Top 21 Biggest Hacking Attacks of All Time: Cyber attacks and cyber crimes are not new news these days. The number of cyber-attacks has grown up steadily over the last few years. Whilst modern technology presents many conveniences and benefits, there are people who misuse it which can pose a threat to our privacy. In 2016, 758 million malicious attacks occurred according to KasperskyLab, (an attack launched every 40 seconds) and the cost of cybercrime damages is expected to hit $5 trillion by 2020. A 2020 report suggests that cyberattacks on infrastructure were the fifth top risk of the year. Not only that but it is expected that the cost of cybercrimes Might Reach $10.5 Trillion Dollars by 2025.
Data breaches affecting millions of users are far too common. Cybercrimes often have a tremendous impact on companies and individuals. In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data dependencies of daily life.
The FBI reported that there was a 300% increase in cybercrime reports since the COVID-19 pandemic. Experts expect cybercrime damages to reach $10.5 trillion per year by 2025. Global cyber security spending is expected to reach $170.4 billion by 2022.
Here are some of the biggest data breaches of all time. These numbers are alarming, and for us to better understand the tremendous impact that cyber-attacks might have on companies and individuals, it is important to go back down memory lane and take a look at some of the biggest cyber attacks in history:
21. The Melissa Virus Attack: 1999
Nowadays, most of us are aware of the threat of so-called phishing attacks which use SPAM email to distribute viruses. But in 1999 the world was blissfully unaware of this possibility, which made the spread of Melissa all the more devastating. The Melissa Virus was unleashed by Programmer David Lee Smith by sending users a file to be opened by Microsoft Word.
This virus appeared on thousands of email systems on March 26, 1999, disguised as an important message from a colleague or friend. It was designed to send an infected email to the first 50 email addresses on the users’ mailing lists and was a mass-mailing macro virus that targeted Microsoft Word- and Outlook-based systems.
The Melissa virus became one of the fastest-spreading known viruses, leading toward an awareness of the risk and potential damage involved in opening unsolicited email attachments. The virus caused severe destruction to hundreds of companies, including Microsoft. It is estimated that the repairing cost of the affected systems was around $80M.
20. Estonia Cyber Attack: 2007
Hybrid warfare has become a widely used term in recent years. Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including the Estonian parliament, banks, ministries, newspapers, and broadcasters, amid the country’s disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.
The US Joint Forces Command defines it as any “adversary that simultaneously and adaptively employs a tailored mix of conventional, irregular, terrorism and criminal means or activities… Rather than a single entity, a hybrid threat or challenger may be a combination of state and non-state actors”.
19. Alteryx Data Breach: 2017
A marketing analytics firm left an unsecured database online that publicly exposed sensitive information for about 123 million U.S. households. The data included 248 fields of information for each household. The information includes addresses, phone numbers, mortgage ownership, age, ethnicity, and personal interests such as whether a person is a dog or cat enthusiast. However, the data did not include people’s names, social security numbers, credit card information, or passwords.
The data sets originally belonged to credit reporting firm Experian and the U.S. Census Bureau. Chris Vickery, the director of cyber risk research at cybersecurity start-up UpGuard, discovered the data on Oct. 6 on Amazon Web Services, or AWS.
18. Wannacry Ransomware Attack: 2017
WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. After infecting a Windows computer, it encrypts files on the PC’s hard drive, making them impossible for users to access, and then demands a ransom payment in Bitcoin in order to decrypt them. In the UK, it had a particularly alarming impact on the NHS, infecting 7,000 devices including computers, MRI scanners, and other theatre equipment.
It propagated through EternalBlue, an exploit developed by the United States National Security Agency (NSA) for older Windows systems. It was one of the biggest ransomware of all time that took place in 2017 when around 200,000 computers were affected in more than 150 countries. This outbreak had a massive impact across several industries and had a global cost of about 6B pounds.
WannaCry worked by automatically spreading across networks, infecting computers then encrypting data and demanding a ransom ($300 in Bitcoin within three days or $600 within seven days) to decrypt that data.
