Timeline of massive cyberattacks and mistakes behind them
Cyberattack is a concept that has become commonplace in modern society. Sociologists around the world are unanimous in arguing that modern society has become more conflicted than ever. The number of conflicts in the political, social, labor, religious, and personal spheres is constantly increasing. In turn, the development of science and new technologies is not always beneficial, but on the contrary — their use becomes a successful tool for ingenious virtual criminals. Therefore, in modern society, crimes in cyberspace have become quite common.
The issue of cybersecurity is central to the development of advanced technology software products, as automated process control systems for critical objects are threatened by both conventional viruses and targeted attacks. Therefore, the protection of information technology infrastructure is a priority for information security professionals. This certainly affects information competition and, consequently, cybersecurity, both of individuals in society and of the state as a whole. Over the last decade, cybersecurity has formed into an independent scientific field, which has its own specific tasks and research methods.
The Internet has become not just an innovative breakthrough, but as a result, has been used as an information lever. Millions of people spend most of their lives on the World Wide Web, and some of that life is very personal, even intimate. And perhaps most believe that this is his personal virtual space, which seems to remain secret from others.
Here some examples of the biggest cyber attacks in recent years
- 2016 Yahoo Security Breach
The US Internet corporation Yahoo said that 3 billion user accounts were hacked as a result of data breaches in 2013, which is three times the scale of the previously estimated theft.
On October 3, the company announced that it had sent emails notifying it of additional user accounts damaged by the August 2013 incident.
Yahoo first discovered the violation in December 2016, alleging theft of information with names, email addresses, phone numbers, dates of birth, and more.
There are many lessons to be learned from Yahoo’s cyber incident. Here are some of conclusions:
Nation-state cyber actors are using criminal hackers as proxies to attack private entities and individuals. In fact, the Yahoo fact pattern shows that the Russian intelligence services have been doing so since at least 2014. [1]
Cyber threat actors — from nation-states to lone wolves — are targeting enormous populations of individuals for cyber intrusions, with goals ranging from espionage to data theft/sale, to extortion.
User credentials remain hacker gold, providing continued, unauthorized access to online accounts for virtually any targeted victim.
2. 2017 Dun & Bradstreet
When Dun & Bradstreet bought NetProspex in 2015, it also acquired an enormous 52GB database containing just under 33.7 million unique corporate records. Now, that information has found its way out into the world for anyone to access. [2]
Dun & Bradstreet is insisting that their company’s systems were not breached and though they own the database, they’ve also sold the information to “thousands” of other firms. ZDNET reports the database has dozens of different fields, including [3]:
- Full names
- Job titles
- Work email addresses
- Phone numbers
- Believed office location
The firm claims its systems were not breached, but the database of 33.7 million unique corporate records was sold to thousands of companies across the USA. That means any of those companies could have suffered a breach, and they don’t even realize it yet. [4]
3. 2018 Aadhaar
The Centre for Internet and Society (CIS) had reported that Aadhaar numbers and personal information of about 135 million Indians may have been leaked from government portals.
The report had said the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details about address, photographs and financial data. [5]
These groups targeted over 3 lakh village-level enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data. The hackers seemed to have gained access to the website of the Government of Rajasthan. [6]
4. 2020 Colonial Pipeline
Malware attack on the American Colonial Pipeline system, as a result of which the latter was stopped. The attack shut down all Colonial Pipeline pipelines. As a result of the attack, President Biden declared a state of emergency. According to the press, this is “the most successful cyber attack on oil infrastructure in the history of the country.” [7]
The attack was probably carried out by the hacker group DarkSide. It is believed that the day before the attack, the same group stole 100 GB of data from the company’s servers. Hackers demanded money for stolen and encrypted company data. According to CNN, the group of hackers may be linked to Russia. [8]
And as cyber-experts such as Jon Niccolls, from CheckPoint, explain, where there is connectivity, there is risk of cyber-attack:
“All the devices used to run a modern pipeline are controlled by computers, rather than being controlled physically by people,” he says.
“If they are connected to an organisation’s internal network and it gets hit with a cyber-attack, then the pipeline itself is vulnerable to malicious attacks.” [9]
5. 2021 JBS SA
The hackers attacked JBS SA, the world’s largest meat producer based in Sao Paulo, Brazil. This led to the shutdown of all the company’s beef plants in the United States — they supply almost a quarter of US stocks, writes Bloomberg. [10] Meat plants in Australia have also been suspended.
It is known that hackers attacked the computer networks of the Brazilian company and demanded a ransom for unlocking. The incident happened just three weeks after the attack on the Colonial Pipeline fuel pipeline — from which hackers managed to get a $ 4.4 million ransom. [11]
The plant closures reflect the reality that modern meat processing is heavily automated, for both food- and worker-safety reasons. Computers collect data at multiple stages of the production process; orders, billing, shipping and other functions are all electronic. [12]
Information wars will exist as long as the information itself exists. In the Cold War, the struggle for cyberspace becomes the driving force and the main force. The best way to prevent such a war is to protect your data and create a secure information environment.
