Cyberattacks all over the world

der normal business circumstances, cyber attacks are an ever-increasing problem causing
trillions of dollars in losses. To make matters worse, the war between Russia and Ukraine
exacerbated these problems with a flurry of major politically-motivated cyber attacks in
2022. Here are some of the recent cyber attacks.

Finnish Parliament Attack

In August 2022, the Finnish parliament's website experienced a DDoS attack while the

parliament was in session. This denial-of-service attack may be part of a coordinated
campaign by Russian state-sponsored hackers to disrupt the Finnish government’s websites in
retaliation for the application to join NATO. A DDoS attack temporarily blocks access to a
website but does not cause permanent destruction.

Ukrainian State Nuclear Power Company Attack

The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in
August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage
web traffic and webpage requests. A disruption of online services lasted for a few hours, but
no permanent negative impact remained. The attack was part of a Russian psyops campaign
to create fear of a nuclear disaster and terrorize Europeans.

Greek Natural Gas Distributor Attack

Greek national gas distributor DESFA reported an incidence of a cyber attack in August

2022. The attack impacted part of the company’s IT infrastructure and caused a data leak.
The ransomware operation of cybercriminals called Ragnar Locker is holding the stolen data
hostage. They demand ransom not to expose sensitive data. The company refused to make a
payment.

South Staffordshire Water Company Attack

In August 2022, the South Staffordshire Water Company reported an attack that caused a

network disruption in its internal corporate network and a data loss. A
cybercriminal ransomware group threatened to tamper with the water supplied by the
company. The company disputed this claim. The criminals demanded payment to not release
sensitive files and explain how the network breach happened.

Montenegro Government Attack

The government of Montenegro's digital IT infrastructure reported an unprecedented

cyberattack in August 2022. No data breach occurred. However, certain governmental
services and telecommunications experienced disruption, including border crossings and
airport operations. The state-owned utility company, EPCG, switched to manual operations as
a precautionary measure.

Estonian Government Attack

A DDoS attack disrupted many Estonian government websites for several hours in April
2022. The attack targeted websites for the president, the Ministry of Foreign Affairs, the
Police and Border Guard, the identification card webpage, and the state services digital
portal. Estonia’s condemnation of the Russian war on Ukraine makes the country a target for
Russian hackers.

Islamic Culture and Communication Organization Attack

Additionally, there was data destruction on 44 servers and hundreds of computers. The ICCO
also lost 35 databases with highly-confidential information about money laundering, spies,
and terrorists living abroad.

Belgian Government and Military Attack

In July 2022, the Belgian government announced that three Chinese hacker groups, part of
the known Chinese Advanced Persistent Threat actors, attacked Belgian public services and
military defense forces. The Chinese government-sponsored attackers steal trade secrets and
intelligence information. The Soft Cell Chinese group recently launched a new remote access
trojan (RAT) malware in June 2022.

UK Military Social Media Breach

Hackers took over the Twitter account of the British Army in July 2022. The social media
account underwent multiple name and photo changes. The content started promoting contests
to win Angry Apes non-fungible tokens (NFTs), digital art stored on a blockchain. The
army’s YouTube page experienced an attack as well. Its name changed to Ark Invest, and the
account promoted interviews of Elon Musk talking about cryptocurrency.

Lithuanian Energy Company Attack

A DDoS attack in July 2022 blocked access to the website of the Lithuanian energy
company, Ignitis Group. The company managed the attack and limited the damage
using DDoS Protection. No data breach occurred, but the attacks were persistent and ongoing.
Pro-Russia group Killnet claimed responsibility. The attack retaliated against Lithuanian
support of Ukraine in the war with Russia.

Additional Global Cyber Attacks

ProxyLogon Cyberattack

One of the most damaging recent cyberattacks was a Microsoft Exchange server compromise
that resulted in several zero-day vulnerabilities. The vulnerabilities, known as ProxyLogon
and initially launched by the Hafnium hacking group, were first spotted by Microsoft in
January and patched in March. However, more groups joined Hafnium in attacking unpatched
systems, resulting in thousands of organizations being compromised. 

MeetMindful Cybersecurity Breach

Dating app MeetMindful suffered a cybersecurity attack in January 2021, resulting in data of
more than 2 million users being stolen and leaked. The hacking group behind the event
managed to steal information like users’ full names and Facebook account tokens.

