Operation Aurora – Google hack
An attack that hacked Google’s backend infrastructure. Operation Aurora was a campaign organized by the Chinese government’s military hackers. It affected not only Google, but also large companies like Adobe, Rackspace, Juniper, Yahoo, Symantec, Northrop Grumman, Morgan Stanley, and others. After the public discussion, Google shut down its operations in China.
77 million personal records associated with PlayStation Network were stolen. The consequent credit card fraud resulted in lots of lawsuits filed by users. The PSN attack started a trend of companies adding clauses to their Terms of Service that force users to give up on their right to file lawsuits following security breaches. On the flip side, the companies also started to invest in their security more.
The Iranian government breached DigiNotar to use its infrastructure to issue SSL certificates to mimic popular websites. HTTPS certificates were used to intercept traffic and to spy on Iranian citizens. The attack was not the deadliest but made tech giants improve their policies on issuing SSL/TLS certificates.
Designed as a cyber weapon of Iranian hackers, Shamoon was used to wipe Windows workstations clean and destroyed 35,000 workstations of Saudi Aramco, the Kingdom of Saudi Arabia national oil company. Versions of malware got lots of upgrades and were used in a wide range of attacks later (not only against the oil and gas industry). The malware targeted 32-bit kernel versions of Microsoft Windows.
The malware is linked to the Equation group. For its time, it was the most advanced and sophisticated malware strain ever created. Later, Flame was claimed to be a part of the same set tools as Stuxnet and was primarily deployed against Iran. The malware hasn't been spotted ever since its discovery but is still considered as a huge milestone in the escalation of cyber-espionage operations all over the world.
The Snowden leaks are probably the most important cybersecurity event of the decade. They exposed the US global surveillance network. This data led countries around the globe to create their own surveillance and increased cyberespionage on the whole. In a nutshell, many countries came to concepts of national internet and internet sovereignty in the effort to spy on their citizens and to intensify censorship.
It was not the first hack of POS terminals in the world, but the first one to target a retail giant. Target confirmed that their equipment was hacked and infected, resulting in roughly 40 million users' payment card details leak.
Adobe officials confirmed 153 million users' personal data to be stolen. The data was dumped online, and hackers cracked and reversed passwords back to plaintext versions. As a result, the technology of hashing passwords and passwords policies were forced to improve.
Sony Pictures massive hack
100 terabytes of data were stolen, including personal data of employees, non-released films, internal and external emails. The wiper malware also deleted files and configurations, so Sony would have to rebuild large portions of its IT infrastructure. The attack was performed by the Guardian of Peace group and was supposed to be linked to the North Korean government. The attack on Sony was also considered as an answer to the release of a comedy about the assassination of Kim Jong-un. North Korea was blamed, but world experts are still in doubt.
A vulnerability in OpenSSL. The bug allowed attackers to retrieve cryptographic keys from public servers – the keys they could use to decrypt traffic or authenticate on vulnerable systems. Before public disclosure of the Heartbleed, it was believed that half a million internet servers were vulnerable. As soon as server operators failed to patch OpenSSL instances, a huge amount of hacks were made after public disclosure.
Carbanak and banks hacking
Carbanak (aka Anunak or FIN7) is a highly-skilled hacker group that was capable of stealing money directly from the source - the banks, not the consumers, retailers, or companies. $1 billion was stolen from the banks, either via SWIFT bank transactions or coordinated ATM cashouts. This figure is not matched by any hackers group yet.
The US government-backed National Vulnerability Database rated Shellshock 10/10 for severity. Actually, it was a family of security bugs in the Unix Bash shell, which could help execute arbitrary commands and gain unauthorized access to many Internet-facing services. Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning.
Office of Personnel Management (US)
This breach was actually a series of breaches and infections orchestrated by China. OPM is the human resources and administrative department for US government employees. The hackers had been able to steal tens of millions of detailed records about every aspect of federal employees’ lives, including 21.5 million Social Security numbers and 5.6 million fingerprint records.
Since 2015, SIM swapping attacks have become popular. Hackers called a mobile telco and tricked the mobile operators into transferring a victim's phone number to a SIM card controlled by the attacker. This type of became hacker’s favorite as soon as hackers realized, that it could be used to gain access to cryptocurrency and bank accounts, thus making it possible to steal large sums of money.
Yahoo data breaches
There were two Yahoo data breaches. In July 2016, a hacker began selling Yahoo user data on the dark web, which led the company to investigate. It was discovered that there was a breach that occurred in 2014 and impacted 500 million users. As a result of further investigation, 2013 data breach that impacted three billion users (the entire Yahoo database) was discovered – the largest data breach recorded.
The Shadow Brokers is a group of hackers who leaked hacking tools developed by the US National Security Agency (NSA), which had an immediate impact. One of the tools was EternalBlue – an exploit for the Microsoft SMB protocol and the main engine behind the WannaCry ransomware. Who the Shadow Brokers are is still a mystery.
Mirai is a Linux malware designed to work on IoT devices and ultimately form a botnet out of them exploiting known vulnerabilities. It became one of the most well-known malware strains in the world after being used to launch some of the biggest DDoS attacks (GitHub, Twitter, Reddit, Netflix, Airbnb, and many others). Mirai's source code was released online and created one of the largest malware families, with its code being at the base of most IoT/DDoS botnets.
This ransomware is based on EthernalBlue exploit leaked from the NSA. It is believed that this ransomware was a malware still in development by North Korean hackers when it started to spread. There were major flaws in its design, which helped to stop the infection. The ransomware generated only about 52 bitcoins for its creators.
NotPetya was a so-called supply chain attack. Hackers seeded the malware out into the world by compromising the system updates of accounting software. When regular users ran software updates, they inadvertently downloaded NotPetya as well. It did lots of collateral damage and also underscored the genuine threat of supply chain attacks, especially in software.
Equifax hack of 2017 resulted in the personal details of more than 145.5 million Americans, British, and Canadian citizens being stolen from the company's systems. The company tried to handle the situation but only made everything worse. The informational site the company set up for victims was itself vulnerable to attack; the breach-response page was a stand-alone site. All those decisions led to social engineering attacks.
Meltdown, Spectre, and the CPU side-channel attacks
Meltdown and Spectre vulnerabilities exposed an issue baked into the hardware of most CPUs that could allow hackers to steal data that was currently being processed inside CPUs. These bugs are not easy to exploit, and there was no evidence of real attacks. But Meltdown and Spectre exposed the fact that CPU manufacturers should be more concerned about cybersecurity threats and issues instead of concentrating only on the speed and performance of their products.
Facebook scandal and Cambridge Analytica
The Cambridge Analytica data scandal happened in early 2018 due to the Facebook data hoarding practices. The scandal exposed how data analytics companies abused Facebook's easy-to-grab user data to create profiles that they would sell to political parties to sway public opinion and manipulate elections. Cambridge Analytica collected personally identifiable information from approximately 87 million people.
The breach was disclosed in 2018 and impacted more than 500 million guests – the number that was officially brought down to 383 million later, after the investigation. After the official report, it was revealed that the breach could have been easily prevented if the right security policies and measures had been implemented.
Capital One disclosed that it had suffered a data breach impacting 100 million people in the United States, and 6 million in Canada. The investigation revealed that the suspect behind the hack was a former Amazon Web Services employee, who stands accused of illegally accessing Capital One's AWS servers to retrieve the data.
Ransomware operators are increasingly adding another element of extortion to their attacks by exfiltrating data before encrypting systems. Also, stealing users’ data and threatening to publicly release it unless the ransom is paid. The focus changed from users to big companies and corporate networks. It is known to be a "Big game hunting" ransomware.