Recent Cyber Attacks
Most Recent Cyber Attacks - Past Three Months
Under normal business circumstances, cyber attacks are an ever-increasing problem causing trillions of dollars in losses. To make matters worse, the war between Russia and Ukraine exacerbated these problems with a flurry of major politically-motivated cyber attacks in 2022. Here are some of the recent cyber attacks.
Finnish Parliament Attack
In August 2022, the Finnish parliament's website experienced a DDoS attack while the parliament was in session. This denial-of-service attack may be part of a coordinated campaign by Russian state-sponsored hackers to disrupt the Finnish government’s websites in retaliation for the application to join NATO. A DDoS attack temporarily blocks access to a website but does not cause permanent destruction.
Ukrainian State Nuclear Power Company Attack
The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage web traffic and webpage requests. A disruption of online services lasted for a few hours, but no permanent negative impact remained. The attack was part of a Russian psyops campaign to create fear of a nuclear disaster and terrorize Europeans.
Greek Natural Gas Distributor Attack
Greek national gas distributor DESFA reported an incidence of a cyber attack in August 2022. The attack impacted part of the company’s IT infrastructure and caused a data leak. The ransomware operation of cybercriminals called Ragnar Locker is holding the stolen data hostage. They demand ransom not to expose sensitive data. The company refused to make a payment.
South Staffordshire Water Company Attack
In August 2022, the South Staffordshire Water Company reported an attack that caused a network disruption in its internal corporate network and a data loss. A cybercriminal ransomware group threatened to tamper with the water supplied by the company. The company disputed this claim. The criminals demanded payment to not release sensitive files and explain how the network breach happened.
Montenegro Government Attack
The government of Montenegro's digital IT infrastructure reported an unprecedented cyberattack in August 2022. No data breach occurred. However, certain governmental services and telecommunications experienced disruption, including border crossings and airport operations. The state-owned utility company, EPCG, switched to manual operations as a precautionary measure.
Estonian Government Attack
A DDoS attack disrupted many Estonian government websites for several hours in April 2022. The attack targeted websites for the president, the Ministry of Foreign Affairs, the Police and Border Guard, the identification card webpage, and the state services digital portal. Estonia’s condemnation of the Russian war on Ukraine makes the country a target for Russian hackers.
Islamic Culture and Communication Organization Attack
The Iranian Islamic Culture and Communication Organization (ICCO) experienced a severe attack in July 2022. Six ICCO websites went down, and 15 others changed to photos of Massoud Rajaivi, the Iranian Resistance leader. Additionally, there was data destruction on 44 servers and hundreds of computers. The ICCO also lost 35 databases with highly-confidential information about money laundering, spies, and terrorists living abroad.
Belgian Government and Military Attack
In July 2022, the Belgian government announced that three Chinese hacker groups, part of the known Chinese Advanced Persistent Threat actors, attacked Belgian public services and military defense forces. The Chinese government-sponsored attackers steal trade secrets and intelligence information. The Soft Cell Chinese group recently launched a new remote access trojan (RAT) malware in June 2022.
UK Military Social Media Breach
Hackers took over the Twitter account of the British Army in July 2022. The social media account underwent multiple name and photo changes. The content started promoting contests to win Angry Apes non-fungible tokens (NFTs), digital art stored on a blockchain. The army’s YouTube page experienced an attack as well. Its name changed to Ark Invest, and the account promoted interviews of Elon Musk talking about cryptocurrency.
Lithuanian Energy Company Attack
A DDoS attack in July 2022 blocked access to the website of the Lithuanian energy company, Ignitis Group. The company managed the attack and limited the damage using DDoS Protection. No data breach occurred, but the attacks were persistent and ongoing. Pro-Russia group Killnet claimed responsibility. The attack retaliated against Lithuanian support of Ukraine in the war with Russia.