Tether Attack

In March 2021, cyber criminals threatened to leak documents from the Tether
cryptocurrency. The attackers claimed the data would “harm the Bitcoin ecosystem” and
demanded a settlement fee of around 500 Bitcoin ($24 million), but Tether refused to pay.

CNA Financial Breach

A ransomware attack on insurance firm CNA Financial left employees locked out of their
systems and blocked from accessing corporate resources. The attack in March 2021 also
involved company data being stolen, which led CNA Financial to reportedly pay the $40
million settlement fee.

Facebook Cyberattack

Data of more than 530 million Facebook users, including their names, Facebook IDs, dates of
birth, and relationship status, was published online in April 2021. Facebook, now Meta, said
the information was obtained through scraping in 2019.

Colonial Pipeline Attack

The growing threat that advanced cybersecurity attacks pose to the world was highlighted by
the Colonial Pipeline attack in May 2021. The fuel pipeline operator suffered a ransomware
attack launched by the DarkSide hacking group, which led to fuel disruption and mass panic
buying across the U.S.

Omiai Cyberattack

An unauthorized entry cyberattack in May 2021 resulted in the exposure of 1.7 million users
of the Japanese dating app Omiai.

Audi and Volkswagen Cybersecurity Breach

In June 2021, Audi and Volkswagen revealed a data breach had affected more than 3.3
million customers and prospective buyers, who were primarily U.S.-based. The breach was
blamed on an associated vendor, which was purportedly responsible for exposing the data
between August 2019 and May 2021.

Guntrader.uk Cyberattack

The United Kingdom’s trading website for guns and shooting equipment revealed that
records of 100,000 gun owners had been stolen and published online in July 2021. Gun
ownership is strictly controlled in the U.K., so the data breach of customers’ names and
addresses caused significant privacy and safety concerns. 
T-Mobile Attack

In August 2021, telecoms firm T-Mobile suffered a cybersecurity breach that led to the data
of around 50 million existing customers and prospects being stolen. The data, which included
customer addresses, drivers' licenses, and social security numbers, was stolen by a 21-year-
old, who claimed to have obtained around 106GB of information.

Poly Network Breach

An attack on Poly Network in August 2021 proved that cybersecurity breaches

on cryptocurrency firms are on the rise. The blockchain firm revealed an Ethereum smart
contract hack resulted in cyber criminals stealing cryptocurrency worth more than $600
million.

AP-HP Attack

Cybersecurity attacks on medical organizations and healthcare firms are also increasing. As a
result of the hack on AP-HP, a Paris public hospital system, in September 2021, cyber
criminals stole personal data belonging to around 1.4 million people who were tested for
COVID-19 in 2020. 

Cream Finance Breach

Cream Finance, a decentralized finance firm, suffered a vulnerability in its project’s market
system. The hack, which was revealed in September 2021, caused losses worth $34 million.

Debt-IN Consultants Cyberattack

A South African debt recovery company suffered a significant attack that led to client and
employee data being illegally accessed from its servers in September 2021. The incident is
suspected to have affected the personally identifiable information (PII), including owed
debts, of over 1.4 million people.

Neiman Marcus Data Breach

Department store Neiman Marcus suffered a data breach that resulted in the exposure and
theft of up to 3.1 million customers’ payment card details. The attack was detected in
September 2021 but began in May 2020, and most of the data stolen was believed to have
been from expired or invalid cards.

Argentinian Government Attack

A hacker, who claimed to have leaked the entire database of Argentina’s National Registry of
Persons, has allegedly stolen the data of more than 45 million Argentinian residents.
However, the government denied the hack.

Squid Game Cyberattack

The value of a cryptocurrency linked to but not officially associated with the Netflix program
Squid Game plummeted after a suspected exit scam in November 2021. The cryptocurrency’s
value dropped from $2,850 to $0.003028 overnight, which resulted in investors losing
millions of dollars.

Robinhood Trading App Breach

Also in November 2021, a data breach of the trading app Robinhood affected the data of
around 5 million users. Data like usernames, email addresses, and phone numbers were
compromised through a customer support system.

BitMart cyberattack

Yet another cybersecurity attack against digital currencies, BitMart suffered a breach that
enabled cyber criminals to steal approximately $150 million worth of cryptocurrency in
December 2021. The attack resulted in total losses of around $200 million, including
damages. 

