100+ Top Privacy and Security Stories of the 21st Century

Abeerah Hashim - Security Expert

Last updated: June 21, 2024

Facts checked by Ali Qamar

These top privacy and security stories of the 21st century highlight various underlying causes and teach critical lessons. Let's dive in!

THE TAKEAWAYS

Since the beginning, the 21st century has been a roller coaster ride for the cybersecurity community. From the ever-evolving cybersecurity threats to the changing IT requirements of the remote-working model, security officials have had to deal with a lot of technical stuff. Consequently, the past years have provided us with many privacy and security stories that can serve as a lesson for IT personnel to devise their security plans in the future. This article quickly reviews top memorable stories with a lesson for everyone.

Cybersecurity experts have been busy since the beginning of the 21st century (even before that).

While data breaches were already on the rise, we witnessed a particular increase in ransomware attacks this year.

This is all in addition to businesses’ and consumers’ childish behavior toward securing their systems, fixing bugs, and paying attention to their online privacy.

Perhaps, this is why, despite repeated alerts and recommendations, the cybercriminals succeeded in their malicious activities. Today, seeing businesses shutting down due to hackers is not shocking.

So, with this article, we list the top privacy and security stories of the 21st century (2000 till now).

Some fascinating cyber attack statistics of the 21st century

A 2013 security breach at Yahoo led to the unauthorized access of 3 billion user accounts.
In 2014, another notable breach compromised 145 million eBay users.
On average, every 39 seconds, a computer connected to the internet faces a hacking attack.
Every year, 33% of Americans experience a significant cyber attack on their computer.
As a result of hackers gaining access to credit and debit cards, Target extended a storewide discount of 10% and free credit monitoring services to affected customers.
LinkedIn had over 117 million account credentials, including emails and passwords, stolen in 2012.
Also 2013, MySpace’s security breach exposed a database with over 427 million passwords and 360 million emails.
Since 2020, cybercrime has risen by over 600%.
The world loses over $6 trillion yearly to cybercrime.
By 2025, the cost of cybercrime per year will rise to over $10.5 trillion.
Over 71.7 million fall prey to cybercrimes annually.
On average, ransomware attacks are 57 times more destructive in 2023 than they were 10 years ago.
Identifying and resolving a data breach takes an average of 277 days.
Cryptojackers earn an average of $1,600 per month from the crime.

100+ interesting privacy and security stories from 2000 till now

1. Travelex paid for recovery after a ransomware attack

The year began with the news of a devastating attack on the British currency exchange Travelex. The incident was just towards the end of 2019, and its effects lasted for months in 2020.

On December 31, 2019, Travelex services suddenly went offline, including their websites and mobile apps. The firm disclosed the incident as a cyber attack. However, some users and other observers could judge the involvement of malware in it.

Eventually, on January 7, 2020, it surfaced online that the firm had suffered a ransomware attack from the Sodinokibi gang.

Investigations revealed that Travelex was running vulnerable Pulse Secure VPN servers that facilitated the attack despite the patches’ availability.

The attackers encrypted the Travelex network and stole data before that.

In the following weeks, Travelex gradually restored its services (seemingly) while claiming that it found no evidence of data loss. Although the attackers claimed to have stolen 5 GB of personal data, they threatened to leak upon the ransom’s non-payment.

In April 2020, it turned out that Travelex paid $2.3 million as a ransom to the attackers (they had demanded $3 million). Besides this fact, no further details about handling compromised data surfaced online.

2. CoronaVirus ransomware emerged amidst phishing attacks

As COVID-19 transformed into a pandemic, cybercriminals also leveraged the opportunity to conduct cyber attacks.

Consequently, exploiting digital reporting practices, the perpetrators started attacking users with COVID-19-themed phishing campaigns.

These emails impersonated medical facility alerts informing the recipient about contracting the virus. The emails also included an attachment that the sender asked the recipients to print and take to the nearest medical facility. This attachment had malware embedded in it that would execute upon opening the attachment. Once executed, the malware would then steal data from the target devices.

