Cyber crime never stops. The list of cyber attacks that have badly hit organizations worldwide is sadly long. Even during the hardest moments in this pandemic, the virus stopped the world, but not cyber crime.
Let’s take a look at 5 painfully famous cyber attacks.
Mirai botnet attack (2016).
A DDoS attack hit Dyn’s servers, a big provider of DNS infrastructure for the Internet, strongly. It took down the Internet in wide regions of the USA and Europe. Twitter, CNN, Reddit, Netflix, and more known websites went down.
Attackers used a peculiar weapon, the Mirai botnet. The botnet army for attacking was not made up of infected computers but Internet of things (IoT) devices. Dyn calculated around 100 thousand malicious endpoints involved in the attack.
WannaCry attack (2017).
This ransomware hit over 200 thousand victims, Microsoft Windows operating system users, in around 150 countries. Attackers used the malicious software “Wanna Cry” to take data hostage until a ransom was paid, combined with a worm to spread it across entire networks. “WannaCry” encrypts victims’ files to block their access. It also can block users out of their devices. Criminals demanded between $300 and $600 worth of bitcoins.
Microsoft Windows OS showed a vulnerability, and 2 months before the attack, a patch was available. The problem was the people don’t always update. That simple action could have protected users.
SolarWinds scandal (2020).
This cyber intrusion affected around 200 international organizations, including Microsoft, several agencies from the U.S. government, the U.K. government, NATO, the European Parliament, etc.
Attackers created a back door on a SolarWinds’ software application (Orion). As soon as customers installed the application, attackers could access their systems. This is considered one of the most dangerous cyber attacks due to the high-profile targets it affected and its duration. The scandal exploded in December 2020 after different data breaches were confirmed. But attackers had access and operated for more than 8 months!
Colonial Pipeline’s attack (2021).
Attackers hit the biggest fuel pipeline in the U.S. The company, which moves around 2.5 million of fuel barrels daily from the Gulf Coast to the Eastern Seaboard, had to shut down its systems. Shortages all across the coast, chaos at gas stations, higher prices were the result.
Attackers got access to the company’s networks through a valid VPN (virtual private network) account. The company employees use such accounts to get remote access. The account and its password seemed to be leaked into the Dark Web. The main hypothesis points that was the way, attackers got it. With a single compromised password, they took down a giant to demand ransom money in exchange.
Kaseya’s ransomware attack (2021).
The target was Kaseya, an IT solutions provider. Approximately 1,500 businesses (Kaseya’s clients) in the world were affected. Attackers demand $70 million to restore the affected data.
It was a supply chain ransomware attack implemented through a weakness (authentication bypass) in one of the company’s IT tools, VSA. It’s a management and remote monitoring tool to handle networks and endpoints.
This way, the attackers avoided authentication controls and got a valid session to upload malicious code. They also executed commands through SQL injection. The case is still on. We will see its final consequences soon.
Such panorama is enough to understand we can’t relax. We all, users and online business owners, have to strengthen our security defenses as much as possible. History proves that cyber criminals can target all kinds of victims, from enterprises, governments to regular users. To underestimate cyber criminals could be really painful for your business and pocket!