Historic Cyber Breaches & Incidents: Timeline
Tales and information reviews about cyberattacks and cyber incidents usually sound extra action-packed than fiction. Nevertheless it’s true: Malicious actors and cyber criminals have gotten more and more modern and complicated of their assaults. With every knowledge breach or malware assault, there’s a chance to discover ways to stop the subsequent one.
Understanding the vulnerabilities and errors that led to earlier cyber incidents is an enormous a part of being an knowledgeable cybersecurity professional. Learning the previous can assist you acknowledge comparable weaknesses in present methods and stop them from being exploited once more. Every thing from the strategies and strategies that attackers use to the effectiveness of incident response plans can affect the way you anticipate, stop, and reply to threats.
Be taught one thing new free of charge
We not too long ago added over 30 video-based cybersecurity programs to our catalog. These free programs can assist you develop foundational experience to pursue well-liked cybersecurity certifications. No matter your discipline, our new cybersecurity curriculum teaches you methods to shield your self (and your group) on-line — a useful talent for technologists at this time. Learn on to find out about some main cyber incidents, knowledge breaches, and cyberattacks all through web historical past.
A timeline of notable cyber incidents
2003
The SQL Slammer
Within the early aughts, a safety researcher named David Litchfield found a buffer overflow vulnerability in Microsoft SQL Server 2000. He created an exploit to show its potential impression, reported the flaw to Microsoft (who issued a patch), and mentioned the vulnerability on the Black Hat Safety Briefings. He warned that the exploit code had the potential for use in a worm, which is strictly what occurred six months later in 2003.
The SQL slammer worm unfold quickly to round 75,000 Microsoft SQL Server hosts worldwide. This 376-byte UDP (consumer datagram protocol) worm brought about a worldwide DDoS (distributed denial of service) assault and widespread community disruptions — the worm halted bank card methods and ATMs and shut down emergency companies in some areas.
The SQL slammer worm was impressively quick. It doubled in measurement each 8.5 seconds and contaminated greater than 90% of susceptible hosts inside 10 minutes. The incident led to a major shift in how Microsoft and the safety group approached software program safety and vulnerability disclosures.
2010
Stuxnet worm
The primary recognized cyberweapon, referred to as the Stuxnet worm, was found in June 2010. Stuxnet contaminated software program at 14 industrial websites in Iran, together with a uranium-enrichment plant. In contrast to a virus that should be downloaded to be activated, Stuxnet unfold autonomously over networks. It focused Microsoft Home windows machines, Siemens Step7 software program, and programmable logic controllers. This enabled the worm’s authors to spy on and sabotage industrial methods, inflicting centrifuges to malfunction with out operators noticing.
2014
Sony Photos hack
You may bear in mind the Sony Photos cyberattack of 2014, as a result of it bought a whole lot of media consideration. Attackers hacked 1000’s of firm computer systems and tons of of servers utilizing malware, stole terabytes of personal knowledge and mental property, and launched it on-line. The FBI decided that the North Korean authorities was answerable for the assault, and menace actors used a multi-pronged kind of server message block worm to contaminate the networks.
2017
Equifax knowledge breach
In July 2017, System Directors on the client credit score reporting company Equifax found that attackers had accessed their on-line dispute portal and harvested private data of at the very least 145.5 million people. The breach was on account of points in identification, detection, database segmentation, and knowledge governance. Whereas Equifax took steps to enhance safety and notify affected people, U.S. federal companies assessed Equifax’s safety controls. In 2019, Equifax agreed to a worldwide settlement with the Federal Commerce Fee and the Shopper Monetary Safety Bureau that included as much as $425 million to compensate individuals affected by the info breach.
2017
WannaCry ransomware
The WannaCry ransomware assault on Could 12, 2017, affected over 200,000 computer systems in additional than 150 nations, hitting main organizations like FedEx, Honda, Nissan, and the UK’s NHS. A 22-year-old safety researcher discovered a “kill swap” to quickly cease the malware, however many computer systems remained encrypted till victims both paid the ransom or managed to decrypt their knowledge. The ransomware unfold utilizing a vulnerability referred to as “EternalBlue,” which the NSA had developed however was leaked by a gaggle referred to as the Shadow Brokers. The exploit focused older, unpatched variations of Microsoft Home windows, permitting WannaCry to unfold quickly over the course of 24 hours.
2019
SolarWinds hack
In September 2019, Russian hackers breached SolarWinds, a community administration software program firm, by sneaking malicious code into their Orion software program updates. This supply-chain assault affected round 18,000 clients (together with U.S. federal companies) giving hackers distant entry for espionage.
The breach was found in November 2020 by the cybersecurity firm FireEye, which then labored with Microsoft to cease the malicious exercise. In response, U.S. authorities companies took motion to safe methods and coordinate a complete response to the assault.
2019
Fb knowledge breach
Probably the most widespread Fb knowledge breaches occurred in 2019, when malicious actors scraped public profiles and uncovered knowledge from over 530 million Fb customers in an unsecured database on an internet discussion board. Malicious actors used automated software program to add giant units of telephone numbers and match them to Fb profiles to extract data. Fb has since up to date its contact importer function to forestall scraping.
Be taught extra about cybersecurity
That is in no way an exhaustive record of cybersecurity occasions. In case you’re feeling energized to be taught extra concerning the varieties of cybersecurity threats on the market (and methods to stop them), try our up to date cybersecurity curriculum. Get began with Safety Ideas for DevSecOps, CompTIA Safety+: Elementary Safety Ideas, and Enterprise Safety: Synthetic Intelligence, Generative AI, & Cybersecurity.
Discover the remainder of our catalog with greater than 30 new video-based cybersecurity programs. These free programs are tailor-made that will help you acquire the foundational experience required for well-liked cybersecurity certifications and empower you with the data to guard your self on-line.