Log4j Breach

In December 2021, a zero-day vulnerability was discovered in the Log4j Java library. The
remote code execution flaw is now active, and the resulting bug, Log4Shell, is being
activated by botnets like Mirai.  

Kronos Cyberattack

HR platform Kronos suffered a ransomware attack that took the Kronos Private Cloud
offline. The outage occurred shortly before Christmas and took the vital service down for
several weeks.

Experian Security Breach

In August 2020, credit reporting agency Experian suffered a breach that affected 24 million
consumers in South Africa and more than 793,000 businesses. The incident occurred when an
individual who claimed to be a client requested services that prompted the data’s release. The
stolen data was eventually secured and deleted, while Experian revealed it had not been used
fraudulently and that its customer database, infrastructure, and systems had not been
compromised.

MGM Hotel Attack

The data of more than 10.6 million customers of MGM Resorts hotels was leaked to a
hacking forum in February 2020. The data included addresses, dates of birth, email addresses,
names, and phone numbers belonging to celebrities, business executives, government
employees, and tourists. 

However, the hack did not breach users’ credit card details. The incident began in mid-2019
when MGM discovered unauthorized access to its server. Another data breach followed in
February 2020, which saw user data published on an open, accessible forum.
California University Cyber Attack

The University of California, based in San Francisco, suffered a ransomware attack that led to
hackers demanding a settlement payment of $3 million on June 1, 2020. The university’s
system was targeted by malware that could encrypt various servers and steal and encrypt
critical data. The university negotiated and paid a settlement fee of $1.14 million but later
revealed no data had been compromised. 

Cognizant Technology Solutions Corp. Cybersecurity Breach

Technology and consulting firm Cognizant was affected by the Maze ransomware attack on
April 18, 2020. The attackers stole data and threatened to publish it online unless Cognizant
paid a settlement fee. Cognizant later revealed it paid a ransom fee of between $50 million
and $70 million to restore its services.

Tillamook County Cyber Attack

Tillamook County’s IT systems were infected by encryption malware on January 22, 2020.
The attack shut down its computer and phone systems and took down the website that hosts
its various departments. Tillamook County’s computer systems were down for at least two
weeks, and attackers demanded $300,000 as settlement, which would double after two weeks,
to restore the data. The county tried to avoid paying the settlement fee but could not restore
the data and eventually settled.

WHO Attack

As the COVID-19 pandemic broke, an attack targeting the World Health Organization
(WHO) resulted in the breach of 25,000 email addresses and passwords. The data was leaked
online on April 19, 2020, along with information belonging to other groups fighting the
pandemic, including the Gates Foundation, the National Institutes of Health (NIH), and the
U.S. Centers for Disease Control and Prevention (CDC).

Zoom Conferencing Service Breach

Videoconferencing service Zoom saw a massive increase in activity throughout 2020 with
people working from home and speaking to friends and family through the application.
However, in April 2020, a cyberattack known as Zoombombing enabled cyber criminals to
join private meetings, access conversations, and share offensive images, videos, and screens.
Zoom updated its application to enhance security levels.

Mitsubishi Electric Cyber Attack

A Mitsubishi Electric systems data breach resulted in around 200 MB of files being stolen.
The breach, which was first detected in June 2019 but was reported in January 2020,
contained employee and applicant information, data about retired employees from affiliate
companies, and sales and technical material. The attack was caused by a vulnerability in the
organization’s antivirus solution, which Chinese hackers exploited.

Hacker Theft of 18 Companies' Data

One of the most significant cyber attacks that occurred in 2020 was through a hacker known
as ShinyHunters. The hacker stole around 386 million user records from 18 different
companies between the start of the year and July. The attacker posted links to these
companies’ databases, made them freely available to download, and sold data online.

Cyber Predictions in 2022 and Beyond

Know the key threat trends, cyber techniques, and cyber security practices and habits to
adopt.

Watch the on-demand webinar

Biggest Data Breaches

Cyber-attacks pose a significant threat to businesses of all sizes, government agencies, and
individual internet users. Recent cyber-attacks have come from hacktivist groups, lone wolf
hackers, and nation-states.

The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a
graduate student at Cornell University, developed a worm program that would crawl the web
to count how many computers were connected to the internet. However, the worm installed
itself on one in seven computers and forced them to crash, which saw it inadvertently become
the first distributed denial-of-service (DDoS) attack. The Morris Worm damaged around
6,000 computers, which then comprised 10% of the entire internet.

