Don’t Be Like These Guys – 14 Massive Hacks and Malware Attacks & What Happened Next
Have you ever been hacked?
Be honest. You can admit it. Almost all of us have, at one point or another, received the bad news: our email, or bank account, or credit card, or personal website have been compromised, and there’s nothing we can do about it.
Not all hacks cause immediate, acute harm. Many have no apparent impact at all. Your payment card information has probably been compromised a half-dozen times or more, thanks to blockbuster hacks like the Target and Home Depot compromises earlier this decade, but that doesn’t mean you’ve lost money as a result — or even that someone downstream of the attackers tried to use your card number. For all we know, it’s sitting on a thumb drive somewhere, forgotten.
On the other hand, some hacks are downright devastating. Without first-rate data recovery software and a well-tuned bounceback plan in place, a serious hack could cripple your organization for days or weeks. Should such an attack result in the irreversible loss of mission-critical data, your organization might never fully recover — at the very least, not its reputation.
Not convinced? Then it’s time for a walk down memory lane.
These malware attacks were all absolutely devastating for their victims, many of whom lacked proper backup and recovery protocols. Here’s how they went down (and, in some cases, continue to go down) — and what you can do to avoid their victims’ fate.
The devastating WannaCry ransomware is fresh on the minds of many a digital security professional.
What made the 2017 attack so unusual at the time was its speed — to date, most ransomware attacks were measured by the standards of other forms of malware. WannaCry was not; it spread across the world, infecting such illustrious targets as Britain’s National Health Service.
Most infected machines ran Windows 7, one of Microsoft’s most popular operating systems at the time, and millions remained unpatched months after the initial spread. Attribution remains uncertain; some security researchers believe a nation-state actor was behind this devious malware.
2. SQL Slammer
This one’s an oldie but a goodie (or baddie, as the case may be). Worms rarely spread as rapidly as SQL Slammer; at its height, in early 2003, its infection footprint doubled every 8.5 seconds, per We Live Security. Collateral damage included some 13,000 Bank of America ATMs and South Korea’s entire phone and Internet network. Shockingly, SQL Slammer comprised just 376 bytes of code — barely a rounding error, even at the time.
First discovered in mid-2013, CryptoLocker was a pioneer of sorts — one of the first true file-encrypting ransomware programs. A trojan, it concealed itself inside apparently legitimate software downloaded or installed by unsuspecting victims. Those victims were made to pay $300 each or say goodbye to their encrypted files.
CryptoLocker took nearly a year, and painstaking cooperation among a multinational coalition of law enforcement agencies and private companies, to get under control. As we’ll see, it also spawned generations of imitators.
Known variously as MyDoom, Mydoom, My Doom, and Novarg (don’t ask), this was among the most successful computer viruses of the aughts. The virus’s apparent purpose was to launch Distributed Denial of Service (DDoS) attacks on victim systems; during a 12-day span, the virus commandeered many thousands of infected machines to do its dastardly bidding. Vulnerabilities remained even after the virus inexplicably stopped replicating, prompting U.S. lawmakers to propose the creation of a new national digital threat response center.
TeslaCrypt is a (thankfully) defunct ransomware that, at its peak, targeted players of more than 40 popular computer games, including World of Warcraft, Minecraft, and Call of Duty. Later variants of TeslaCrypt targeted non-gamers. In all cases, victims were made to pay as much as $500 in cryptocurrency ransoms — an unusually high premium for broad-based ransomware attacks.
Unlike many malware developers, the parties responsible for TeslaCrypt eventually released its master code, providing digital security professionals valuable insight into its inner workings (and, perhaps more importantly, future derivatives).
SimpleLocker (or Simplelocker) was, well, simple. An Android trojan, it masquerades as a seemingly legitimate file, then locks users out of their mobile devices until a ransom is paid. Early versions featured a distinctive Cyrillic lockout screen; later versions cleverly commandeered victim devices’ cameras for added effect. Few experienced are creepier than learning your phone’s turned against you by way of an unauthorized candid photo.
Zeus, or Zbot, is a still-active trojan that manifests in a variety of sometimes-threatening, sometimes-whimsical forms. Its two most common (and potentially devastating) functions are logging keystrokes (including sensitive personal data) and serving as a vector for CryptoLocker ransomware, providing originators with a crucial source of income to fund their activities.
Zeus has been operative for at least a decade and remains one of the most difficult-to-detect known malware threats. It’s a perennial reminder of the importance of digital security basis — that it’s not just the novel threats that deserve your attention.
NotPetya is immodestly — but accurately — described by WIRED Magazine as “the most devastating cyberattack in history.”
Before it metastasized and infected systems associated with some of the world’s largest and most logistically crucial organizations, notably the Moller-Maersk shipping conglomerate, NotPetya arose out of what WIRED calls Ukraine’s “grinding, undeclared war with Russia that has killed more than 10,000 Ukrainians and displaced millions more,” a war that has doubled as “a scorched-earth testing ground for Russian cyberwar tactics.”
More confusingly — and alarmingly — the spread of NotPetya would not have been possible without EternalBlue, a sophisticated software exploit developed by the U.S. National Security Agency, one of the world’s most advanced digital intelligence agencies. As-yet-unknown hackers compromised and released EternalBlue in the months leading up to the NotPetya attack — laying the groundwork, in retrospect, for a devastating cyberwar volley.
Mirai is a clever little malware that co-opts Linux devices into vast botnets — zombie computer armies that do their operators’ bidding. Some of the world’s most disruptive DDoS attacks used Mirai malware as the vectors; others, such as the attack that brought journalist Brian Krebs’ website to its knees, were remarkably well-targeted.
