Real-World-Cybersecurity-Incidents

Real-World Cybersecurity Incidents

Stuxnet Worm Attack (2010)

  • One of the most sophisticated cyberattacks in history.

  • Targeted Iran's nuclear enrichment program, specifically the Natanz facility.

  • Designed to cause physical damage, disrupting operations and delaying nuclear ambitions.

  • First known instance of a cyberweapon used for sabotage.

  • Targeted industrial control systems (ICS) using Siemens PLCs.

  • Spread via USB drives, infecting Windows systems and searching for Siemens PLCs.

  • Sent false signals to monitoring systems to create normalcy while damaging centrifuges.

  • Estimated damage: Over 1,000 centrifuges.

  • Likely developed by the U.S. and Israel as part of Operation Olympic Games.

  • Used stolen digital certificates for security bypass.

  • Spread beyond Iran, raising cybersecurity concerns globally.

Sony PlayStation Hack (2011)

  • Significant attack affecting over 77 million PSN accounts.

  • Began on April 17, leading to a 23-day shutdown of PSN.

  • Exploited vulnerabilities in PSN servers, compromising personal data.

  • Data exposed: names, addresses, birth dates, encrypted passwords, potential credit card info.

  • Sony detected breach on April 19 but informed users on April 26, sparking outrage.

  • Estimated costs: Over $171 million due to legal fees, upgrades, and lost revenue.

  • Resulted in backlash, lawsuits, and U.S. and U.K. investigations.

Yahoo Data Breach (2013-2014)

  • One of the largest breaches in history, affecting 3 billion accounts.

  • Disclosed years later, involving two separate attacks in 2013 and 2014.

  • First breach in August 2013 exposed all 3 billion accounts; not disclosed until December 2016.

  • Data compromised: names, email addresses, phone numbers, birth dates, hashed passwords.

  • Second breach in late 2014, attributed to state-sponsored actions, affecting 500 million accounts.

  • Criticism for delayed response and failure to disclose; faced multiple lawsuits and a $35 million SEC fine.

  • Led to reduced acquisition price with Verizon by $350 million.

Uber Data Breach (2016)

  • Major breach exposing personal info of 57 million users and 600,000 drivers.

  • Breach accessed via hard-coded credentials found in a GitHub repository.

  • Uber concealed breach for over a year, revealed in November 2017.

  • Hackers demanded $100,000 ransom, which Uber paid to keep the incident quiet.

  • Compromised data included names, emails, phone numbers, and driver license details.

  • Resulted in a $148 million fine and scrutiny over Uber's security practices.

Marriott Data Breach (2014-2018)

  • Originated in the Starwood Hotels reservation system, affecting approximately 383 million guests.

  • Attackers remained undetected for over four years post-acquisition by Marriott.

  • Compromised data: names, email addresses, phone numbers, travel details, passport numbers, and credit card info.

  • Hackers believed to be state-sponsored, using malware for long-term access.

  • Discovered in routine checks and publicly disclosed in November 2018.

  • Resulted in a $123 million fine under GDPR and various lawsuits.

Facebook Data Breach (2019)

  • Exposed personal information of over 540 million users via improperly secured third-party storage.

  • Datasets revealed by cybersecurity researchers included user interactions and plaintext passwords.

  • Related to mismanagement, not direct hacking; data mismanagement by third-party developers.

  • Sparked criticism for Facebook's control over data security and led to increased regulatory scrutiny.

Capital One Data Breach (2019)

  • Exposed info of over 100 million customers due to a flaw exploited by a former AWS engineer.

  • Attack used Server-Side Request Forgery (SSRF) to access data from misconfigured AWS firewall.

  • Compromised data: names, addresses, Social Security Numbers, and banking details.

  • Discovered via a tip on GitHub; resulted in an $80 million fine and lawsuits.

Twitter Bitcoin Scam (2020)

  • Attackers accessed internal tools and took control of prominent accounts to promote a Bitcoin scam.

  • Hackers collected over $118,000 in Bitcoin before Twitter intervened.

  • Used social engineering to deceive employees into granting access to privileged systems.

  • Resulted in security lockdowns and raised questions about internal access controls.

Colonial Pipeline Ransomware Attack (2021)

  • Major attack forcing the shutdown of operations for nearly a week, impacting fuel supply to 45% of the East Coast.

  • Conducted by DarkSide, exploiting a compromised VPN password without MFA.

  • Affected economic stability, triggering panic buying and fuel shortages.

  • Paid $4.4 million in ransom which proved ineffective for recovery.

  • Led to investigations and eventual recovery of part of the ransom.

Equifax Data Breach (2017)

  • Catastrophic breach exposing personal information of about 147 million individuals.

  • Exploited a known vulnerability in Apache Struts, remaining undetected for 76 days.

  • Data compromised included Social Security numbers, credit card info, and personal identifiers.

  • Criticism for negligence led to congressional hearings, lawsuits, and a $700 million settlement.