Let's go back in time. It's Friday, and employees all around the world are logging in and checking their emails for the last day of the week. May 5, 2000—the ILOVEYOU virus infected over 10 million Windows personal computers.
Fast forward to April 20, 2011. Sony deactivated the entire PlayStation Network because 77 million user accounts had been compromised. The outage lasted for 23 days and cost Sony an estimated loss of $171 million.
Now we're back in the present. A few weeks ago, the hospitality giants MGM Resorts International and Caesars Entertainment were hacked. It took 10 days before MGM announced that all of its hotels and casinos were operating normally. On the other hand, The Wall Street Journal reported that Caesar paid around $15 million to keep their data from being leaked.
Cyberattacks have changed dramatically over the past 20 years. They have become more sophisticated, stealthier, and far-reaching than ever before. In this blog, we’ll talk about the biggest cyber attacks in the last 20 years and how they impacted our daily lives, businesses, and entire nations. Looking back at past breaches will give us a better understanding of the current landscape of cyber attacks. Not only that, but history is a great teacher, and learning all about these pivotal moments in cybersecurity history is the first step in guarding ourselves against data breaches. So ask yourself this: what does this evolution mean for us, and why should we care?
The 17-year-old Michael Calce, aka “Mafiaboy”, launched a series of highly publicized DDoS attacks on some of the internet’s well-known websites, such as Yahoo!, Amazon, CNN, and eBay. The hack, which he called Rivolta or riot in Italian, shut down the sites for hours, leading to an estimated $1.7 billion in damages. He was eventually caught and arrested, charged with 58 counts of computer-related crimes, and was sentenced to 8 months in a youth detention facility.
First noticed on August 13, 2003 by the Microsoft Product Support Services (PSS), Blaster Worm, aka Lovsan, Lovesan, or MSBlas, targeted computers running on Windows XP, Windows NT 4.0, and Windows 2000. Blaster had a rapid propagation mechanism, which allowed it to spread quickly across the internet by exploiting a security vulnerability in the Microsoft Remote Procedure Call (RPC). It scanned random IP addresses, looking for vulnerable computers and attempting to infect them. Once a system was compromised, the worm would initiate the infection process on the entire system.
100 million debit and credit card numbers were compromised when Heartland Payment Systems were breached in 2008. The attackers exploited SQL vulnerabilities in the network to install malware that allowed them to steal card information. The attack went undetected for months, costing companies, banks, and insurance companies almost $200 million for the damages.
Chinese human rights activists’ Gmail accounts were hacked in January 2010. According to an investigation conducted by Google, the culprits had used a sophisticated phishing attack, as well as exploiting a security vulnerability in Internet Explorer, to manipulate users into revealing their passwords. It was also reported that around 20 other large companies’ source code had been targeted.
Google's announcement of the attack was met with international condemnation. The United States government called for an investigation into the attack, and Google itself threatened to withdraw from China if the Chinese government would not take action to stop the attacks.
The 2000s saw a significant increase in the number and sophistication of cyber attacks. Several factors played a part in this, such as the widespread adoption of the internet, the growth of e-commerce, and the development of new hacking tools and techniques. The cyber attacks that occurred in the 2000s were a wake-up call for everybody. They showed that no organization of all sizes is immune to cyber-attacks, and everyone is responsible for protecting themselves from these threats.
Stuxnet was believed to be developed by the United States and Israel in 2010 to sabotage Iran’s nuclear program. It’s a malicious computer worm that destroys multiple electro-mechanical equipment in Iran’s Natanz uranium enrichment facilities. Eventually, the worm that was designed to target only Iran’s nuclear program unexpectedly spread to outside computer systems. Stuxnet is also the first known malware that was designed specifically to attack and damage critical infrastructure.
77 million account holders’ personal information was stolen when the Sony PlayStation Network was hacked in mid-April 2011. The breach was by a group of hackers who bombarded Sony’s servers with distributed denial of service (DDOS) attacks. The company had to take down the Sony PlayStation Network for 23 days to fully secure its network, costing Sony an estimated $171 million loss.
Yahoo’s 2013 and 2014 breaches were two of the largest data breaches in history. It affected all 3 billion Yahoo user accounts, but that’s not the worst part. Both of these breaches were not disclosed by Yahoo until 2016. The 2014 hack was carried out by a Russian hacker group by sending a spear-phishing email to a Yahoo employee. It only took one click from a single employee for the hackers to gain access to Yahoo’s network, which allowed them to access user names, email addresses, security questions and answers, telephone numbers, and more.