Additional Global Cyber Attacks
One of the most damaging recent cyberattacks was a Microsoft Exchange server compromise that resulted in several zero-day vulnerabilities. The vulnerabilities, known as ProxyLogon and initially launched by the Hafnium hacking group, were first spotted by Microsoft in January and patched in March. However, more groups joined Hafnium in attacking unpatched systems, resulting in thousands of organizations being compromised.
MeetMindful Cybersecurity Breach
Dating app MeetMindful suffered a cybersecurity attack in January 2021, resulting in data of more than 2 million users being stolen and leaked. The hacking group behind the event managed to steal information like users’ full names and Facebook account tokens.
In March 2021, cyber criminals threatened to leak documents from the Tether cryptocurrency. The attackers claimed the data would “harm the Bitcoin ecosystem” and demanded a settlement fee of around 500 Bitcoin ($24 million), but Tether refused to pay.
CNA Financial Breach
A ransomware attack on insurance firm CNA Financial left employees locked out of their systems and blocked from accessing corporate resources. The attack in March 2021 also involved company data being stolen, which led CNA Financial to reportedly pay the $40 million settlement fee.
Data of more than 530 million Facebook users, including their names, Facebook IDs, dates of birth, and relationship status, was published online in April 2021. Facebook, now Meta, said the information was obtained through scraping in 2019.
Colonial Pipeline Attack
The growing threat that advanced cybersecurity attacks pose to the world was highlighted by the Colonial Pipeline attack in May 2021. The fuel pipeline operator suffered a ransomware attack launched by the DarkSide hacking group, which led to fuel disruption and mass panic buying across the U.S.
An unauthorized entry cyberattack in May 2021 resulted in the exposure of 1.7 million users of the Japanese dating app Omiai.
Audi and Volkswagen Cybersecurity Breach
In June 2021, Audi and Volkswagen revealed a data breach had affected more than 3.3 million customers and prospective buyers, who were primarily U.S.-based. The breach was blamed on an associated vendor, which was purportedly responsible for exposing the data between August 2019 and May 2021.
The United Kingdom’s trading website for guns and shooting equipment revealed that records of 100,000 gun owners had been stolen and published online in July 2021. Gun ownership is strictly controlled in the U.K., so the data breach of customers’ names and addresses caused significant privacy and safety concerns.
In August 2021, telecoms firm T-Mobile suffered a cybersecurity breach that led to the data of around 50 million existing customers and prospects being stolen. The data, which included customer addresses, drivers' licenses, and social security numbers, was stolen by a 21-year-old, who claimed to have obtained around 106GB of information.
Poly Network Breach
An attack on Poly Network in August 2021 proved that cybersecurity breaches on cryptocurrency firms are on the rise. The blockchain firm revealed an Ethereum smart contract hack resulted in cyber criminals stealing cryptocurrency worth more than $600 million.
Cybersecurity attacks on medical organizations and healthcare firms are also increasing. As a result of the hack on AP-HP, a Paris public hospital system, in September 2021, cyber criminals stole personal data belonging to around 1.4 million people who were tested for COVID-19 in 2020.
Cream Finance Breach
Cream Finance, a decentralized finance firm, suffered a vulnerability in its project’s market system. The hack, which was revealed in September 2021, caused losses worth $34 million.
Debt-IN Consultants Cyberattack
A South African debt recovery company suffered a significant attack that led to client and employee data being illegally accessed from its servers in September 2021. The incident is suspected to have affected the personally identifiable information (PII), including owed debts, of over 1.4 million people.
Neiman Marcus Data Breach
Department store Neiman Marcus suffered a data breach that resulted in the exposure and theft of up to 3.1 million customers’ payment card details. The attack was detected in September 2021 but began in May 2020, and most of the data stolen was believed to have been from expired or invalid cards.
Argentinian Government Attack
A hacker, who claimed to have leaked the entire database of Argentina’s National Registry of Persons, has allegedly stolen the data of more than 45 million Argentinian residents. However, the government denied the hack.
