October is Cybersecurity Awareness Month — a time to engage in the cybersecurity conversation and discuss the ways in which we can all take a collaborative approach to protect ourselves against online threats.
About Cybersecurity Awareness Month
Cybersecurity Awareness Month was established in 2004, at a time when technology and the web were growing into the innovative constantly evolving environment we know today. Unfortunately, in the years since, some of the most catastrophic cyber attacks have taken place and left lasting effects on governments, industries, organizations, and people.
Let’s take a closer look at 5 of the biggest cyber attacks to ever happen and the impact they had in recent history.
1. PlayStation Network (2011)
In 2011, almost 77 million Sony accounts were breached on its PlayStation Network. Users’ names, addresses, and other personal information were stolen and their accounts were locked out of the PlayStation Network for a week while the company dealt with the situation.
It was later revealed over 12,000 encrypted credit card numbers from non-American users were compromised and an additional 27.4 million accounts were breached. Sony was named in multiple lawsuits in different countries and even fined £250,000 by the British Information Commissioner’s Office for failing to uphold the British Data Protection Act. Weeks after the breach, Sony revealed the ordeal had cost the tech giant $171 million.
2. Shamoon (2012)
Saudi Aramco is the world’s biggest oil and gas company, and in 2012, it was also the target of one of the biggest computer virus attacks in history. In just a matter of hours, a virus called Shamoon compromised 30,000 of the company’s Windows computers, bringing the oil giants to a complete standstill. The urgency to get Aramco’s systems up and running was so great that cybersecurity experts from around the world were flown in to help.
The attack on Aramco came as no surprise. In fact, a warning was made on an Anonymous board by Cutting Sword of Justice, the group responsible for the attack, just a few hours before the attack happened.
3. Yahoo (2014)
Prior to its purchase by Verizon Communications Inc., Yahoo was valued at $4.83 billion. When the purchase was finally completed in 2017, Yahoo’s value dropped by $350 million. The cause: a 2014 personal data breach that affected 500 million Yahoo accounts. The attack, led by a Latvian hacker named Aleksey Belan hired by Russian agents, targeted Yahoo employees in a phishing campaign and gained access to emails, passwords, phone numbers, names, and other personal information.
In the hours following the attack, Yahoo stock dipped 3% and lost $1.3 billion in market capitalization. While the attack happened in 2014, it was revealed by Yahoo in 2016. The two-year gap between the attack and the revelation caused the web services provider to be accused of negligence. In fact, Yahoo CEO Marissa Mayer kept the company from suggesting users change their passwords out of fear of losing customers, a decision that was later criticized. In the end, Yahoo was penalized $35 million by the Securities and Exchange Commission and instructed to pay $85 million in settlement charges. Legal expenses and attorney fees amounted to $46 million, while an additional $16 million was requested to be paid as a result of the attack.
4. NotPetya (2017)
In 2015, the Ukrainian power grid was hacked, resulting in power outages that left between 200,000 and 230,000 Ukrainians without power for up to 6 hours. The attack was ultimately attributed to Sandworm, a Russian cybermilitary unit. Just two years later, Sandworm was responsible for yet another cyber attack on Ukraine — this time a malware attack.
The malware was dubbed NotPetya due to comparisons to an earlier malware known as Petya. It utilized a Windows Server Message Block, which can share access to files, printers, and other resources to spread its effects at a faster rate. The malware infected computers and permanently damaged files at several Ukrainian organizations including Ukrainian Railways and the State Savings Bank of Ukraine. It even caused the Chernobyl Nuclear Power Plant’s radiation monitoring system to go offline. The damage produced by NotPetya was estimated at $1 billion and affected organizations around the world. However, experts claim NotPetya’s motivations were political in nature as opposed to financial.
5. RockYou2021 (2021)
In 2009, the RockYou data breach leaked the passwords of 32 million RockYou users. In 2021, an unnamed hacker leaked a 100GB text file dubbed RockYou2021, in reference to the 2009 leak. It contained the passwords of 8.4 billion people, making it the biggest password leak in history.
In the days and months following the leak, experts revealed the text file was actually a compilation that included passwords that have been leaked previously along with frequently used passwords. Despite this revelation, RockYou2021 retained its infamous title as the biggest password leak in history.
A Future in Cyber is Calling
These attacks, their consequences, and their continued threat serve as examples of why the need for greater cybersecurity measures is such a great priority. Perhaps this Cybersecurity Awareness Month should mark the occasion you choose to become an in-demand cybersecurity specialist.