Ten years ago, Edward Snowden went to Hong Kong to reveal a series of leaks of classified information to three journalists. He was a former CIA employee and NSA contractor. The classified information includes a number of secret surveillance program that the US government were conducting after the 9/11 incident, such as The PRISM program (which collected data from internet companies such as Google, Microsoft, and Facebook), The XKeyscore program (which allowed the NSA to search through the communications of anyone in the world), and The Tempora program (which collected the phone records of all UK citizens). Because of the Snowden revelations, the US Congress passed the USA Freedom Act, which reformed the NSA’s surveillance programs. The USA Freedom Act requires the NSA to get a warrant from a judge before it can collect the phone records of US citizens.
CryptoLocker was identified as a Trojan virus that spread through phishing emails that contained malicious attachments. The ransomware attacks started in September 2013. In its first 4 months of circulation, the attack had infected more than 250,000 computers that run the Windows operating system. CryptoLocker was one of the very first ransomware attacks that encrypt the files of an infected computer, making them unusable if no payment is made.
It was in December 2013 when one of the biggest data breaches in history happened. Target was hacked, and the cybercriminals were able to steal over 40 million credit and debit card numbers and 70 million customer records. The malware attack started with a third-party vendor who could remotely access Target’s network. The company took its point-of-sale systems offline on December 19 and 20 and offered free credit monitoring and identity theft protection services to those affected by the breach. Four years later, in 2017, Target reached an $18.5 million multistate settlement, as well as adopted a comprehensive data security program, and hired a third-party that will be responsible for encrypting and protecting card information.
Over 30 million Ashley Madison user accounts were compromised when the social networking site was attacked in July of 2015. Sensitive information was leaked, including a huge database of user information like users’ first and last names, street addresses, date of birth, and email addresses. The culprit, The Impact Team, claimed that the reason behind the attack was because they believed that the website was morally wrong and that it exploited weak-minded people.
The WannaCry ransomware infected over 230,000 computers in over 150 countries in May of 2017. Victims include the UK’s National Health Services, FedEx, Nissan, and Honda. WannaCry exploited a security vulnerability in the Microsoft Windows operating system called EternalBlue. It's a zero-day exploit that Microsoft wasn’t aware of and had not released a patch for it. The malware spreads through phishing emails, and once a computer is infected, it encrypts the files within and locks the system until payment is made. The ransom started at $300 and increased over time.
Considered the most destructive malware ever deployed, NotPetya did a whopping $10 billion in damage globally. NotPetya was spread through a supply chain attack. The attackers compromised the software update servers of a Ukrainian accounting software company called M.E.Doc. When customers of M.E.Doc downloaded and installed the latest software update, they were also infected with NotPetya. The malware was originally believed to be a traditional ransomware, but eventually, it was discovered to be a wiper. A wiper is a type of malware that is designed to destroy data, not encrypt it. NotPetya spread to over 60 countries and infected computers at some of the world's largest companies, including Maersk, FedEx, and Mondelez. It also disrupted operations at government agencies and hospitals.
147 million, or more than 40 percent of the United States population, was compromised in 2017 when Equifax, a credit reporting agency, was hacked. Names, addresses, dates of birth, Social Security numbers, and driver’s license numbers were exposed, plus 200,000 credit card numbers. The Equifax data breach of 2017 was a major data breach that affected over 147 million Americans. The breach occurred between May and July 2017, and Equifax did not disclose the breach until September 7, 2017. The breach was caused by a vulnerability in Equifax's web application firewall. The attackers exploited the vulnerability to gain access to Equifax's systems and steal personal information from affected consumers. Equifax was fined $575 million by the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 states and territories for its role in the data breach. Equifax also offered free credit monitoring and identity theft protection services to affected consumers.
The 2019 Capital One data breach impacted approximately 100 million customers in the United States and 6 million in Canada. The attack was by a former AWS employee, Paige Thompson, who exploited a misconfigured web application firewall (WAF). The attacker stole a variety of personal information, such as names, addresses, dates of birth, Social Security numbers, and information about credit card applications, such as income and employment history. According to Capital One, no credit card numbers and login credentials were stolen. In 2020, Capital One agreed to pay an $80 million fine and $190 million for a class-action lawsuit filed by customers whose data was leaked.
In the 2010s, we all saw new cyber attack vectors, such as ransomware and cryptojacking. They made the 2010s a very challenging era for the cybersecurity industry. However, the cybersecurity industry also made significant progress during this time, developing new tools and techniques to combat cyber threats.
Marriot was fined around $23.8 million because of a data breach that occurred in 2014 but wasn’t discovered until 2020. The data breach that affected over 5.2 million guests was caused by a social engineering attack on a Marriott employee. Personal details, such as names, dates of birth, passport numbers, and Starwood Preferred Guest account information, were compromised, along with the credit card information of some guests.
In 2020, hackers targeted the Twitter accounts of approximately 130 high-profile individuals, such as Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, and Apple. The culprits were able to access Twitter administrative tools, control the accounts themselves, and tweet the double your bitcoin scam directly. Over $118,000 worth of Bitcoin was stolen. According to Twitter, the incident was a social engineering attack. The hackers were able to get employee credentials via phone spear phishing tactic.