Squid Game Cyberattack
The value of a cryptocurrency linked to but not officially associated with the Netflix program Squid Game plummeted after a suspected exit scam in November 2021. The cryptocurrency’s value dropped from $2,850 to $0.003028 overnight, which resulted in investors losing millions of dollars.
Robinhood Trading App Breach
Also in November 2021, a data breach of the trading app Robinhood affected the data of around 5 million users. Data like usernames, email addresses, and phone numbers were compromised through a customer support system.
Yet another cybersecurity attack against digital currencies, BitMart suffered a breach that enabled cyber criminals to steal approximately $150 million worth of cryptocurrency in December 2021. The attack resulted in total losses of around $200 million, including damages.
In December 2021, a zero-day vulnerability was discovered in the Log4j Java library. The remote code execution flaw is now active, and the resulting bug, Log4Shell, is being activated by botnets like Mirai.
HR platform Kronos suffered a ransomware attack that took the Kronos Private Cloud offline. The outage occurred shortly before Christmas and took the vital service down for several weeks.
Experian Security Breach
In August 2020, credit reporting agency Experian suffered a breach that affected 24 million consumers in South Africa and more than 793,000 businesses. The incident occurred when an individual who claimed to be a client requested services that prompted the data’s release. The stolen data was eventually secured and deleted, while Experian revealed it had not been used fraudulently and that its customer database, infrastructure, and systems had not been compromised.
MGM Hotel Attack
The data of more than 10.6 million customers of MGM Resorts hotels was leaked to a hacking forum in February 2020. The data included addresses, dates of birth, email addresses, names, and phone numbers belonging to celebrities, business executives, government employees, and tourists.
However, the hack did not breach users’ credit card details. The incident began in mid-2019 when MGM discovered unauthorized access to its server. Another data breach followed in February 2020, which saw user data published on an open, accessible forum.
California University Cyber Attack
The University of California, based in San Francisco, suffered a ransomware attack that led to hackers demanding a settlement payment of $3 million on June 1, 2020. The university’s system was targeted by malware that could encrypt various servers and steal and encrypt critical data. The university negotiated and paid a settlement fee of $1.14 million but later revealed no data had been compromised.
Cognizant Technology Solutions Corp. Cybersecurity Breach
Technology and consulting firm Cognizant was affected by the Maze ransomware attack on April 18, 2020. The attackers stole data and threatened to publish it online unless Cognizant paid a settlement fee. Cognizant later revealed it paid a ransom fee of between $50 million and $70 million to restore its services.
Tillamook County Cyber Attack
Tillamook County’s IT systems were infected by encryption malware on January 22, 2020. The attack shut down its computer and phone systems and took down the website that hosts its various departments. Tillamook County’s computer systems were down for at least two weeks, and attackers demanded $300,000 as settlement, which would double after two weeks, to restore the data. The county tried to avoid paying the settlement fee but could not restore the data and eventually settled.
As the COVID-19 pandemic broke, an attack targeting the World Health Organization (WHO) resulted in the breach of 25,000 email addresses and passwords. The data was leaked online on April 19, 2020, along with information belonging to other groups fighting the pandemic, including the Gates Foundation, the National Institutes of Health (NIH), and the U.S. Centers for Disease Control and Prevention (CDC).
Zoom Conferencing Service Breach
Videoconferencing service Zoom saw a massive increase in activity throughout 2020 with people working from home and speaking to friends and family through the application. However, in April 2020, a cyberattack known as Zoombombing enabled cyber criminals to join private meetings, access conversations, and share offensive images, videos, and screens. Zoom updated its application to enhance security levels.
Mitsubishi Electric Cyber Attack
A Mitsubishi Electric systems data breach resulted in around 200 MB of files being stolen. The breach, which was first detected in June 2019 but was reported in January 2020, contained employee and applicant information, data about retired employees from affiliate companies, and sales and technical material. The attack was caused by a vulnerability in the organization’s antivirus solution, which Chinese hackers exploited.
