquitous Ukrainian accounting software MeDoc. When regular MeDoc users ran a software update they inadvertently downloaded NotPetya as well. In addition to highlighting the critical danger of collateral damage in cyberwar, NotPetya also underscored the very real threat of supply chain attacks, especially in software.

Equifax

Though it came relatively late in the decade, the massive 2017 breach of the credit monitoring firm Equifax is the mother of all corporate data breaches, both for its scale and severity, and because Equifax handled the situation so poorly. The incident exposed personal information for 147.9 million people—the data included birth dates, addresses, some driver's license numbers, about 209,000 credit card numbers, and Social Security numbers—which means that almost half the US population potentially had their crucial secret identifier exposed.

Equifax disclosed the breach at the beginning of September 2017, and in doing so touched off another series of unfortunate events. The informational site the company set up for victims was itself vulnerable to attack, and it asked for the last six digits of people's Social Security numbers to check if their data had been impacted by the breach. This meant that Equifax was asking Americans to trust them with their data all over again. Equifax also made the breach-response page a stand-alone site, rather than part of its main corporate domain—a decision that invited imposter sites and aggressive phishing attempts. The official Equifax Twitter account even mistakenly tweeted one particular phishing link four times. Four times! Luckily, the link was a proof-of-concept research page, not an actual malicious site. There have since been numerous indications that Equifax had a dangerously lax security culture and lack of response procedures in place.

Though it was notably severe, the Equifax breach is just one in a long line of problematic corporate data breaches that plagued the last 10 years. The Target breach at the end of 2013 that compromised the data of 40 million customers now feels like a turning point in general awareness of data at risk. Soon after, Neiman Marcus and Michaels both announced major breaches of customer data in 2014. In September of that same year, Home Depot was also breached, exposing information from roughly 56 million customers' credit and debit cards.

And then in July 2015 hackers breached Ashley Madison, a site that exists specifically to facilitate affairs and extramarital dating. Within a month, hackers had posted almost 10 gigabytes of data that they stole from the site, which contained payment card and account details for roughly 32 million Ashley Madison users. That information included details about sexual preferences and orientation. For users who entered their real name—or a recognizable pseudonym—on the site, though, the dump simply revealed the fact that they had an Ashley Madison account in addition to tying personal information to them. Though the breach generated a lot of punch lines during the summer of 2015, it also had major consequences for the site's users.

Aadhaar

The government identification database Aadhaar stores personal information, biometrics, and a 12-digit identification number for more than 1.1 billion Indian citizens. Aadhaar is used in everything from opening a bank account to signing up for utilities or a cell phone. And tech companies can link to Aadhaar to track customers. All of these interconnections, though, have led to numerous major exposures of Aadhaar data when third parties, or the Indian government itself, store the information improperly. As a result, researchers estimate that all 1.1 billion Aadhaar numbers and much of the associated data was breached throughout 2018 alone. There is reportedly a thriving black market for the data.

Very few institutions even have a billion people's data to lose. Then again, there's Yahoo, which suffered two separate data breaches. One, which occurred in late 2014 and was disclosed in September 2016, exposed 500 million Yahoo accounts. Another, which occurred in August 2013 and was originally disclosed in December 2016, turned out in October 2017 to have exposed all Yahoo accounts that existed in 2013, totaling three billion.

Data breaches like OPM and Equifax are complicated, because they are seemingly the result of nation state espionage and the data never leaks publicly or even in criminal forums. This means that it's difficult to assess the day to day risk for average people posed by these breaches. But with exposures like Aadhaar, Yahoo, Target, and many others where data is publicly leaked and starts circulating on the dark web, there's a very clear connection to widespread fraud, digital account compromises, and scams that follow in their wake.

What happened: By 2018, breaches of massive amounts of consumer data had become so commonplace that Marriott was not even particularly memorable. Its numbers were eye-popping — an original estimate of up to 500 million people affected, but no Social Security numbers. The theft of 5 million passport numbers stirred consumers a bit more than the average. But the incident sparked only a few weeks of commentary before mostly fading away.

So why is it on this list? Because under the surface, the Marriott breach was highly disruptive to one cyberthreat area that had mostly gone ignored throughout the decade: merger due diligence. The breach originated with a database managed by Starwood Resorts, which was purchased by Marriott in 2016 for $13.3 billion. The data leak may have been ongoing for several years, the company has said.

Why it was disruptive: Just as Target sparked a whole generation of robust third-party oversight programs in the corporate world in the early half of the decade, the Marriott breach is already causing companies to improve how they conduct investigations of companies they plan to purchase.

Shareholder lawsuits calling into question Marriott’s merger due-diligence practices make some of the most compelling data-breach suits in years.

In many ways, Marriott is a sleeper breach — one that we might not think about much but will cause ripple effects in some major areas of business well into the next decade.

 


TAGS: Cyberattacks, Equifax, NotPetya, aadhaar

 
News Corner
IMP IMP IMP
##