In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain
Name System (DNS) root servers. The attack could have brought the internet down if
allowed to continue and was then the most sophisticated and widescale cyber-attack ever
launched.

Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks
now regularly steal the data of hundreds of millions of people. 

Below is an overview of some of the most significant cyber-attacks recorded in history.

Cyber attacks in the Russia-Ukraine Conflict

The Russia-Ukraine crisis, which began in February 2022, involved not just physical battles
that displaced thousands and killed many—but cyberattacks as well. FortiGuard Labs has
determined that new viper malware was used to attack Ukrainian targets and discovered it
installed on at least several hundred machines in Ukraine. Several Ukrainian organizations
have also been targeted by sophisticated attacks that used the KillDisk and HermeticWiper
malware strands, which appear to destroy data on devices. 

In addition, a tool that remotely controls devices, Remote Manipulator System (RMS), was
found to have been distributed in Ukraine via fake “Evacuation Plan” emails. Ukraine also
suffered a wave of distributed denial-of-service (DDoS) attacks. This included an attack
targeting the State Savings Bank, which impacted banking services and cash withdrawals
from ATMs, as well as disrupted the Ministry of Defence and Armed Forces networks.

Adobe Cyber Attack

In October 2013, software company Adobe suffered a cyber-attack in which hackers stole
credit card data from nearly 3 million customers. The attack also saw login credential data,
including usernames and hashed passwords, of up to 150 million users stolen. Further
research into the attack discovered that the hackers had also stolen customer names,
identification data, passwords, and more debit and credit card data.

It also paid around $1 million to customers as a financial settlement because of unfair

business practices and violating the Customer Records Act. Furthermore, the settlement
included a provision that Adobe should implement security measures and submit the results
of an independent security audit one year after the final settlement date.

Canva Security Breach

In May 2019, the graphic design website Canva suffered an attack that exposed email
addresses, names, cities of residence, passwords, and usernames of 137 million users.
Hackers were also able to view but not steal files that included partial payment and credit
card data.

The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to
boast about the attack. They claimed to have obtained users’ open authorization (OAuth)
login tokens, which are used for logging in via Google.

Canva confirmed the attack, notified its users, and prompted them to update their passwords
and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords
was later shared online, which resulted in Canva having to invalidate any passwords that
remained unchanged.

Dubsmash Attack

More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and
usernames—was stolen from the video messaging service Dubsmash in December 2018. A
year later, the data was made available for sale on dark web site Dream Market as part of a
dump of data that also included information from attacks on Armor Games, Coffee Meets
Bagel, MyHeritage, MyFitnessPal, and ShareThis.

Dubsmash acknowledged that its systems had been breached and the stolen data put up for
sale, and advised users to change their passwords. However, it has not reported how attackers
gained access to the data or confirmed the attack scale.
eBay Data Breach

A cyber attack in May 2014 exposed the account list of eBay’s 145 million users. The attack,
which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as
hackers obtained three eBay employees’ credentials. Attackers gained complete access to the
entire eBay network for 229 days.

eBay asked customers to update their passwords, for which it received criticism over its poor
communication and password-renewal process implementation. The auction site also advised
that financial details, such as credit card information, were stored in a separate location and
had not been compromised.

LinkedIn Cyber Attack

The business social network LinkedIn is a common target for cyber criminals
launching social engineering attacks. It has also suffered major cyber attacks that leaked its
users’ data.

The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a
Russian hacker forum. The attack’s true size was revealed four years later when a hacker was
discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins,
which were then worth around $2,000. LinkedIn acknowledged the breach and reset
passwords on all accounts that had been affected.

Slack Attack

Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access
to the service’s infrastructure. This included a database storing user profile data, such as
usernames and hashed passwords. The attackers also injected code that enabled them to steal
plaintext passwords when users entered them.

Slack revealed the attack affected around 1% of its users, estimated to be around 65,000
users. It immediately reset their passwords and advised all users to reset their passwords and
implement security measures like two-factor authentication (2FA).

Four years later, a Slack bug bounty program revealed a potential compromise of Slack
credentials, which it suspected was due to malware or users recycling passwords across
online services. It subsequently realized that most of the credentials affected were from
accounts that accessed the service during the 2015 incident.

