A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

Indiscriminate attacks

edit

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

Destructive attacks

edit

These attacks relate to inflicting damage on specific organizations.

Cyberwarfare

edit

These are politically motivated destructive attacks aimed at sabotage and espionage.

Government espionage

edit

These attacks relate to stealing information from/about government organizations:

Corporate espionage

edit

These attacks relate to stealing data of corporations related to proprietary methods or emerging products/services.

Stolen e-mail addresses and login credentials

edit

These attacks relate to stealing login information for specific web resources.

  • RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
  • Vestige (online store) – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.[19]
  • 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
  • IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.[20]
  • Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts,[21] doing so again in January 2013[22] and in January 2014.[23]
  • Adobe – in 2013, hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.[24] It attacked 150 million customers.[24]
  • LivingSocial – in 2013, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.[25]
  • World Health Organization – in March 2020, hackers leaked information on login credentials from the staff members at WHO.[26] In response to cyberattacks, they stated that “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic.”[27]

Stolen credit card and financial data

edit

Blockchain and cryptocurrencies

edit
  • 2014 Mt. Gox exchange exploits
  • The DAO fork – in June 2016, users exploited a vulnerability in The DAO, a decentralized autonomous organization formed as a venture capital fund, to siphon a third of the fund's ether (about $50 million at the time of the hack).[45]
  • Poly Network exploit – in August 2021, anonymous hackers transferred over $610 million in cryptocurrencies to external wallets. Although it was one of the largest DeFi hacks ever, all assets were eventually returned over the following two weeks.[46]
  • Wormhole hack – in early February 2022, an unknown hacker exploited a vulnerability on the DeFi platform Wormhole, making off with $320 million in wrapped ether.[47][48]
  • Ronin Network hack – in March 2022, North Korean state-sponsored Lazarus Group used hacked private keys to withdraw $625 million in ether and USDC from the Ronin bridge,[49][50] an Ethereum sidechain built for the NFT-based video game Axie Infinity.
  • Nomad bridge hack – in early August 2022, hackers targeted a misconfigured smart contract in a "free-for-all" attack,[51] withdrawing nearly $200 million in cryptocurrencies from the Nomad cross-chain bridge.[52]
  • The Uncle Maker attack – an attack on Ethereum by the F2Pool mining pool, which lasted between 2020 and 2022, but was only discovered in 2022 by Aviv Yaish, Gilad Stern and Aviv Zohar.[53][54]
  • BNB Chain hack – in early October 2022, about $570 million in cryptocurrency was stolen from a bridge for the BNB Chain, a blockchain operated by the Binance exchange.[55] Because a majority of the tokens could not be transferred off-chain, the hacker ultimately made off with about $100 million.[56]
edit

