1. LinkedIn (2012)
In 2012, LinkedIn experienced a significant breach where it disclosed that attackers had stolen approximately 6.5 million unassociated passwords, which were unsalted SHA-1 hashes. These stolen passwords were then posted on a Russian hacker forum. However, it wasn’t until 2016 that the true extent of the breach came to light. During this time, the same hacker who had sold MySpace’s data was discovered to be offering the email addresses and passwords of around 165 million LinkedIn users for a mere 5 bitcoins, equivalent to approximately $2,000 at that time. LinkedIn promptly acknowledged the breach and took action by resetting the passwords of the affected accounts to mitigate further damage.
2. Yahoo (2013 & 2014)
In 2013 and 2014, Yahoo experienced two massive data breaches, resulting in the largest breach in internet history. Although the crimes were not made public until 2016, their impact was significant. The breach was created by four individuals and implemented by Russian agents using a hack-for-hire strategy. While only one of the four individuals faced charges, Mr. Baratov, received substantial fines and a 5-year prison sentence. The breach had far-reaching consequences, particularly in terms of cyber espionage. Security researchers say this has exposed senior officials in the US military to attacks and raised concerns that sensitive information could be compromised.
3. GitHub (2018 and 2015)
The largest known DDoS attack in history targeted an administration/web hosting platform, causing unprecedented access. This attack reached a staggering rate of 1.3TBps, the highest ever recorded, with packets being sent at a rate of 126.9M per second. Instead of using a traditional botnet, the attackers used memory caching methods that use the database caching system to speed up the website. By spoofing GitHub’s IP address, they amplified the requests directed at the platform. Although the attack lasted only 10 minutes, it caused a 5-minute period of unavailability. Fortunately, GitHub had DDoS protection measures in place, enabling them to halt the attack within the given timeframe. However, it took nearly a week for the platform to fully recover However, it took about a week for the platform to fully recover. In addition, GitHub suffered a DDoS attack in 2015 when visitors to China’s Baidu online search platform failed to recognize their browsers with JavaScript code, creating a botnet that helped fuel the attack on GitHub.
4. Facebook Date: April 2019
The exposure of two datasets from Facebook apps in April 2019 had a huge impact, affecting over 533 million users. These files contain sensitive information such as phone numbers, account names, and Facebook IDs. However, it wasn’t until April 2021 that the data was made available for free, indicating a shift in criminal intent. The seriousness of the situation came to light when security researcher Troy Hunt integrated functionality into the HaveIBeenPwned (HIBP) platform that allows users to check whether numbers are part of information disclosure. Hunt noted that while there were over 500 million phone numbers, there were only a few million email addresses, resulting in a high percentage of users receiving false negatives when checking for their inclusion in the breach. This unexpected turn of events prompted Hunt to reconsider his stance on making phone numbers searchable, given the significant impact of the Facebook data breach.
5. SolarWinds Supply Chain Attack (2020)
In 2020, SolarWinds, a widely used network-monitoring software, fell victim to a devastating supply chain attack. The attack greatly impacted nuclear testing facilities, intelligence agencies, Fortune 500 companies, and even the Pentagon. Russian hackers successfully compromised SolarWinds’ production environment and injected malicious code into their Orion network monitoring product. The attackers then distributed a tainted software update, which was unknowingly installed by over 18,000 customers. This update introduced Trojan horses into client systems and created a backdoor known as SUNBURST. This supply chain attack shattered the chain of trust, causing widespread damage to numerous individuals and companies within the software supply chain. The attackers employed various tactics, including password guessing, spear-phishing, and exploiting a zero-day vulnerability in the Orion software, to gain access to SolarWinds’ systems.
6. Microsoft Exchange Server Vulnerability (2021)
In early 2021, a highly sophisticated hacking campaign targeted Microsoft Exchange, a widely used email and collaboration system utilized by numerous organizations. This attack was attributed to a state-sponsored group believed to be based in China. Microsoft announced that attackers went an entire four days without a vulnerability in certain organizations running Exchange Server products. One of the vulnerabilities, called CVE-2021-26855, causes server-side request tolerance (SSRF), allowing arbitrary execution. The impact of this attack was significant, with reports indicating that tens of thousands of organizations worldwide were affected. Although Microsoft released emergency patches to address these issues, many organizations were slow to apply the patches, leaving their systems open to exploitation. This highly coordinated and targeted attack is believed to be designed to steal sensitive information for surveillance purposes.
7. Colonial Pipeline Ransomware Attack (2021)
In a significant incident, Colonial Pipeline, a major fuel pipeline operator in the United States, fell victim to a ransomware attack that had severe consequences for fuel supplies across the East Coast. The attack resulted in disruptions to the pipeline’s operations, leading to fuel shortages and panic among consumers. Colonial Pipeline made the controversial decision to pay a $4.4 million ransom to attackers to gain control of the system and continue operations. The incident highlights the growing threat of ransomware attacks and the significant impact they can have on critical systems and critical services.
Conclusion
The incidents described above serve as powerful reminders of the ever-present and evolving threats in the cybersecurity landscape. From massive data breaches to supply chain attacks and ransomware incidents, these events highlight the urgent need for robust cybersecurity measures and proactive defense strategies. They underscore the importance of protecting personal information, securing critical infrastructure, and fostering a culture of cyber resilience. It is important for individuals, organizations, and governments to collaborate, invest in cybersecurity, and remain vigilant to reduce the impact of cyber threats and protect our digital ecosystem.