Yahoo! Cybersecurity Breach

Cyber attacks targeting the internet provider Yahoo are widely acknowledged as the most
significant data breaches in history. The state-sponsored attacks, which began in 2013,
affected all of Yahoo’s 3 billion users.

In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’
names, email addresses, telephone numbers, and birth dates. Three months later, the company
revealed a breach from 2013, which was carried out by another attacker and compromised its
users' names, email addresses, passwords, dates of birth, and security questions and answers.
Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to
its entire user base of 3 billion people.

Zynga Attack

Games developer Zynga, which created various popular games that users accessed via
Facebook, suffered a massive cyber attack in September 2019. The attack by Pakistani hacker
group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga
games Draw Something and Words With Friends. It compromised the email addresses,
hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.

Of all of the cyber and ransomware attacks in 2021, the breach of Colonial Pipeline in late
April had the most news coverage. As Touro College Illinois Cybersecurity Program Director
Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline
is an important part of the national critical infrastructure system. Taking the system down
disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”

As most Americans are directly impacted by gasoline shortages, this attack hit close to home
for many consumers. The DarkSide gang was behind the attack and targeted the firm’s billing
system and internal business network, leading to widespread shortages in multiple states. To
avoid further disruption, Colonial Pipeline eventually gave in to the demands and paid the
group $4.4 million dollars in bitcoin.

This attack was particularly dangerous because consumers started to panic and ignored safety
precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and
bins, and one car even caught on fire. After the chaos receded, government officials
confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have
been prevented if stronger protection was in place.

Thankfully, US law enforcement was able to recover much of the $4.4 million ransom
payment. The FBI was able to trace the money by monitoring cryptocurrency movement and
digital wallets. But finding the actual hackers behind the attack will prove a lot harder. (The
New York Times(opens in a new tab))

Brenntag

At around the same time in early May 2021, the same notorious hacker group that targeted
Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After
stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in
bitcoin.

Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a
little more than half of the original demand, it still stands as one of the highest ransomware
payments in history. (IT Governance(opens in a new tab))

Acer

Also in May this year, the computer manufacturer Acer(opens in a new tab) was attacked by
the REvil hacker group, the same group responsible for an attack on London foreign
exchange firm Travelex. The $50 million ransom stood out as the largest known to date.
REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to
Acer’s files and leaked images of sensitive financial documents and spreadsheets. 

JBS Foods

Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of
cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile
ransomware attack took place this May on JBS Foods, one of the biggest meat processing
companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is
thought to be behind the attack. (CNN(opens in a new tab))

Although there weren't any major food shortages as a result of the attack, government
officials told consumers not to panic buy meat in response. On June 10th, it was confirmed
that JSB paid the $11 million ransom demand after consulting with cybersecurity experts.
This massive payment in bitcoin is one of the largest ransomware payments of all time. (CBS
News(opens in a new tab))

Quanta

As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer
manufacturer Quanta in April. Although Quanta may not be a household name, the company
is one of Apple’s major business partners. After the firm refused negotiations with the hacker
group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from
Quanta, they threatened to release more sensitive documents and data. By May, REvil
seemed to have called off the attack.

National Basketball Association (NBA)

Businesses and organizations from all different kinds of industries are targeted by
ransomware attacks. One of the more surprising on the list this year was the National
Basketball Association (NBA). In mid-April of this year, the hacker group Babuk claimed to
have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warned that
these confidential documents, including financial info and contracts, would be made public if
their demands were not met. As of this posting, no ransom payments have been made.

AXA

This May, the European insurance company AXA was attacked by the Avaddon gang. The
attack happened soon after the company announced important changes to their insurance
policy. Essentially, AXA stated they would stop reimbursing many of their clients for
ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm
made headlines and the hacker group gained access to a massive 3 TB of
data. (BlackFog(opens in a new tab))

CNA

Earlier this year in March, another large insurance firm fell victim to a ransomware attack.
CNA’s network was attacked on March 21(opens in a new tab) and the hacker group
encrypted 15,000 devices, including many computers of employees working remotely. The
attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware
called Phoenix CryptoLocker.