Mirai, in short, is a prime example of the (potential) versatility of well-executed malware. If you have enemies — and what organization of any size doesn’t — then you’d do well to be on the lookout for such threats.
10. Guardians of Peace (2014 Sony Pictures Hack)
Like NotPetya, the infamous Guardians of Peace hack — better known as the Sony Pictures hack of 2014 — almost certainly originated with a nation-state actor. In this case, the culprit is widely thought to be the North Korean regime, though the specific individuals or entities behind the act remain mysterious (and will likely never see the inside of an American courtroom).
The conventional wisdom has it that the Guardians of Peace — whoever they are, and however closely directed by the North Korean regime — attacked Sony Pictures to prevent or disrupt the release of The Interview, a James Franco-Seth Rogen vehicle lampooning strongman Kim Jong-Un.
Although the gambit didn’t work, Sony Pictures was thoroughly embarrassed by the ordeal. The attack remains a cautionary tale for Western companies that, wittingly or not, find themselves on the wrong side of authoritarian regimes.
CryptoWall is a ransomware trojan whose claim to fame is perhaps best described as “dependability.” It’s not the first ransomware trojan, nor is it particularly original (it’s basically a CryptoLocker clone), but it does what it’s written to do: infect and encrypt victims’ files, then demand a hefty ransom. Further proof that, in the wide world of malware, first mover status isn’t all it’s chalked up to be.
Locky earns precisely zero points for creativity. Unlike most ransomware trojans, its name dispenses with the prefix and cuts straight to the chase: “Yes, I’m here to lock you out of your system unless you cough up my ransom.”
That ransom is pricier than your run-of-the-mill malware’s: up to 1BTC, which at Bitcoin’s wildly variable exchange rates might mean anything from $3,000 to well north of $10,000. For that price, you might as well ditch your system and start from scratch — which, with a cost-effective data recovery system, isn’t all that hard to do.
Notable mainly because it affects Mac OS X variants — a relative rarity in the wide world of ransomware, and a source of wounded pride for Mac enthusiasts who see anti-malware as “something the PC crowd needs to worry about” — KeRanger emerged with a vengeance in 2016. Within 36 hours of first detection, it had infected more than 6,000 machines, many belonging to high-value targets (or targets within high-value organizations).
14. Stuxnet (2010 Iran Nuclear Centrifuge Hack)
This is another state or quasi-state actor hack — plausible deniability reigns, of course — that did just a little bit more than its originators perhaps intended.
Stuxnet was a malicious worm that operated in three stages, per Stanford University researcher Michael Holloway:
- Targeting and burrowing into Windows systems, then replicating itself within those systems
- Infiltrating Siemens Step7 software, a platform popular with industrial users
- Gaining access to key logic controllers within Step7, enabling the worm’s originators to take over systems and machinery operated by those controllers
Stuxnet’s effects were most acutely felt at nuclear enrichment facilities operated by the Iranian government. At the time of the attack, in 2010, Western intelligence agencies assessed that Iran’s nuclear program was just months from achieving “breakout” capability, at which point it would be all but impossible to prevent the regime from acquiring a nuclear weapon without military action. Stuxnet commandeered thousands of uranium-enriching centrifuge machines and ordered them to spin out of control until, essentially, they self-destructed.
Stuxnet apparently worked as intended; to date, Iran hasn’t produced a nuclear weapon, and its nuclear program appears to be on far weaker footing than at the beginning of the decade. But that’s not to minimize Stuxnet’s collateral damage: thousands of civilian systems running Siemens Step7 software were infected too, with firms in India and Ukraine particularly hard-hit. Although Stuxnet wasn’t particularly harmful for these civilian operators, the mere fact that the worm got into so many innocent systems should give us all pause.
Still, as malware goes, Stuxnet was pretty surgical. No one doubts that it achieved its primary objective: crippling the Iranian government’s uranium enrichment capabilities and choking off what Stuxnet’s originators perceived as a clear and present danger to world peace.
Don’t Be Like Those Guys
We’ll say it again: there’s absolutely no way to completely reduce your risk of being hacked, malware-attacked, or otherwise victimized in cyberspace. None. If some magic bullet existed, you can bet you’d know about it by now.
That’s not to say you’re completely powerless to mitigate digital threats and reinforce your security posture. Organizations large and small implement a host of best practices to protect themselves from an ever-amorphous, ever-expanding litany of cyber-risks. So can you.
Deploying a first-rate data recovery system, as we mentioned up top, is a good start. What else can you do? Well, for starters:
- Use a secure messaging app to manage sensitive intra-organizational communications (and implement strict non-retention policies and/or remote wiping capabilities)
- Practice strong password hygiene (and definitely don’t reuse passwords for different accounts)
- Use two-factor authentication for all organizational accounts
- Monitor all system and network usage, all the time — and watch the watchers, too
- Never open emails from unknown senders (and run all external emails through a filter)
- Use a virtual private network to encrypt device traffic and thwart hackers
- Train employees to spot common cyber-threats, such as spearphishing attempts
There’s much more you can do to reduce your risk of victimization online and recover quickly from whatever ills might befall your organization, but that’s beyond the scope of this article. For now, you know enough to count yourself among the well-prepared decision-makers who can anticipate and respond to digital threats.
In short, you’re well on your way to not being like the unfortunate souls caught up in these 15 massive hacks and attacks. Good for you.