Hacker Theft of 18 Companies' Data
One of the most significant cyber attacks that occurred in 2020 was through a hacker known as ShinyHunters. The hacker stole around 386 million user records from 18 different companies between the start of the year and July. The attacker posted links to these companies’ databases, made them freely available to download, and sold data online.
Biggest Data Breaches
Cyber-attacks pose a significant threat to businesses of all sizes, government agencies, and individual internet users. Recent cyber-attacks have come from hacktivist groups, lone wolf hackers, and nation-states.
The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a graduate student at Cornell University, developed a worm program that would crawl the web to count how many computers were connected to the internet. However, the worm installed itself on one in seven computers and forced them to crash, which saw it inadvertently become the first distributed denial-of-service (DDoS) attack. The Morris Worm damaged around 6,000 computers, which then comprised 10% of the entire internet.
In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain Name System (DNS) root servers. The attack could have brought the internet down if allowed to continue and was then the most sophisticated and widescale cyber-attack ever launched.
Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks now regularly steal the data of hundreds of millions of people.
Below is an overview of some of the most significant cyber-attacks recorded in history.
Cyber attacks in the Russia-Ukraine Conflict
The Russia-Ukraine crisis, which began in February 2022, involved not just physical battles that displaced thousands and killed many—but cyberattacks as well. FortiGuard Labs has determined that new viper malware was used to attack Ukrainian targets and discovered it installed on at least several hundred machines in Ukraine. Several Ukrainian organizations have also been targeted by sophisticated attacks that used the KillDisk and HermeticWiper malware strands, which appear to destroy data on devices.
In addition, a tool that remotely controls devices, Remote Manipulator System (RMS), was found to have been distributed in Ukraine via fake “Evacuation Plan” emails. Ukraine also suffered a wave of distributed denial-of-service (DDoS) attacks. This included an attack targeting the State Savings Bank, which impacted banking services and cash withdrawals from ATMs, as well as disrupted the Ministry of Defence and Armed Forces networks.
Adobe Cyber Attack
In October 2013, software company Adobe suffered a cyber-attack in which hackers stole credit card data from nearly 3 million customers. The attack also saw login credential data, including usernames and hashed passwords, of up to 150 million users stolen. Further research into the attack discovered that the hackers had also stolen customer names, identification data, passwords, and more debit and credit card data.
It also paid around $1 million to customers as a financial settlement because of unfair business practices and violating the Customer Records Act. Furthermore, the settlement included a provision that Adobe should implement security measures and submit the results of an independent security audit one year after the final settlement date.
Canva Security Breach
In May 2019, the graphic design website Canva suffered an attack that exposed email addresses, names, cities of residence, passwords, and usernames of 137 million users. Hackers were also able to view but not steal files that included partial payment and credit card data.
The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to boast about the attack. They claimed to have obtained users’ open authorization (OAuth) login tokens, which are used for logging in via Google.
Canva confirmed the attack, notified its users, and prompted them to update their passwords and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords was later shared online, which resulted in Canva having to invalidate any passwords that remained unchanged.
More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and usernames—was stolen from the video messaging service Dubsmash in December 2018. A year later, the data was made available for sale on dark web site Dream Market as part of a dump of data that also included information from attacks on Armor Games, Coffee Meets Bagel, MyHeritage, MyFitnessPal, and ShareThis.
Dubsmash acknowledged that its systems had been breached and the stolen data put up for sale, and advised users to change their passwords. However, it has not reported how attackers gained access to the data or confirmed the attack scale.
eBay Data Breach
A cyber attack in May 2014 exposed the account list of eBay’s 145 million users. The attack, which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as hackers obtained three eBay employees’ credentials. Attackers gained complete access to the entire eBay network for 229 days.
eBay asked customers to update their passwords, for which it received criticism over its poor communication and password-renewal process implementation. The auction site also advised that financial details, such as credit card information, were stored in a separate location and had not been compromised.