17. NotPetya Malware Attack: 2017
Petya and NotPetya are two kinds of malware that affected thousands of computers worldwide in 2016 and 2017. Both Petya and NotPetya aim to encrypt the hard drive of infected computers, and there are enough common features between the two. Unlike the fact that the latter is a form originating from the former, NotPetya has many more potential tools to help it spread and infect computers.
NotPetya was so named because it initially resembled a ransomware attack called Petya, which was named after a weapons system in the James Bond film GoldenEye. But NotPetya proved to be a more significant and virulent threat. Like the WannaCry ransomware that also caused global havoc in 2017, it utilized a Windows Server Message Block (SMB) exploit to spread more rapidly.
16. Ukraine Power Grid Attack: 2015
On December 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack, which is attributed to the Russian cyber military unit Sandworm, began when the Prykarpattyaoblenergo control center fell victim to a cyber breach. The attack took place during the ongoing Russo-Ukrainian War (2014-present). It is the first publicly acknowledged successful cyberattack on a power grid.
The hackers remotely compromised the information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. In fact, it was the first cyberattack on a power grid, the attack left around half of the homes in the Ivano-Frankivsk region in Ukraine without power in 2015 for about a few hours.
15. Adult Friend Finder exposed: 2015-16
The adult-oriented social networking service The FriendFinder Network had 20 years’ worth of user data across six databases stolen by cyber-thieves in October 2016. The site was previously hacked in May 2015, when 3.5 million user records were exposed.
Leaked Source provides a free service that tells visitors if their email addresses have been compromised, but charges them to find out what associated data has been leaked. The firm said ‘after much internal deliberation’ it would not make the Friend Finder Network logins searchable ‘for the time being’.
Adult Friend Finder is an adult dating/entertainment website that calls itself the ‘world’s largest sex and swinger community’. Along with Adult Friend Finder, data accounts from Cams.com and Penthouse.com were also accessed in the data breach.
Leaked Source, which reported the latest breach, said it was the biggest data leak it had ever seen. Including Friend Finder Networks’ other explicit sites, the entire breach is said to include information about 412 million accounts.
14. Global Bank Spear Phishing: 2013
A spear-phishing attack uses spam email to install malware on a system in the same way as a typical phishing attack. The difference is, that spear phishing attacks go to great lengths to make their email seem genuine and innocuous by impersonating recognized, trusted sources.
Beginning in 2013, a wave of spear phishing attacks targeting some of the world’s largest banks and financial institutions is estimated to have stolen up to $1 Billion. After two years, the attack was finally identified, and an organized crime syndicate operating out of Russia was traced.
13. Bangladesh Bank Heist: 2016
The Bangladesh Bank robbery, also known as the Bangladesh Bank Cyber Heist, was a theft that took place in February 2016. Security hackers issued thirty-five fraudulent instructions to illegally transfer nearly $1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, the central bank of Bangladesh through the SWIFT network. Five of the thirty-five fraudulent instructions were successful in transferring the US $101 million, with US $20 million traced to Sri Lanka and US $81 million to the Philippines.
Bangladesh Bank had realized hours after the money was stolen that the massive heist had happened and began taking steps to retrieve it, a process that was going to be very challenging. They managed to trace the money to Manila’s casinos and managed to recover $16 million from one man, the BBC report says.
12. Saudi Aramco Cyber Attack: 2012
In 2012, Saudi Arabia’s national oil company, Saudi Aramco, was hit by one Of the Worst Cyber Attacks the World Has Ever Seen. It was initiated by a phishing email attack that an unnamed Saudi Aramco Information Technology employee opened, giving the group entry into the company’s network around mid-2012.
The kingdom’s oil giant found itself hit by the so-called ‘Shamoon’ Computer Virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers. Iranian-backed actors, under the guise of a hacktivist group calling itself the Cutting Sword of Justice, used a wiper virus known as Shamoon rigged with a logic bomb to attack the company.