The SolarWinds hack affected thousands of organizations globally, including government agencies, businesses, and nonprofit organizations. A Russian intelligence group called APT29 was believed to be responsible. The attack started when SolarWinds’ Orion software development process inserted a malicious code that provided access to the attackers. Reports show that companies like Cisco, Microsoft, Intel, and FireEye were included in more than 18,000 affected systems worldwide.
Thousands of organizations around the world were affected when the Microsoft Exchange Server was breached in 2021. Allegedly, the Chinese hacking group, Hafnium was responsible for exploiting four zero-day vulnerabilities in Microsoft Exchange Server. The attackers stole sensitive data and installed additional malware on the system of the victims. The US Federal Bureau of Investigation, the UK National Cyber Security Centre, and the Australian Cyber Security Centre join forces to resolve the incident.
Colonial Pipeline had to cease all operations along the East Coast to prevent ransomware from spreading. In May 2021, the pipeline’s operational technology systems were compromised by an attack carried out by a Russian hacking group, DarkSide. The hackers encrypted the company’s files and demanded a ransom payment of 75 BTC, approximately $4.4 million at the time, for the decryption key. At first, the Colonial Pipeline refused to pay the ransom but eventually gave in because of the disruption to its operation for several days.
Log4j vulnerability is a critical zero-day vulnerability that was discovered in December 2021. If exploited, it could result in Remote Code Execution (RCE). The Apache Software Foundation released a patch for the vulnerability, but it took weeks to months before numerous organizations were able to patch their systems. According to reports, more than 89% of all IT environments have vulnerable Log4j libraries.
In February 2022, a ransomware group called Lapsus$ attacked NVIDIA. The hackers were able to steal 1 terabyte of information that includes the source code for the company’s hash rate limiter, which diminished NVIDIA’s RTX 30-series Ethereum mining capability. NVIDIA restored its systems from backup and implemented security measures to prevent future attacks. However, the attack caused significant damage to the company.
The personal information of over 77,000 Uber employees was compromised when the company was hacked in September 2022. The hackers leaked full names, email addresses, corporate reports, and driver’s licenses. The leak also included IT asset information that caused the company to come so close to completely shutting down its systems. According to Uber, they believe that the hacker group Lapsus$ was responsible for the attack. The attack started when the hackers gained access to an Uber employee’s personal device through a phishing email and then used the credentials to access the company’s internal systems.
Rockstar Games confirmed that a hacker gained access to their system and stole confidential data, including early development footage from Grand Theft Auto 6. The hacker with an online alias of “teapotuberhacker” claimed to use social engineering tactics to steal data from the company. More than 90 video files were released as well as the source code for the said game. The hacker offered to sell the stolen data back to Rockstar, but the company refused to pay.
Costa Rica declared a state of emergency in May 2022 when a ransomware attack disrupted the country’s computer networks. Allegedly, the attack was carried out by a Russian ransomware gang called Conti. The attack started when the country’s Finance Ministry reported that a number of its systems, such as customs and tax collection, were affected. The next target was the Ministry of Science, Innovation, Technology and Telecommunications and the National Meteorological Institute. Conti demanded a ransom payment of $10 million in exchange for the decryption of the stolen data, but Costa Rica refused to make the payment. To restore the country’s services, other countries and the private sector, such as Microsoft, USA, Spain, and Israel, provided technical assistance.
The personal data of 2.6 million DuoLingo users went up for sale on a hacking forum in January of 2023. It exposed the users’ email addresses, usernames, languages learned, and experience points. The leaked data was scraped from the company’s public profile information using an exposed API. DuoLingo released a statement saying that no financial information or passwords were compromised during the breach.
HCA Healthcare, one of the largest healthcare providers in the United States, experienced a major data breach caused by a ransomware attack in July 2023. The personal information of 11 million patients, such as names, addresses, dates of birth, Social Security numbers, and medical information, was posted on a hacking forum. The attacker claimed that the stolen data consisted of 17 files and 27.7 million database records.
The 2020s have seen a continuation of the trend of increasing cyber-attacks. They have highlighted the need for improved cybersecurity measures and raised awareness of the risks posed by cyber threats.
Most of the attacks mentioned in this article are not caused by intricate hacking techniques. Instead, they're mainly because of one of the most traditional ways of hacking—SOCIAL ENGINEERING.
According to research by PurpleSec, 98% of cyber attacks involve social engineering on some level. It is considered to be the most effective way of exploiting security vulnerabilities.
Security begins with your product teams. It's not merely an afterthought or an external layer of defense; it's an integral part of the product development process. With AppSecEngineer's giant library of resources, you can train your team on how to defend and strike against attackers. Our holistic approach will not only educate them but also help create a security-centered culture within your organization.
Your employees don't have to be your weakest link. Sign up for our plans today!