Ransomware attacks

edit

Notable criminal ransomware hacker groups

edit

Hacktivism

edit

See also

edit

Further reading

edit

References

edit
  1. ^ Goodin, Dan (January 14, 2013). "Massive espionage malware targeting governments undetected for 5 years". Ars Technica. Retrieved November 8, 2014.
  2. ^ "WannaCry Ransomware: What We Know Monday". NPR.org. Retrieved 2017-05-15.
  3. ^ Perloth, Nicole (October 24, 2012). "Cyberattack On Saudi Firm Disquiets U.S." New York Times. pp. A1. Retrieved October 24, 2012.
  4. ^ Goodin, Dan (August 16, 2012). "Mystery malware wreaks havoc on energy sector computers". Ars Technica. Retrieved November 8, 2014.
  5. ^ "Iranian Oil Sites Go Offline Amid Cyberattack". The New York Times. April 23, 2012. Retrieved November 8, 2014.
  6. ^ Goodin, Dan (August 29, 2012). "The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?". Ars Technica. Retrieved November 8, 2014.
  7. ^ "Secret CIA assessment says Russia was trying to help Trump win White House". Washington Post. Retrieved 2019-04-01.
  8. ^ "Australians urged to be vigilant against continued cyber attacks from Iran's regime". ABC News. 24 January 2023. Retrieved 24 Jan 2023.
  9. ^ Goodin, Dan (May 21, 2013). "Chinese hackers who breached Google reportedly targeted classified data". Ars Technica. Retrieved November 8, 2014.
  10. ^ Goodin, Dan (August 9, 2012). "Nation-sponsored malware with Stuxnet ties has mystery warhead". Ars Technica. Retrieved November 8, 2014.
  11. ^ Sanders, Sam (June 4, 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR.
  12. ^ "Russian Hackers Suspected In Cyberattack On German Parliament". London South East. Alliance News. June 19, 2015.
  13. ^ a b "Hackers lurking, parliamentarians told". Deutsche Welle. Retrieved 21 September 2016.
  14. ^ "Hackerangriff auf deutsche Parteien". Süddeutsche Zeitung. 20 September 2016. Retrieved 21 September 2016.
  15. ^ Holland, Martin (20 September 2016). "Angeblich versuchter Hackerangriff auf Bundestag und Parteien". Heise. Retrieved 21 September 2016.
  16. ^ Hemicker, Lorenz; Alto, Palo. ""Wir haben Fingerabdrücke"". Faz.net. Frankfurter Allgemeine. Retrieved 21 September 2016.
  17. ^ "In First Massive Cyberattack, China Targets Israel". Haaretz.
  18. ^ "Hackers breach Indian government emails multiple times". Arjun Ramprasad. Previewtech.net. June 30, 2021.
  19. ^ Gawker rooted by anonymous hackers, December 13, 2010, Dan Goodin, The Register, retrieved at 2014-11-08
  20. ^ Goodin, Dan (September 25, 2012). "Trade group exposes 100,000 passwords for Google, Apple engineers". Ars Technica. Retrieved November 8, 2014.
  21. ^ Goodin, Dan (July 12, 2012). "Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated)". Ars Technica. Retrieved November 8, 2014.
  22. ^ Goodin, Dan (January 31, 2013). "How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated)". Ars Technica. Retrieved November 8, 2014.
  23. ^ Goodin, Dan (January 31, 2014). "Mass hack attack on Yahoo Mail accounts prompts password reset". Ars Technica. Retrieved November 8, 2014.
  24. ^ a b Howley, Daniel (July 1, 2016). "7 biggest hacks". Yahoo Tech. Retrieved 1 July 2016.
  25. ^ Goodin, Dan (April 27, 2013). "Why LivingSocial's 50-million password breach is graver than you may think". Ars Technica. Retrieved November 8, 2014.
  26. ^ "Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike". Reuters. 24 March 2020.
  27. ^ "WHO reports fivefold increase in cyber attacks, urges vigilance". World Health Organization. Retrieved 29 April 2020.
  28. ^ "Equifax data breach". Federal Trade Commission. 8 September 2017. Retrieved December 10, 2017.
  29. ^ Shukla, Saloni; Bhakta, Pratik (20 October 2016). "3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit". The Economic Times. Retrieved 20 October 2016.
  30. ^ Gallagher, Sean (September 18, 2014). "Credit card data theft hit at least three retailers, lasted 18 months". Ars Technica. Retrieved November 8, 2014.
