It’s the season of ghouls, ghosts, and outrageous costumes. But for cybersecurity professionals, Halloween is more likely to be a notification warning them of data breaches than the spooky, ghostly visitations.
In the COVID-19 era, spookiness-as-a-service providers who rent out costumes or sell party products were likely to have a difficult time as lockdowns and home-working play havoc with businesses focused on in-person interaction.
As we move away from the restrictions and obstacles of the pandemic, it is helpful to remember the stories that frightened us. As we come to the end of Cyber Security Awareness Month, we would like to remind you once again what we have accumulated in our cache.
In this compilation, specially prepared for Halloween, we compiled stories and information that keep cyber security experts and managers jumping from their sleep. If your tricks and jokes are ready, let’s get started!
Here are the five scariest cybersecurity incidents in history:
1- Mafiaboy: The Kid Who Took Down The Internet
Let’s start 20 years ago. In 2000, Michael Calce, under the name MafiaBoy caused 1 billion dollars in damages by unleashing a DDoS attack on several high profile commercial websites, including Amazon, CNN, eBay, and Yahoo! At the time, Yahoo! was a multibillion-dollar web company and the top search engine. Mafiaboy’s Rivolta managed to shut down Yahoo! for almost an hour.
Today, Calce is a white hat hacker. Companies hire him to help identify security flaws in their systems and design better security features. He says the internet is a far scarier place today than it was back in 2000. For one, there is more and more at stake as we rely ever more on online systems for our daily lives.
2- The “Melissa Virus”
The Melissa virus in 1999 targeted Microsoft Word. It was an email attachment that would once open, forward the Virus onto the first 50 users on Microsoft Outlook by Office’s native share function. This Virus shut down multiple email servers due to the widespread attack. It cost $80 million in damages due to the Virus acting like a DDoS attack on email clients. Many people in the IT industry said that the situation could have been much worse, as what the Virus did was email itself. The Virus has multiple “Simpson’s jokes” hidden inside it.
3- WannaCry Ransomware Attack
We were talking about ransomware attacks all the time. WannaCry was a ransomware attack in 2017 that had widespread success, hacking into organizations from the NHS to Telefonica and FedEx. It uses the EternalBlue exploit the US National Security Agency reportedly found to do its damage. It asked the user to pay the fee of $300 in BitCoin to unlock the files.
The ransom note indicated that the payment amount would be doubled after three days. If payment was not made after seven days, it claimed the encrypted files would be deleted. It was estimated that WannaCry has caused $4 billion in damages and earned up to $49,000 through BitCoin so far.
4- Albert Gonzalez: Who Stole 130 Million Credit-Card Numbers
Before the internet, computers were being used for coding and creating different software. It was the case for a Canadian pipeline company in 1982. The CIA suspected the KGB might steal the software, so they planted a logic bomb in the code. A few months later, the Soviet pipeline exploded, producing the most monumental non-nuclear explosion and fire ever seen from space.
It is an instance of a Trojan horse before the widespread use of this virus method occurred in the Personal Computing industry. Due to this attack, they only trust IBM, an American manufacturer of computer chips, to develop them.
Albert Gonzalez was sentenced to 20 years in prison after hacking TJX, the parent company of TJ Maxx (TK Maxx in the UK). He obtained 130 million records of personal information, including credit card information.
He utilized backdoors on several systems to obtain the information. Once arrested, the police seized multiple items he paid for with the information, such as $1.6 million ($1.1 million of which was in plastic bags buried in a three-foot drum under his parents’ backyard.), multiple tops of the range laptops, and a compact Glock pistol.
5- Worst Computer Virus Ever
In 2004, Sven Jaschan developed and released two damaging worms called NetSky and Sasser. At the time, they were responsible for over 25% of all virus reports in the first half of 2005. Instead of attacking computers by email, Sasser would use a script to forward to an at-risk computer and instruct it to download the hand.
The system would also be difficult to shut down without unplugging manually. NetSky utilized email to send files that would cause a Denial of Service attack as systems would collapse while handling the data and traffic. These viruses caused over 20 billion dollars in damages.
Sony suffered a massive blow to its Playstation Network in April 2011 after Anonymous hacked it via DDoS attacks. They attacked again on the 21st of April 2011, and Sony kept the Network offline for three whole weeks. They were quiet about the reason for five full days when they announced that 77 million users’ personal information was compromised.
Sony couldn’t rule out the possibility that Credit Card data was taken either. After apologizing and reimbursing customers with free games, subscriptions, and anti-fraud protection, Sony was left with a loss of £171 million.