CD Projekt

CDProjekt Red is a popular videogame development firm based in Poland. In February of

this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source
code to game projects in development and encrypted devices. However, CDProjekt refused to
pay the ransom money, and has backups in place to restore the lost data. (ExtremeTech(opens
in a new tab))

Kaseya

REvil, the same hacker group that targeted Acer, Quanta, and JBS Foods, again made
headlines in July with an attack on Kaseya. While not a name commonly known by
consumers, Kaseya manages IT infrastructure for major companies worldwide. Similar to the
attacks on Colonial Pipeline and JBS Foods, this hack had the potential to disrupt key areas
of the economy on a large scale.

To carry out the attack, REvil sent out a fake software update through Kaseya’s Virtual
System Administrator, which infiltrated both Kaseya’s direct clients as well as their
customers. According to REvil, one million systems were encrypted and held for ransom.
According to Kayesa, around 50 of their clients and around 1000 businesses in total were
impacted. The hacker group demanded $70 million in bitcoin. To illustrate the impact of the
cyber attack, Coop, a Swedish supermarket chain, was forced to close 800 stores for a full
week. (ZDNet(opens in a new tab))

Soon after the attack, the FBI gained access to REvil’s servers and obtained the encryption
keys to resolve the hack. Fortunately, no ransom was paid and Kaseya was able to restore the
IT infrastructure of its clients. Although it started out as one of the biggest ransomware
attacks of the year, the situation was salvaged in the end. (ZDNet(opens in a new tab))

Progress in the Fight Against Ransomware

Although not a state-sponsored organization, the group behind the Kaseya attack is based in
Russia. According to the Associated Press(opens in a new tab), the widespread security event
prompted a call between President Biden and President Putin in July. During the call, Biden
pressured Putin to take a stronger stance on targeting malicious agents in his country.
Although exactly what took place after this phone call is unclear, the FBI gained access to
REvil’s servers, and REvil’s website and infrastructure went down soon after. While it’s
uncertain whether Biden’s call made a difference, the White House asserts that it will keep up
the pressure on Russia to cooperate.

Despite the continued onslaught of ransomware attacks, there have been some hopeful
developments. In November, news broke that five suspected associates of the REvil group
were arrested by the European law enforcement agency Europol. According to
Fortune.com(opens in a new tab), “the alleged hackers are suspected of involvement in about
5,000 ransomware infections and received about half a million Euros ($579,000) in ransom
payments.”
Using wiretapping and other methods, police were able to access group infrastructure and
track down the alleged hackers. The two most recent arrests were the result of collaboration
between 17 countries, including major world powers like the U.S., U.K. and France.

One of the men, Yaroslav Vasinskyi, 22,

was allegedly responsible for the attack
against Kaseya. Both of the men arrested
in November may face life in prison.
Although REvil is still an active player in
the world of cybercrime, authorities hope
to find and prosecute more hackers and
end their operations. (NPR) A Survey on
Recent Cyber Attacks & Laws

Throughout the last decade widespread use of Computer in all sector of lives have
made them target for attackers to steal, infiltrate and disrupt. Lot of this attack has
been going under the radar for some time before the culprit being prosecuted under
the law. Any kind of attacks that compromises any of the characteristics of CIA
(Confidentiality, Integrity and availability) is considered as Cyberattacks. Due to the
global internetwork of computer system the attackers no longer confined to any fixed
geographical location. Hence they can pick up any target from any corner of the
world.

The motivation behind these cyber-attacks also ranges from money, data theft,
Cyber Espionage, political etc. If we look at the following figure we will see the
motivation of these cyber-attacks visually.
 Fig: 1: Motivation behind the Cyberattacks [1]

The survey paper following below will try to summarize recent attacks that has been
taken places over the last few years and also have look at the Significant Cyber
Laws.

Cyber Attacks

Attacks on Sony PlayStation Network: In 2011 the hacker

successfully managed to put down the Sony network. The attacker was successful in
stealing sensitive information such as user’s passwords, D.O.B, passwords, Credit
card details etc. [2]
The motivation against the attacks was allegedly been linked to the prosecution of
PlayStation 3 jail breaker in USA.
The attacker successfully managed to get into the sensitive databases of Sony
network by defeating their full defenses.
Though the attacking vector and techniques were not shared to public by Sony. It’s
assumed that the PlayStation 3 Redbug firmware allowed the attacker to get into the
trusted network of the Sony network which helped them to further hack into the
system. Two primary attack that was reported was data breach and massive DDoS
attack.
DDoS attack in nutshell is DoS attack performed by multiple distributed attacking
hosts. In this attack the attacker use large sets of bots as controlling agents and
handlers combined known as Zombies to launch distributed attack.
Here below in the picture we can better understand how the attacker take down
victim’s infrastructure.

