If there is one thing businesses should be afraid of today, it’s cyberattacks. Cyberattacks can have devastating consequences, whether through malware, phishing, MitM attacks, DDoS attacks or SQL injections. In the face of cybersecurity threats, organisations are turning to IT support services to safeguard vital systems and sensitive data.
So whether you require IT support in London or beyond, don’t fret because plenty of reliable providers are out there. To truly understand the consequences of lax cybersecurity, let’s explore five of the most shocking cyberattacks in living memory.
Table of Contents
5. Equifax – 2017
Between May and July 2017, the American credit bureau Equifax experienced a catastrophic data breach. The private records of just over 147 million Americans, 15 million Britons and 19,000 Canadians were compromised, making it one of the largest identity theft cybercrimes.
The personal data included highly sensitive information, such as names, dates of birth, social security numbers, driver’s license numbers and telephone numbers. As you can imagine, the major breach had a big impact on the agency and its customers, who were devastated to learn that sensitive personal information was out in the open.
In the wake of the breach, Equifax was criticised for its poor security practices. The hackers accessed the sensitive data through the company’s US online dispute web portal application due to an unpatched security vulnerability on an Apache Struts server, which the organisation had been warned about months before.
In the days after the breach was disclosed, numerous lawsuits were filed against the company. In 2019, Equifax agreed to a settlement costing $575 million, but clean-up costs are reportedly closer to $1.4 billion. This incident proves that it really does pay to prioritise cybersecurity!
4. NotPetya – 2017
In June 2017, the NotPetya malware inflicted a huge amount of damage on devices across the world. NotPetya was particularly damaging because it masqueraded as ransomware, as people were tricked into downloading and installing the malware. However, unlike typical ransomware, users could not recover the data, disrupting business operations for weeks.
Although the attack harmed businesses across the world, it began in Ukraine. The malware spread through a software update for M.E.Doc, a popular tax accounting software in the country, which then spread across the globe. The consequences were catastrophic—global companies such as Maersk, Merck and TNT Express reported severe disruptions. The total damages from NotPetya are thought to be around $10 billion.
The NotPetya attack served as a harsh reminder of the vulnerabilities that can occur in digital systems, highlighting the importance of regular software updates and robust cybersecurity measures.
3. WannaCry – 2017
Clearly, 2017 was a devastating year for cyberattacks. In May 2017, the WannaCry ransomware attack targeted computers running the Microsoft Windows operating system by encrypting user data and demanding Bitcoin ransom payments.
It exploited a tool developed by the US National Security Agency called Eternal Blue, which leaked to a group called The Shadow Brokers a month before the attack. Despite Microsoft issuing protective patches in advance, many organisations failed to update systems, either due to using outdated versions of Windows or simply overlooking the importance and urgency of the patch.
Within a single day, the malicious code was reported to have infected over 230,000 computers in over 150 countries. WannaCry impacted several major organisations, including the NHS, Renault, FedEx and the Bank of China. Thankfully, the spread of WannaCry was halted when a researcher discovered a kill switch in the code, which then neutralised the threat.
The incident sent a clear message to organisations on the importance of maintaining strict cybersecurity measures.
2. Yahoo – 2014
In 2014, Yahoo suffered a colossal data breach that affected over 3 billion user accounts. Perhaps one of the most shocking aspects of this incident is that Yahoo publicly reported the breach had occurred almost two years after the data had been accessed, only discovering the true extent of the breach in 20127.
Sensitive user information was obtained, including names, dates of birth, email addresses, hashed passwords, telephone numbers and encrypted and unencrypted security questions and answers. The breach was nothing short of devastating, especially because it was discovered years after it happened.
You’re probably wondering how the breach occurred. The hack began with a spear-phishing attack in 2014, which targeted Yahoo employees. It’s not clear how many employees were targeted and how many emails were sent, but it only took one person to click on a link for the chaos to begin. The breach had disastrous consequences for Yahoo.
Due to the breach, Verizon Communications knocked off $350 million from Yahoo’s acquisition price, and the company’s reputation was significantly damaged. More than anything, the Yahoo data breach demonstrates the importance of employee security awareness training.
1. Stuxnet – 2010
In 2010, a malicious computer worm known as Stuxnet wreaked havoc in Iran. What makes this cyberattack the most shocking in this list is its target: not money or information, but real-world physical damage. Stuxnet primarily targeted Iran’s nuclear facilities, changing cyber warfare forever.
The worm was designed to exploit multiple zero-day vulnerabilities in the Windows operating system, a flaw where no official patch or security update has been released.
Stuxnet damaged around 900 of Iran’s nuclear centrifuges, setting the country’s nuclear program back by many months. The malicious worm highlighted the importance of strict security measures for critical infrastructure, but that’s not all. It also revealed just how devastating cyber warfare could be, as the origins of such attacks are extremely difficult to pinpoint.
Technological advancements bring new vulnerabilities: the two come hand-in-hand. The devastating cyberattacks explored above, from huge data breaches to malware attacks, reveal the damage that substandard security practices can cause.
These shocking incidents highlight the importance of proactive cybersecurity measures and constant vigilance because new threats are always popping up, ready to inflict untold damage. For both businesses and individuals, these incidents serve as a stark reminder: robust cybersecurity is an absolute necessity, not a nice-to-have.