Besides this malware, the threat actors also leveraged the disaster to develop CoronaVirus ransomware that covered Kpot infection. It was a unique ransomware attack demanding only 0.008 BTC (roughly $50 at that time).

3. Zoombombing threatened the privacy of web conferences

Just when work-from-home started becoming a new normal, and the companies rushed going online, Zoom – the popular video conferencing platform – observed a spike in its customer base.

And this popularity made the firm realize the plethora of vulnerabilities their platform had.

Eventually, we heard of a new term, “Zoombombing,” leading to many stories about users’ privacy and security. It is the practice of exploiting different glitches and vulnerabilities to break into strangers’ video meetings. Some did it for trolling, some for stealing information. And the attacks affected every niche, from business meetings to schools’ online classes.

But, whatever the reason could be, such intrusions or Zoombombings compelled the firm to take several security measures to fix the glitches. The aim was to prevent any means of intrusions during video meetings and tighten Zoom security.

Also, they rolled out two-factor authentication and the much-anticipated end-to-end encryption.

4. Israel’s water systems hacked

Israel marginally escaped a severe disaster earlier this year that could have seriously damaged its health situation.

Precisely, the nation suffered back-to-back cyber attacks on its water treatment systems.

The first attack happened in April 2020 that was swiftly caught and thwarted. The attackers attempted to take over the plant’s digital system and alter the quantity of chlorine to be added to the water.

If it succeeded, this disturbance could have induced mild poisoning and other health conditions among the persons receiving water from the affected plant due to the intake of improper quantities of chlorine.

After this attempt, two more similar attacks targeted Israel’s water systems in July 2020. These attacks were also repelled without damage, though.

The Israel National Cyber-Directorate (INCD) and the Water Authority urged the water treatment facilities to reset all internet-connected equipment passwords.

5. BlueLeaks exposed secrets from hundreds of US police departments

In June 2020, inspiration from WikiLeaks, “DDoSecrets” (Distributed Denial of Secrets), attempted to dump sensitive data online.

Dubbed “BlueLeaks,” they dumped an extensive archive of around 270GB online, including critical information from over 200 police departments spanning over 10 years, according to DDoSecrets.

However, the National Fusion Center Association (NFCA) mentioned that the data actually spanned over 24 years (from August 1996 to June 19, 2020). It included critical data such as names, phone numbers, email addresses, emails with attachments, PDF documents, image files, texts, videos, ZIP, and CSV files.

They also elaborated in their alert,

Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.

Analyzing the data made NFCA deduce how the attackers would have exfiltrated the data. They compromised a customer account on the Netsential web platform – a service used by fusion centers, law enforcement agencies, and others. They then exploited the upload feature to inject malicious content that allowed downloading the data.

6. Apps used to store users’ clipboard data

Apple users’ confidence in their devices’ privacy features seemed overconfident when researchers caught how many apps had accessed what the users copied and pasted.

Two researchers, Tommy Mysk and Talal Haj Bakry, discovered many popular apps from different niches used to access the device clipboard without users’ consent explicitly. The app accesses the clipboard’s text whenever a user opens such apps.

Some popular apps exhibiting this behavior also included TikTok, Truecaller, and Viber. Games like Bejeweled, 8 Ball Pool, and PUBG Mobile, and news media like Al-Jazeera, CNBC, Fox News, and many others.

After their disclosure via a report, many of the apps stopped this behavior. The researchers have listed all the app names in their report.

Their research specifically addressed the apps’ behavior with iOS 13.3. With iOS 14, Apple rolled out a feature to notify the users whenever an app would access the clipboard.

With this feature, it turned out that LinkedIn and Reddit also spied on users. Nonetheless, both fixed the glitch later on.

7. Blackbaud security breach triggered a domino effect on universities

In July 2020, Blackbaud, a cloud service provider firm, disclosed a cyberattack that actually hit the firm in May 2020.

In their security notice, Blackbaud openly admitted to having suffered a ransomware attack for which they also paid. Though they assured that the incident didn’t affect sensitive data like bank information, they still paid the ransom to ensure the attackers deleted the stolen data.

Things seemed fine until then, except the company was late disclosing the breach as per the EU GDPR.

