Major cyber attacks across the world

While we might be quick to blame ineffective security appliances and applications as the reason for today’s high-profile cyber attacks, the reality is that human error is cited as the leading cause of security incidents. If we want to defend organizations against growing cyber threats, it’s not just about spending more money on security solutions — our employees need to be trained on the implications of their mistakes and how to defend themselves from their own worst impulses. Companies that profit from personal information have an extra responsibility to protect and secure that data.

Yahoo!! data breaches(2014) : it only took one person to click on a link, and boom it happened.

The hack was carried out using the standard techniques using the spam emails with an attachment that leads to an intrusion, called spear phishing.
Spear phishing is different than a regular phishing attack because it’s more accurate to it’s special target like technician, a CEO of the company or just anyone who works inside the company(yahoo) and here nobody knows what the message was or who delivered it or who opened it but it was enough to let the hackers to get inside. Once they were inside they began to search around to see what valuable assets there were.
Once Aleksey Belan, a Latvian hacker hired by the Russian agents, started poking around the network, he looked for two prizes: Yahoo’s user database and the Account Management Tool, which is used to edit the database.

Well the first thing the hackers did was they created a backdoor account so they can slip back in, create new user and download things at a later date. Once they have backdoor account created they’re ready to go to create other havoc so when got inside they get some valuable information such as Name, Phone numbers, Password challenge questions and answers, Password recovery emails, Nonce values( Number used Once- its like salting number used for the passwords where it’s a randomly generated number and in this case only used in one occasions. So hackers were able to recreate cookies of login sessions, so they can use a username and never have to enter the password to get the session.)
The hackers have targeted 6500 accounts for which they generated cookies and mated session values out of which most of them are notable accounts of Russian govt people and business people’s account. However news reported that 26 accounts were hacked of high profiles in 2014, after the investigations it was reported that 500 million accounts were hacked in 2016 and by the time of December 2016 it is estimated that around 3 billion accounts were hacked.
In April 2018, the U.S. Securities and Exchange Commission (SEC) fined the company $35 million for failing to disclose the breach. In September, Yahoo’s new owner Altaba admitted that it had settled a class action lawsuit resulting from the breach to the tune of $50 million.
A total bill of $85 million for 3 billion accounts works out to around $36 per record. [:(

Equifax data breach(2017)

In July 2019 the credit agency agreed to pay $575 million — potentially rising to $700 million — in a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories over the company’s “failure to take reasonable steps to secure its network”. Equifax had already been fined £500,000 [~$625,000] in the UK for the 2017 breach, which was the maximum fine allowed under the pre-GDPR Data Protection Act 1998.

Wiper: World’s Most Destructive Malware(since 2012)

A wiper is a malware with the sole intention of destroying systems and/or data, usually causing great financial and/or reputation damage. The motivation behind these attacks may be political, aimed at generating publicity, or it can also be pure and simple artifact destruction with the intention of preventing a forensic investigation.
Usually a wiper has three attack vectors: files (data), boot section of the operating system and backups of system and data. The backup destruction is commonly done by deleting the volume shadow copies and the backups. This can be done easily by the execution of some legitimate operating system command-line tools. The boot section can be done in two ways, depending on the purpose. It can simply erase the first 10 sectors of the physical disks (master boot record location), or the malware can rewrite these first 10 sectors with a new boot loader that will perform additional damage. Either way, the original operating system becomes unbootable.

SHAMOON 1(refineries in KSA) August 2012
This attack was clearly politically motivated. The attack destroyed more than 35,000 computers within the oil and gas industry based in the Gulf of Arabia. In order to perform its intended task, the wiper used a legitimate driver1 to gain access to the filesystem structures while bypassing the Windows API. This wiper does not encrypt all files, but it generates a list of files to encrypt. Finally, the malware will overwrite the MBR, preventing system boot.

Wanna cry ransomware(2017): A real epidemic

The WannaCry ransomware attack hit around 230,000 computers globally. WannaCry is an example of crypto ransomware, a type of malicious software (malware) used by cybercriminals to extort money. Ransomware does this by either encrypting valuable files, so you are unable to read them, or by locking you out of your computer, so you are not able to use it. WannaCry targets computers using Microsoft Windows as an operating system. It encrypts data and demands payment of a ransom in the cryptocurrency Bitcoin for its return.

The cybercriminals responsible for the attack took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States National Security Agency.
Known as EternalBlue, this hack was made public by a group of hackers called the Shadow Brokers before the WannaCry attack.
Microsoft released a security patch which protected user’s systems against this exploit almost two months before the WannaCry ransomware attack began. Unfortunately, many individuals and organizations do not regularly update their operating systems and so were left exposed to the attack.
Those that had not run a Microsoft Windows update before the attack did not benefit from the patch and the vulnerability exploited by EternalBlue left them open to attack.
When it first happened, people assumed that the WannaCry ransomware attack had initially spread through a phishing campaign (a phishing campaign is where spam emails with infected links or attachments lure users to download malware). However, EternalBlue was the exploit that allowed WannaCry to propagate and spread, with DoublePulsar being the backdoor installed on the compromised computers (used to execute WannaCry).
The WannaCry ransomware attack had a substantial financial impact worldwide. It is estimated this cybercrime caused $4 billion in losses across the globe.