11. Citibank Cyber Attack: 1995
The Citibank case marks the hacker community’s first foray into big-money banking. In 1994, Russian hacker Vladimir Levin engineered a heist from Citibank, tricking the company’s computers into distributing an estimated $10 million to him and his accomplices in several countries.
Fortunately, Citibank had clocked on that some of the activity looked suspicious, and many of the transactions were tracked by the FBI. Most of the stolen cash was recovered, but the case marked an early shot across the bows warning of the vulnerabilities of electronic banking transactions.
In March 1995 Levin was lured to London and apprehended at London’s Stansted Airport by Scotland Yard officers when making an interconnecting flight from Moscow. Levin’s lawyers fought against extradition to the U.S., but their appeal was rejected by the House of Lords in June 1997.
10. American Military Hack: 2001 – 2002
A Scottish hacker Gary McKinnon was accused of hacking into 97 United States military and NASA computers over a 13-month period between February 2001 and March 2002, at the house of his girlfriend’s aunt in London, using the name ‘Solo’. McKinnon left taunting messages like “Your security system is crap. I am a Solo. I will continue to disrupt at the highest levels”. on the military systems, he infiltrated, and military authorities claim they spent well over $800,000 recovering from the damage.
Although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. But the US authorities stated that he deleted critical files from operating systems, which shut down the United States Army’s Military District of Washington network of 2000 computers for 24 hours.
9. Nasdaq Attack: 2010
Since day-to-day financial operations have moved online, Wall Streeters have grown increasingly concerned about the safety of their data. While most hacks are for gathering information and espionage, one well-executed cyberattack could bring down the entire structure of the financial system.
In late 2010, Russian hackers got into Nasdaq’s networks, according to Ars Technica, and were able “to roam unmolested for months and plant destructive malware designed to cause disruptions.” It was eventually traced back to Russian software engineering and was attempting to steal $11 billion from the New York Stock Exchange. The FBI was the first to notice, and their monitoring pointed to possible malware on the Nasdaq servers themselves. If successful, it would have caused havoc within the system and hobbled the U.S. economy.
The National Cybersecurity and Communications Integration Center launched a five-month investigation, of which many details are still classified. In the following investigation, the NSA recognized the malware from a previous version, built by Russia’s main spy agency.
8. American Businesses Hacks: 2005 – 2012
Starting in 2005, various brands, chains, and systems – including 7-Eleven and JC Penney – were targeted by a Russian hacker group. Within seven or eight years, they were able to steal 160 million credit and debit card numbers and infiltrate 800,000 bank accounts. It is believed that they were directly or indirectly responsible for at least $300 million in losses worldwide.
Some of the data was sold (credit card numbers went for $10-$50 each on black market forums), while other data was used to steal cash directly from accounts (they used fake ATM cards at Citibank and PNC to get around $9 million.
7. Sony’s PlayStation Network: 2011
On April 4th, 2011, the Hacktivist group Anonymous brought down Sony’s PlayStation Network (PSN) with a Targeted Distributed-Denial-of-Service (DDoS) attack. At the time of the outage, with a count of 77 million registered PlayStation Network accounts, it was not only one of the largest data security breaches but also the longest PS Network outage in history. It surpassed the 2007 TJX hack which affected 45 million customers.
At that time, gamers trying to log on to play online with friends were met with a message saying that the system was temporarily closed for maintenance. But what was actually happening was that hackers were systematically hacking their way through Sony’s security protocols, gaining access to the personally identifiable information of 77 million user accounts. Anonymous had also warned Sony of retaliation after Sony took legal action against two people.
6. Adobe Cyber Attack: 2013
It was one of the 17 biggest data breaches of the 21st century: In October 2013, hackers stole login information and nearly 3 million credit card numbers from 38 million Adobe users. To access this information, the hackers took advantage of a security breach at the publisher, specifically related to security practices around passwords. The stolen passwords had been encrypted instead of being chopped as recommended.
The breach occurred when hackers raided a backup server on which they found, and subsequently published, a 3.8GB file containing 152 million usernames and poorly-encrypted passwords, plus customers’ credit card numbers.