Fig-2: DDoS Attack [3]

Filtering packets with IDS/Firewall and diverting illegitimate traffic with setting up
Honeypot or honey net and blackholing network can mitigate DDoS attack.

Attacks on Citi Bank:

In 2011 hacking on Citi Bank resulted in more than 300000 user account to be
compromised. It was estimated that about 200000 cards needed to be reissued to
the customer which cost Citi bank for about 2.7 million dollars. [4]
Since the Citi bank is one of the largest bank in the world it was targeted by the
attacker for the sheer amount of transaction it makes.
The attacker changed the Unique identifier(Session identifier) used in the URL bar
each time the customer log into the system and by successfully guessing the number
the hacker can take over the established connection. This type of attack is called
session hijacking.
Then hacker used so called scrapper which managed to copy the account
information and change the number again to perform the same process on other
customer.
The way session hijacking works are the attacker guess the session ID of the victim
and use the session ID to validate with the server and impersonate the legitimate
user in doing so for taking over the already established connection.
In the following picture we see how an attacker successfully guess the session of the
victim and present it to the webserver.

Fig-3: Session Hijacking [5]

Using new session for each login, enabling restrictions of URL rewriting, and using
SSL encryption to pages that uses cookies and mitigate this attack.

Attacks on JP Morgan:
In 2014 massive attacks were reported as JP Morgan found out they have been on
attack for some months. When they found out in august that their accounts has been
accessed by the hacker for since last two to three months which went unnoticed.
JP Morgan reported for over 80 million customer’s information being compromised.
[6]
The attack was performed by some crafty spearfishing techniques used by the
attacker for the JP Morgan’s customers. They gained privileged access to the
system by which they were able to copy customer information without being
detected. Though the attacker did managed to get into the JP Morgan’s network but
they could not get into the banking section of the customer for which the customer
didn’t lose any money.
Spearfishing attacks lure victims to download or open up attachment from rather
harmless looking email. In this type of attack the attacker usually use crafty email to
persuade its victim to download malware into their system which they can remotely
control to initiate further attacks on the victim.
Real time traffic analysis, Inbox Email Sandboxing and above all User’s safe
Behavior in regards to Email handling can go long way in curbing the spear-fishing
attack.

Attacks on EMC’S RSA:

In 2011 the hacker managed to infiltrate the EMC’S RSA security and stole critical
information related to RSA authentication system. The loss of data left the RSA
token authentication system vulnerable to attack.
The way attacker broke into the system was by spearfishing mail which had title
‘’2011 Recruitment Plan to RSA employees’’ under the disguise of Microsoft excel
file. The user who opened the file allowed the hacker to install Adobe flash objects
with Remote access Trojan tool (RAT) named poison Ivy inside. It exploited what is
known now as Zero-day attack on the adobe flash vulnerabilities. The hacker was
able to copy login credentials of RSA authentication systems. [7]
In The zero-day attack the vulnerabilities of certain software is identified by attacker
before the developer find them. The bug inside the software is unknown until the
attack is done.
Keeping the software updated always, avoiding buggy and outdated software and
significantly reduce the attacking surface of Zero-day attacks.

Attacks on Target:
In 2013 the Target was under attack by the hacker which managed to steal like over
40 million of credit card information’s and resulting in setting back the Target for over
150 million of dollars loss through compensation and other legal complications.
The attack was done via the Target’s POS system being attacked by crafty malware
which extracted the credit card information at first then after some days started
sending over the copied information within the target’s network and ultimately to FTP
server controlled by the hacker. The malware scrapped for data as the customer
swipe in their credit/debit card on the POS terminal. [8]

Cyber Laws:
The Gramm–Leach–Bliley Act (1998): One of the most well-known laws also
referred as GLBA is well known act in financial area. Basically it regulated how
financial organizations can store, share and use the customer’s information between
different organizations by making three conditions mandatory as follows:
 Securing personal financial information
 Getting consent of the customers for sharing their personal information with
others
 Giving the customer opportunities for opting out of the sharing of their
Information.[9]

The Health Insurance Portability and Accountability Act of 1996 (HIPAA):

Securing the Health information of the patient’s the above law was passed in 1996
to protecting the health information electronically. It protects the individually
identifiable health information by keeping it secret while letting the proper health
information accessible the doctor’s for treating their patients. The parties violating
this Act can be fined from 50000 to 250000 USD dollars.

