Top 3 Cyber Intrusions of the Decade: 2010-2019

A lot has happened in the past ten years for cyber intrusions and data breaches. We want to round out the end of the decade with our top 3 cyber intrusions.

Stuxnet: 2010

Stuxnet was discovered around June 2010 by Belarusian antivirus company VirusBlokAda. U.S. based antivirus company Symantec was the first to reverse engineer the malware and Ralph Langer, an Industrial Control System specialist, provided the last piece of the puzzle. Langer discovered that Stuxnet controlled Programmable Logic Controllers (PLC) that are associated with a specific controller manufactured by Siemens. These controllers were also specific to centrifuges that were installed in Iran’s Natanz nuclear enrichment lab. The malware caused the centrifuges to spin wildly out of control by either speeding up, or slowing down, their RPMs. By doing this it caused the hardware to destroy itself and fail. It’s been hinted at that Stuxnet was a joint operation between the United States and Israel.

In the book “Countdown to Zero Day,” by Kim Zetter, she mentioned that Stuxnet was the first malware of it’s kind to cause physical damage to something in a real world attack.  Through her research she found that Project Aurora, that was conducted at Idaho National Laboratory, was the first documented piece of code that could destroy a physical machine.  Click here to see it on YouTube.

Sony Pictures Hack: 2014

Where to being with Sony? Between their installing rootkits on peoples’ computers when playing a CD and the PlayStation Network hack, the Sony Pictures hack stands out the most, as those who tuned in witnessed a near real time implosion of a company.

The group who claimed responsibility of the hack, Guardians of Peace, infiltrated Sony Pictures’ internal network, allegedly stealing over 100 terabytes of data. They also installed wiper malware that erased data on company hard drives. Guardians of Peace threatened Sony Pictures that they would release the data they stole if they didn’t give in to their demands, one of which was to not release the film “The Interview.” The movie was a comedy about assassinating North Korean dictator Kim Jong Un. The group made good on it’s threats by releasing data they stole and prevented Sony Pictures from releasing the file. To this day, it’s been alleged that North Korean threat actors were behind the attack.

Equifax breach: 2017

We’re including Equifax as one of the top three because of the size and severity of the data stolen, which still has not surfaced on the dark web yet. Roughly 140 million U.S. citizens had their social security numbers exposed. Some drivers licenses and credit card data were also part of the breach.

We covered the initial fall out of the data breach here. One interesting thing that we’ve spoken about, but didn’t include in the original post, is a research team found a login portal for some South American properties Equifax held that had the default username and password as admin/admin. You can read more of the gory details by journalist Brian Krebs here.

Honorable Mentions

Cambridge Analytica: 2018  50 million Facebook users compromised.  We feel that this, in conjunction with the IRA, was the beginning of the weaponization of social media.

Marriott Data breach: 2018  Up to 500 million guests compromised. Among the stolen data included passports and credit card numbers.

Suprema hack: 2019 Security company that has a biometric lock platform was breached where “…fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence[sic] contractors and banks.” [Source]

What these three events represent

With Stuxnet, it showed us a stark reality of where wars of the future will be fought and just how fragile critical infrastructure is.

The Sony Pictures hack felt like a test bed for the future of ransomware attacks. Since this hack, we’ve seen news of WannaCry shutting down multiple hospitals that are part of the UK’s National Health Service and other variants of ransomware taking other healthcare providers, schools, and municipalities offline. As private citizens and businesses continue to move, and store data, to the cloud, these attacks will ramp up against these providers.

Equifax is the poster child of what a business should not do. Lackadaisical patch management, gross negligence, botched public notification, and a lack of accountability on their part. We as consumers also need to do our own due diligence to protect our stuff, but Equifax felt different as they possess our most valuable data which we’ve never consented to them having. Our belief is that Equifax also represents the need for consumers to have significantly more control over their personal data.

Let us know your thoughts. What did we get right or wrong? What cyber incidents did we miss over the last decade that should be included?