Most cyberattacks are fairly mundane. In the worst cases, the user sees an on-screen ransom demand explaining that the computer is encrypted and can be unlocked after payment. Oftentimes, however, nothing visible happens at all — many types of malware act as surreptitiously as possible to maximize data theft before being spotted.
But with some cyberattacks, their scale or sophistication cannot fail to attract attention. This post is dedicated to the five most spectacular and notorious cyberattacks of the last decade.
WannaCry: A real epidemic
The WannaCry attack put ransomware, and computer malware in general, on everyone’s map, even those who don’t know a byte from a bite. Using exploits from the Equation Group hacking team that were made publicly available by the Shadow Brokers, the attackers created a monstrosity — a ransomware encryptor able to spread quickly over the Internet and local networks.
The four-day WannaCry epidemic knocked out more than 200,000 computers in 150 countries. This included critical infrastructure: In some hospitals, WannaCry encrypted all devices, including medical equipment, and some factories were forced to stop production. Among recent attacks, WannaCry is the most far-reaching.
See here for more details about WannaCry, and here and here for business aspects of the epidemic. Incidentally, WannaCry is still out there, endangering the world’s computers. To find out how to configure Windows to stay protected, read this post.
NotPetya/ExPetr: The costliest cyberattack to date
That said, the title of most costly epidemic does not go to WannaCry, but rather to another ransomware encryptor (technically a wiper, but that doesn’t alter the bottom line) called ExPetr, also known as NotPetya. Its operating principle was the same: Using EternalBlue and EtrernalRomance exploits, the worm moved around the Web, irreversibly encrypting everything in its path.
Although it was smaller in terms of total number of infected machines, the NotPetya epidemic targeted mainly businesses, partly because one of the initial propagation vectors was through the financial software MeDoc. The cybercriminals managed to gain control over the MeDoc update server, causing many clients using the software to receive the malware disguised as an update, which then spread across the network.
The damage from the NotPetya cyberattack is estimated at $10 billion, whereas WannaCry, according to various estimates, lies in the $4–$8 billion range. NotPetya is considered the costliest global cyberattack in history. Fingers crossed that if this record is ever broken, it won’t be soon.
More information about the NotPetya/ExPetr epidemic can be found in this post; the pain it caused businesses is examined here; and see here for why the epidemic, capable of disabling large businesses, affects not only those whose computers are infected, but everyone else as well.
Stuxnet: A smoking cybergun
Probably the most famous attack was the complex, multifaceted malware that disabled uranium-enrichment centrifuges in Iran, slowing down the country’s nuclear program for several years. It was Stuxnet that first prompted talk of the use of cyberweapons against industrial systems.
Back then, nothing could match Stuxnet for complexity or cunning — the worm was able to spread imperceptibly through USB flash drives, penetrating even computers that were not connected to the Internet or a local network.
The worm spun out of control and quickly proliferated around the world, infecting hundreds of thousands of computers. But it could not damage those computers; it had been created for a very specific task. The worm manifested itself only on computers operated by Siemens programmable controllers and software. On landing on such a machine, it reprogrammed these controllers. Then, by setting the rotational speed of the uranium-enrichment centrifuges too high, it physically destroyed them.
A lot of ink has been spilled over Stuxnet, including a whole book, but for a general understanding of how the worm spread and what it infected, this post should suffice.
DarkHotel: Spies in suite rooms
It is no secret that public Wi-Fi networks in cafés or airports are not the most secure. Yet many believe that in hotels things should be better. Even if a hotel’s network is public, at least some kind of authorization is required.
Such misconceptions have cost various top managers and high-ranking officials dearly. On connecting to a hotel network, they were prompted to install a seemingly legitimate update for a popular piece of software, and immediately their devices were infected with the DarkHotel spyware, which the attackers specifically introduced into the network a few days before their arrival and removed a few days after. The stealthy spyware logged keystrokes and allowed the cybercriminals to conduct targeted phishing attacks.
Read more about the DarkHotel infection and its aftermath here.
Mirai: The fall of the Internet
Botnets had been around for ages already, but the emergence of the Internet of Things really breathed new life into them. Devices whose security had never been considered and for which no antiviruses existed suddenly began to be infected on a massive scale. These devices then tracked down others of the same kind, and promptly passed on the contagion. This zombie armada, built on a piece of malware romantically named Mirai (translated from Japanese as “future”), grew and grew, all the while waiting for instructions.
Then one day — October 21, 2016 — the owners of this giant botnet decided to test its capabilities by causing its millions of digital video recorders, routers, IP cameras, and other “smart” equipment to flood the DNS service provider Dyn with requests.
Dyn simply could not withstand such a massive DDoS attack. The DNS, as well as services that relied on it, became unavailable: PayPal, Twitter, Netflix, Spotify, PlayStation online services, and many others in the US were affected. Dyn eventually recovered, but the sheer scale of the Mirai attack made the world sit up and think about the security of “smart” things — it was the mother of all wake-up calls.
You can read more about Mirai, Dyn, and “the attack that broke the Internet” in this post.