  31. ^ "Banks: Card Breach at Goodwill Industries – Krebs on Security". 25 July 2014.
  32. ^ Lemos, Robert (September 19, 2014). "Home Depot estimates data on 56 million cards stolen by cybercriminals". Ars Technica. Retrieved November 30, 2014.
  33. ^ Goodin, Dan (December 4, 2013). "Credit card fraud comes of age with advances in point-of-sale botnets". Ars Technica. Retrieved November 8, 2014.
  34. ^ Farivar, Cyrus (December 19, 2013). "Secret Service investigating massive credit card breach at Target (Updated)". Ars Technica. Retrieved November 8, 2014.
  35. ^ Goodin, Dan (December 20, 2013). "Cards stolen in massive Target breach flood underground "card shops"". Ars Technica. Retrieved November 8, 2014.
  36. ^ Goodin, Dan (February 5, 2014). "Target hackers reportedly used credentials stolen from ventilation contractor". Ars Technica. Retrieved November 8, 2014.
  37. ^ Goodin, Dan (January 16, 2014). "Point-of-sale malware infecting Target found hiding in plain sight". Ars Technica. Retrieved November 8, 2014.
  38. ^ Goodin, Dan (April 1, 2012). "After the hack: FAQ for breach affecting up to 10 million credit cards". Ars Technica. Retrieved November 8, 2014.
  39. ^ Goodin, Dan (March 30, 2012). ""Major" credit-card breach hits Visa, MasterCard (Updated)". Ars Technica. Retrieved November 8, 2014.
  40. ^ Goodin, Dan (September 18, 2012). "Two men admit to $10 million hacking spree on Subway sandwich shops". Ars Technica. Retrieved November 8, 2014.
  41. ^ Bangeman, Eric (June 20, 2005). "CardSystems should not have retained stolen customer data". Ars Technica. Retrieved November 8, 2014.
  42. ^ "Lost Credit Data Improperly Kept, Company Admits". The New York Times. June 20, 2005. Retrieved November 8, 2014.
  43. ^ Bangeman, Eric (June 23, 2005). "Scope of CardSystems-caused credit card data theft broadens". Ars Technica. Retrieved November 8, 2014.
  44. ^ Jonathan M. Gitlin (July 22, 2005). "Visa bars CardSystems from handling any more transactions". Ars Technica. Retrieved November 8, 2014.
  45. ^ Popper, Nathaniel (2016-06-17). "A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency". The New York Times. ISSN 0362-4331. Retrieved 2022-07-17.
  46. ^ Browne, Ryan (2021-08-23). "Hacker behind $600 million crypto heist returns final slice of stolen funds". CNBC. Retrieved 2022-07-17.
  47. ^ Faife, Corin (2022-02-03). "Wormhole cryptocurrency platform hacked for $325 million after error on GitHub". The Verge. Retrieved 2022-07-17.
  48. ^ "Wormhole Hack: Lessons From The Wormhole Exploit". Chainalysis. 2022-02-03. Retrieved 2022-07-17.
  49. ^ Browne, Ryan (2022-04-15). "U.S. officials link North Korean hackers to $615 million cryptocurrency heist". CNBC. Retrieved 2022-07-17.
  50. ^ "North Korea's Lazarus Group moves funds through Tornado Cash | TRM Insights". www.trmlabs.com. Retrieved 2022-07-17.
  51. ^ Twitter https://twitter.com/samczsun/status/1554252024723546112. Retrieved 2022-08-02. {{cite web}}: Missing or empty |title= (help)
  52. ^ Faife, Corin (2022-08-02). "Nomad crypto bridge loses $200 million in "chaotic" hack". The Verge. Retrieved 2022-08-02.
  53. ^ "NVD - CVE-2022-37450". nvd.nist.gov. Retrieved 2022-08-19.
  54. ^ admin_afhu (2022-08-10). "Hebrew University Researchers Uncover Proof of Ethereum Pool Miners Manipulation". American Friends of the Hebrew University. Retrieved 2022-08-19.
  55. ^ Howcroft, Elizabeth (2022-10-07). "Binance-linked blockchain hit by $570 million crypto hack". Reuters. Retrieved 2022-10-17.
  56. ^ Movement, Q. ai-Powering a Personal Wealth. "What Happened With The $570 Million Binance (BNB) Hack? And What Does It Really Mean For Crypto Investors?". Forbes. Retrieved 2022-10-17.
  57. ^ Dance, Scott (20 May 2015). "Cyberattack affects 1.1 million CareFirst customers". Baltim. Sun.
  58. ^ "Red Cross appeals to hackers after major cyberattack". TheJournal.ie. 2022-01-20. Retrieved 2022-01-22.