LinkedIn Cyber Attack
The business social network LinkedIn is a common target for cyber criminals launching social engineering attacks. It has also suffered major cyber attacks that leaked its users’ data.
The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a Russian hacker forum. The attack’s true size was revealed four years later when a hacker was discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins, which were then worth around $2,000. LinkedIn acknowledged the breach and reset passwords on all accounts that had been affected.
Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access to the service’s infrastructure. This included a database storing user profile data, such as usernames and hashed passwords. The attackers also injected code that enabled them to steal plaintext passwords when users entered them.
Slack revealed the attack affected around 1% of its users, estimated to be around 65,000 users. It immediately reset their passwords and advised all users to reset their passwords and implement security measures like two-factor authentication (2FA).
Four years later, a Slack bug bounty program revealed a potential compromise of Slack credentials, which it suspected was due to malware or users recycling passwords across online services. It subsequently realized that most of the credentials affected were from accounts that accessed the service during the 2015 incident.
Yahoo! Cybersecurity Breach
Cyber attacks targeting the internet provider Yahoo are widely acknowledged as the most significant data breaches in history. The state-sponsored attacks, which began in 2013, affected all of Yahoo’s 3 billion users.
In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’ names, email addresses, telephone numbers, and birth dates. Three months later, the company revealed a breach from 2013, which was carried out by another attacker and compromised its users' names, email addresses, passwords, dates of birth, and security questions and answers. Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to its entire user base of 3 billion people.
Games developer Zynga, which created various popular games that users accessed via Facebook, suffered a massive cyber attack in September 2019. The attack by Pakistani hacker group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga games Draw Something and Words With Friends. It compromised the email addresses, hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.
The volume of cybersecurity incidents is expected to increase through 2022—not to mention the damage victims will incur as a consequence. Trends that organizations need to be aware of include:
- Increased hardware usage: Software programs enable businesses to achieve great results and form new strategies. However, they are also highly attractive to cyber criminals. As a result, moves toward hardware are expected to gather speed, although businesses should not reduce their investments in upgraded software.
- Remote work attacks: Cyberattacks targeting remote workers are expected to increase further through 2022. Hackers are constantly evolving their tactics in line with employees’ ways of working and will continue to take advantage of potential downtime and network vulnerabilities.
- Growing government interest: Attacks on critical infrastructure have attracted the attention of global government agencies. 2022 will likely see increased investment and new regulations that aim to prevent massive cyberattacks against high-priority targets.
- Ransomware targeting SMBs: Cyber criminals rarely discriminate based on the size of businesses. As governments increase investment to defend critical infrastructure, ransomware groups will shift their focus to target small and medium-sized businesses (SMBs) who have less funding, staffing, and security expertise.
- The rise of AI defenses: The increasing sophistication of various cybersecurity incidents in 2021 means organizations need to improve their defenses. Artificial intelligence (AI)-powered solutions will enable smarter, faster, more proactive security that plugs the existing gaps in the cybersecurity industry.
How Fortinet Can Help
Fortinet helps organizations prevent cyber attacks and keep their data, networks, systems, and users safe from hackers. The FortiGate next-generation firewalls (NGFWs) protect businesses from the latest attack vectors and keep them safe from increasingly sophisticated techniques. Fortinet NGFWs filter network traffic to help organizations identify attacks and offer features like packet filtering, network monitoring, and IP mapping.
They also include capabilities such as deep content inspection that identify and block threats, application control, advanced visibility, and intrusion prevention. The NGFWs block malware and offer future updates that enable them to evolve with the cyber threat landscape and protect businesses from the latest threats as they arise.
Additionally, organizations must ensure they keep all software up to date and use processes like encryption, passwordless authentication, and multi-factor authentication (MFA) to secure data and services and provide secure wireless networks.