Federal Information Security Management Act of 2002:

It was enacted on 2002 recognizing the value of the information security both in
national security and financial aspects. It works by different agencies helping to keep
the federal government data safe and secure. As a head of agency one has to do
annual reviewing of the information security program to analyze and reducing the
risks to minimize level.

Cyber Intelligence Sharing and Protection Act (CISPA):

Introduced on November on 2011 to share information between federal governments
and the company so that the government can monitor and track and future terrorist
or cyber-attacks beforehand. Under this law government can collect user data from
big Tech companies like Apple, Facebook, and google. Recently this act has been
under lots of scrutiny by the public.
 Payment Card Industry Data Security Standard:
This law is for company who deals with any online payment with Debit/Credit
cards. All companies must comply with this law if they want to work with Debit/Credit
cards. The standard was formed on 2004 and since then it has gone many revision
and updates. In last April latest 3.1 version been released. This compliance requires
to maintain secure system and been able to monitor all the activity within network
resources and cardholder’s data. [10]

As we can see from above there is been myriad of attacks frequently happening and
lot of them are far from. According to the survey presented by the Ponemon Institute
in 2013 the cyberattack incidents costs USA for about 11.6 million dollars which was
up by 26 percent from the previous year. [11] Most of the attacks discussed earlier
could have been prevented had there been better secured system in place. Also if
users were properly trained not to fall for the spearfishing mail some of the attacks
could have been avoided. Having said that as more and more computer gets online
more the cyberattacks will arise. Nevertheless having up-to-date system with
patches and proper locking down with auditing logging can thwart the effort of the
hacker to a certain extent.

References:

1. 2001-2013: Survey and Analysis of Major Cyberattacks. (2012). Retrieved 4

September 2015, from http://arxiv.org/pdf/1507.06673.pdf

2. Anthony, S. (2015). How the PlayStation Network was Hacked |

ExtremeTech. ExtremeTech. Retrieved 1 September 2015, from
http://www.extremetech.com/gaming/84218-how-the-playstation-network-was-
hacked

3. Cisco, (2015). A Cisco Guide to Defending Against Distributed Denial of

Service Attacks. Retrieved 5 September 2015, from
http://www.cisco.com/web/about/security/intelligence/guide_ddos_defense.ht
ml

4. The Huffington Post, (2015). Citigroup: $2.7 Million Stolen From Customers
As Result Of Hacking. Retrieved 1 September 2015, from
http://www.huffingtonpost.com/2011/06/27/citigroup-hack_n_885045.html
5. Owasp.org, (2015). Session hijacking attack - OWASP. Retrieved 5
September 2015, from
https://www.owasp.org/index.php/Session_hijacking_attack

6. Newsweek.com, (2015). Newsweek.com, (2015). Retrieved 1 September

2015, from http://www.newsweek.com/2014-year-cyber-attacks-295876
Retrieved 1 September 2015, from http://www.newsweek.com/2014-year-
cyber-attacks-295876

7. LESS THAN ZERO: A Survey of Zero-day Attacks in 2013 and What They
Say about the Traditional Security Model. (2015). Retrieved 3 September
2015, from https://www.fireeye.com/resources/pdfs/white-papers/fireeye-zero-
day-attacks-in-2013.pdf

8. Securityweek.com, (2015). How Cybercriminals Attacked Target: Analysis |

SecurityWeek.Com. Retrieved 1 September 2015, from
http://www.securityweek.com/how-cybercriminals-attacked-target-analysis

9. Center, E. (2015). EPIC - The Gramm-Leach-Bliley Act. Epic.org. Retrieved 1

September 2015, from https://epic.org/privacy/glba/

10. Corpgov.law.harvard.edu, (2015). Cyber Security and Cyber Governance:

Federal Regulation and Oversight—Today and Tomorrow. Retrieved 2
September 2015, from http://corpgov.law.harvard.edu/2014/09/10/cyber-
security-and-cyber-governance-federal-regulation-and-oversight-today-and-
tomorrow/

11. 2013 Cost of Cyber Crime Study: United States.

http://media.scmagazine.com/documents/54/2013_us_ccc_report_final_6-
1_13455.pdf, 2013. Last Accessed November 10, 2014.