5. Cyber Attack on Yahoo: 2013 – 14
In 2014, hackers directly targeted Yahoo’s user database, affecting about 500 million people. The cybercriminals reportedly got account details such as people’s names, email addresses, passwords, phone numbers, and birthdays. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.
The FBI believes that the massive Yahoo! breach started with either a social engineering or spear phishing attack on privileged users according to Ars Technica. It is the largest hack of a single entity in internet history. That’s not a great claim to fame for a company trying to woo users back to its flock.
4. Facebook: 2019
In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public internet. The information related to more than 530 million Facebook users included names, Facebook IDs, dates of birth, and relationship status. However, two years later (April 2021) the data was posted for free, indicating new and real criminal intent surrounding the data. A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.
Additionally, Facebook previously vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.
3. The iCloud Celebrity Hack: 2014
Apple is well known for its security services and devices. After all, with the amount of credit card data the company possesses due to iTunes, one has to take appropriate security measures. However, it seems like Apple has failed in one critical area – iCloud, and the cost of this failure has resulted in pictures of countless celebrities being leaked online.
In just a few days in 2014, the iCloud hacking scandal grew to include an estimated 100 celebrities, including singers Rihanna, Ariana Grande, and actress Victoria Justice. Many have takeff0000n to Twitter to express their outrage or denounce the photos as fakes.
Hackers used a combination of brute-force guessing and phishing schemes to gain entry. They sent official-looking emails to account owners with instructions to log in and change their security credentials. Anyone who did give the hackers everything they needed to get in and copy files.
Connecticut man George Garafano has been sentenced to eight months in prison for his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet. Garafano was accused of hacking the iCloud accounts of more than 200 people over the course of 18 months, including multiple celebrities.
2. Google China Hit by Cyber Attack: 2009
When Google’s Chinese headquarters detected a security breach in mid-December 2009, it opened up a whole can of worms (pun intended) implicating the Chinese Government. Hackers had gained access to several of Google’s corporate servers and intellectual property was stolen.
Operation ‘Aurora’ was the name given to a series of cyber-attacks believed to have originated in Beijing, China, and are said to have links to the People’s Liberation Army (PLA). They began in mid-2009 and were first publicly disclosed by Google in a 2010 blog post. A statement read: ‘Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis’.
1. Cyber Attack on NASA: 1999
A 15-year-old with a PC hacked Nasa in 1999. Between August and October of 1999, Jonathan James used his skills as a hacker to intercept data from the Defense Threat Reduction Agency or DTRA (a division of the US department of defense). He had access to over 3,000 messages, usernames, and passwords of DTRA employees. Using the stolen information, James was able to steal a piece of NASA software which cost the space exploration agency $41,000 as systems were shut down for three weeks. According to NASA, ‘the software (purported to be worth $1.7 million) supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space’.
In a secret federal case, the child, identified online as ‘c0mrade’, pleaded guilty to juvenile delinquency. In a summary, the Justice Department in Washington stated that he was the first teenage hacker to be imprisoned for computer crimes. James was later caught but received a light sentence due to his young age. He committed suicide in 2008 after he was accused of conspiring with other hackers to steal credit card information. James denied the allegation in his suicide letter.
In Addition…
In short, the more we move towards digitalization and technology, the more vulnerable we become to cyber threats. From mischievous youths with the talent to waste to organized criminal syndicates out to make a fortune, over the past two decades hacking has caused enormous disruption and damage to business, government, and daily life the world over. Therefore, it is imperative for governments and businesses to invest in upping their cyber security and privacy in order to combat cyber attacks. And although the biggest attacks inevitably grab all the attention, really they are just the tip of the iceberg. Hacking and cybercrime are now everyday realities of our world, creating a billion-dollar black market industry.
Hope you enjoy this article on ‘Top 21 Biggest Hacking Attacks of All Time’. If you have any queries, please let me know in the comment box, and we will try to answer your question as soon as possible. THANK YOU & DON’T FORGET TO SHARE WITH YOUR FRIENDS Who Need This Informative Article.
Pingback: Deep Web vs Dark Web - What is the Difference? - Techworld18