In 2017, the world experienced some of the largest and most dangerous cyber attacks in recent history.

The numbers are staggering: 

  • 143,000 million: the number of consumers affected by Equifax breach.
  • 3 billion: the number of people whose Yahoo email accounts were reportedly compromised. While the Yahoo! breaches occurred in 2013 and 2014, Yahoo! only disclosed the 3 billion number in October of 2017.

In addition to the shocking revelations from Yahoo and Equifax, 2017 will be noted for such world-wide ransomware cyberattacks as WannaCry and Petya.

Many might wonder, how does an organization fend off or protect against cyber attacks?

Network World cautioned, “The prevalence of these attacks…should serve as a warning that businesses in any field should have reliable, secure backups that can recover machines that have been encrypted by ransomware. And they should have systems that detect these infections early so they can be isolated to minimize the damage they do.”

Take note, many of the worst cyber attacks in history were due to the following:

  • Email phishing scams that allowed cybercriminals to get access to passwords and login credentials to large company networks. (Target)
  • Companies not paying attention to security patch warnings. (Equifax)
  • Organizations not updating their security measures until it was too late. (Myspace)
  • Employees leaking information to cybercriminals. (AOL)
  • Companies waiting years to disclose mass security breaches to users. (Yahoo/Uber)

Looking at the history of cyber attacks, we can learn how to protect our organizations. Below we have tracked some of the largest and worst cyberattacks in history.

1988 – The First Computer Worm causes one of the First Denial of Service Attacks

A student from Cornell transmitted the first computer worm through the internet.  The student claimed he created the worm not to induce harm but rather “to determine the vastness of cyberspace,” according to reports.  The problem was the worm encountered a “critical” error and this resulted in approximately 6,000 computers being affected by a “denial of service” type of attack.

While Experts pontificate that this event “could be pinned as being an unfortunate accident, it no doubt played a part in inspiring the calamitous distributed denial-of-service (DDoS) type of attacks we see today.”

1999 – 15-Year Old Penetrates NASA and US Defense Department

Taking a page from Hollywood (remember War Games?), 15-year old Jonathan James hacked the computers of both NASA and the US Department of Defense (DOD).

First, James penetrated the DOD and installed a “back door” on its servers which allowed him to “intercept thousands of internal emails from different government organizations, including ones containing usernames and passwords for various military computers.”  In addition, James stole NASA software, costing the space agency $41,000 as the agency had to shut its doors for three weeks while fixes were being made.

2000 – DDoS Attack on Amazon, CNN, eBay and Yahoo!

Michael Calce (known as the notorious MafiaBoy) was only 15 when he decided to distribute a DDoS attack on the big commercial websites of the day including Amazon, CNN, eBay and others.  Industry experts estimated these attacks caused $1.2 billion in damage and MafiaBoy was apprehended.

2005 – Former AOL Employee Steals 92 Million Email Addresses

An America Online software engineer served time in prison for stealing 92 million screen names and email addresses and selling them to spammers.  Spammers then went on to send over seven billion unsolicited emails, according to NBC News.

2009 – One of the Largest Fraud Cases in History: t Gonzales

A hacker from Miami called t Gonzales was accused of stealing tens of millions of credit and debit card numbers from over 250 financial institutions.  He had hacked the payment card networks of several top companies including 7-Eleven.

2013 – Spamhaus Becomes Victim to CyberBunker

In 2013, the Anti-spam organization, Spamhaus, became a victim of one of the largest Denial of Service (DDoS) operations in history from CyberBunker, a Dutch company that allegedly was in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, ComputerWorld reported.

According to reports, in March 18, 2013, Spamhaus added CyberBunker to its blacklisted sites and CyberBunker retaliated by hiring hackers to put up botnets to shut down Spamhaus’ system.  CyberBunker managed to orchestrate a flood of 300 billion bits of data per second, which affected Netflix streaming and caused outages in other commercial websites as well.

2013 and 2014 – Home Depot and Target Payment Systems are Breached – 100+ Million Credit Card Accounts Affected

More than 53 million consumers were affected by a breach in Home Depot’s payment system in 2014, according to reports. The year before Target claimed that approximately 70 million credit card accounts were compromised, according to Forbes.   Names, credit card numbers and other personal information landed in the hands of cybercriminals. ZDNet reported that in the case of Target, the “…attackers backed their way into Target’s corporate network by compromising a third-party vendor…A phishing email duped at least one Fazio employee, allowing Citadel, a variant of the Zeus banking trojan, to be installed on Fazio computers.”

2016 – More than 360 Million Myspace Accounts Hacked

More than 360 million Myspace accounts were compromised in 2016 – including user names and passwords, according to reports.   Myspace informed the public that the breached accounts were for users who had opened profiles prior to 2013.  In 2013, Myspace had reportedly upgraded its security so that breaches could be avoided.

 2017 – Equifax Breach Affects 143 Million Consumers: Did Company Officials Ignore Warnings?

In September of 2017, Equifax officials alert the public that 143 million consumers could have had their private information compromised.  The fact is, Equifax officials learned about the breach in July of 2017, but waited nearly three months before alerting the public.

According to reports… “U.S. Department of Homeland Security alerted the company on March 8 that a software it used called Apache Struts had a flaw that made it vulnerable to hackers. That’s a full two months before the company was reportedly hacked and four before the company noticed the suspicious activity. Executives did not fully … tell the public until early September.”

 2016/2017 – Yahoo Announces 3 billion Email Accounts Hacked – the Largest Cyber Breach in Internet History

In late 2016, Yahoo! announced two major data breaches that affected email user accounts:  In September of 2016, Yahoo! reported a data breach had occurred in 2014, affecting over 500 million users. Later that year, in December of 2016, Yahoo! disclosed that another security compromise of its email accounts had occurred in 2013.  Finally, Yahoo affirmed in October 2017 that over 3 billion of its user accounts could have been affected by the security breaches.

“Yahoo is an object lesson for businesses …that might someday have to explain a breach – get out in front of the problem and be open with facts about how it happened and what’s being done to fix it,” advises Network World.

Organizations must ensure their data is properly protected. Ransomware and other cyber threats are happening with rapidly increasing frequency all over the globe. While the headlines are about very large enterprises, the small/medium business is 15 times more likely to be targeted. For more information on protecting your network, contact DiamondIT at 877-716-8324.