A History of Cyber Attacks: from Barrotes to WannaCry
June 10, 2020
Cyber attacks are continually evolving. With the Internet now an everyday tool in our lives, they have become something of a constant, and have increased both in frequency and sophistication. Because of this, they have a huge global impact on economies, national security, elections, data theft, and personal and company privacy. Cyber attacks have become an extremely common way to commit fraudulent activities. A World Economic Forum report shows that 76.1% of experts expect infrastructure hacking to increase, while 75% believe that cyber attacks seeking money or data will increase.
But in order to develop the best strategies, tools, or services to stop these attacks or minimise their impact, it is essential to be at the cutting edge of technology, using economic and technological resources and tracking criminal activity. Not only this, but it is also vital to learn from history and incorporate what it can teach us into how we act. Here, we take a look at some of the cyber attacks that have made an impact over the last three decades.
Incidents such as these, along with experience, has allowed us to develop a unique cyber security model. A model based on machine learning to reveal malicious behavioral patterns and create advanced cyber defenses against known and unknown threats. In the end, it’s all about continuing to do what we do best: protecting our customers for many years to come.
But in order to develop the best strategies, tools, or services to stop these attacks or minimise their impact, it is essential to be at the cutting edge of technology, using economic and technological resources and tracking criminal activity. Not only this, but it is also vital to learn from history and incorporate what it can teach us into how we act. Here, we take a look at some of the cyber attacks that have made an impact over the last three decades.
Barrotes (1993)
Known as the first Spanish virus, this malware was sent via an infected floppy disk, which were commonly used at the time to share files or pirated software. It was a small program that, upon entering systems, wrote its malicious code on executable files (.com and .exe on MS-DOS), staying hidden until the 5th of January, when it was released and activated by overwriting the boot disk. As a result, every time the computer started up, the screen was covered in bars, making it impossible to use the device.
CIH/CHERNOBYL (1998)
Originating in Taiwan, this is considered to be one of the most harmful viruses in history because of the millions of dollars of losses it caused all over the world, and how quickly it spread. Its modus operandi was lethal: Once installed on a computer, it deleted all of the information from the entire computer, even corrupting BIOS so that the system couldn’t boot. It is estimated that it affected over 60 million Windows 95, 98 and ME users.
Melissa (1999)
Melissa is one of the first cyber attacks carried out using social engineering techniques. Users received an email with an attachment (called List.doc), which supposedly contained login details to access pornography websites. However, once the document was opened, the virus accessed the victim’s Microsoft Outlook agenda and forwarded the email to the first 50 contacts in their address book. It also infected every Word document on their computer.
I love you (2000)
This worm, programmed in Visual Basic Script, also used social engineering and email to infect devices. The user received an email with the subject “I LOVE YOU”, and an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs”. When this document was downloaded and opened, it replaced a multitude of files (.jpeg, .css, .jpg, .mp3, .mp2 and others) with a Trojan that aimed to get hold of sensitive information. So great was the impact of this malware that it infected millions of computers around the world, including devices in the Pentagon and the British Parliament.
Mydoom (2004)
Another piece of malware sent via email, but this time using an error message. Mydoom used most of Windows’ security tools and options to spread throughout the system and to every file. It started operating on the 26th of January, 2004 and was ready to stop on the 12th of February. It had dramatic consequences, and is still considered catastrophic today: it reduced world Internet traffic by 10% and caused losses of around £32 billion.
Stuxnet (2010)
Stuxnet is is the first known example of a cyber warfare weapon; it was designed to attack Iranian critical infrastructure. This worm, which was spread through removable USB devices, carried out a targeted attack against companies with SCADA systems, with the aim of gathering information and then ordering the system to self-destruct. It used the Windows vulnerability MS10-046, which affected shortcuts, to install itself on the computer, specifically on Windows 2003, XP, 2000, NT, ME, 98 and 95. It was also able to get onto devices that were not connected to the Internet or a local network.
Mirai (2016)
Mirai is the botnet behind one of the largets denial of service (DDoS) attacks to date. It affected such large companies as Twitter, Netflix, Spotify, and PayPal. This malware infected thousands of IoT devices, remaining inactive inside them. The creators of Mirai activated it on October 21, 2016, using it to attack DNS service provider Dyn. Both its services and its clients were down or experiencing problems for hours.
WannaCry (2017)
WannaCry was a ransomware attack that started with a cryptoworm of the same Targeting Windows computers, it encrypted their data and demanded ransom payments of £240 in bitcoins. It was stopped a few days later thanks to emergency patches released by Microsoft and the discovery of a kill switch that stopped infected computers from continuing to spread the malware. The attack is estimate to have affected over 200,000 computers in around 150 countries, including devices in the NHS and Renault.
Petya/NotPetya (2016-2017)
The ransomware Petya, discovered in 2016, runs on computers, encrypting certain files, while blocking the boot sector of the compromised system. This way, it stops users from accessing their own computers unless they enter an access code, after having paid the ransom, which restores the operating system as if nothing had happened. The variant NotPetya, which appeared in 2017, mainly targeted the business sector. One thing that made it particularly notorious is the fact that often, even when the ransom was paid, the victim’s files were not recovered. Although this ransomware infected networks across multiple countries, researchers suspect that it actually intended to hide a cyber attack targeting Ukrainian institutions.
Ryuk (2019)
The ransomware Ryuk endangered critical infrastructure and large national and international companies in the last quarter of 2019. Among its victims were the city hall of Jackson County in Georgia and Everis. This malware, whose origins lie with the Russian group Grim Spider, encrypts the files on infected devices, and only allows the victim to recover their files if they pay a ransom in bitcoins. Ryuk seems to be derived from Hermes, a similar piece of malware that can be bought on the dark web and personalised to fit the buyer’s needs.
Incidents such as these, along with experience, has allowed us to develop a unique cyber security model. A model based on machine learning to reveal malicious behavioral patterns and create advanced cyber defenses against known and unknown threats. In the end, it’s all about continuing to do what we do best: protecting our customers for many years to come.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.