However, the actual disaster surfaced online when tens of universities and other organizations admitted to suffering the impact of the Blackbaud cyber attack.

The customers who got information about the attack from Blackbaud two months after the incident belonged to the US, the UK, the Netherlands, and Canada.

Eventually, in October 2020, via an 8-K Form filing, the company admitted that the incident also affected sensitive information, including the customers’ bank account data.

8. Vulnerabilities in critical US infrastructure uncovered

Researchers shared horrifying details about the security status of critical infrastructure in the United States. Briefly, here’s what they found,

By scanning IP blocks for open ports in the US IP address range as part of an internet mapping project, we found several unprotected and accessible Industrial Control Systems in the country.

The report continued,

Industry, institutions, and cybersecurity experts are all aware of the dangers associated with outdated ICS systems. But as our research shows, many ICS access points in the US, particularly in water and energy sectors, are still vulnerable to attacks.

Thankfully, the glitch received a fix after reaching out to CISA, CERT, and the respective owners of the vulnerable ICSs.

9. Huge hacking attack took over verified Twitter accounts

In July, Twitter users, especially the key ones, including world leaders and influencers, faced a pretty embarrassing situation when they found their accounts promoting crypto scams without them knowing.

Within a short time, Twitter confirmed having suffered a massive cyber attack. It also confirmed the unrest via a series of tweets through its official support account.

While recovering from the incident, they started investigations and then updated the users via a detailed post.

It turned out that the attackers basically targeted Twitter employees with spearphishing to gain access to their account credentials. This eventually allowed the attackers to break into Twitter’s infrastructure.

10. Android banking trojans kept everyone busy

The emergence of Android malware is nothing new. However, this year, we witnessed a particular stir regarding Android banking trojans, apart from their malware.

At first, the 2019’s prominent Android banking trojan Cerberus was found to have acquired a significant upgrade. Researchers revealed that the trojan could even steal 2FA codes from the Google Authenticator app.

Later, Cerberus even appeared on the Google Play Store, mimicking a cryptocurrency converter app.

Meanwhile, another mobile banking trojan, EventBot, emerged as a new threat.

After that, BlackRock Android malware appeared to join the list of devastating trojans by targeting over 300 apps.

Then came a moment to breathe a sigh of relief as Cerberus hinted about its departure, after the team breakup, in late July.

But, shortly after, researchers caught a new banking trojan, dubbed ‘Alien,’ in the wild running active campaigns. This malware seemed a fork of Cerberus.

These trojans specifically steal banking data from the users’ devices for those who don’t know yet. For this, they either impersonate banking or financial apps or overlay such apps’ login screens to steal data. Though, they can perform a variety of other malicious activities as well.

These trojans are dangerous as they can cause severe financial damage to the victims.

11. Cyberattack at UHS hospitals network and others amidst COVID-19 peak

While hospitals were already at biological risk as they attended an overwhelming number of COVID-19 patients, they also suffered a digital blow. The situation then became even more painful, not only for the patients but also for the medical staff.

A ransomware attack targeted Universal Health Services in September 2020, causing service disruptions.

Then, in October, a wave of ransomware attacks targeted multiple hospitals in New York and Oregon. Soon after, another cyber attack hit the University of Vermont Health Network facilities. This was also believed to be a ransomware attack.

(Well, the cybercriminals were truly heartless, weren’t they?)

12. Malicious apps running adware campaigns targeted Android/iOS users

In September, a teenage TikTok user drew attention to a serious threat to Android users.

Briefly, the girl found aggressive promotion of an app via TikTok, about which she alerted Avast. Scratching the surface made Avast unveil a well-orchestrated adware campaign running via seven apps with over 2.4 million downloads. These apps exist on both the Apple App Store and Google Play Store.

In June 2020, Avast unveiled 47 mobile apps with over 15 million downloads in the HiddenAds campaign.

13. Microsoft’s Zerologon vulnerability went under exploit

Once again, not paying attention to updating the systems incurred huge damages to various businesses.

Briefly, a vulnerability, identified as CVE-2020-1472, affected the Netlogon Remote Protocol. Exploiting this bug could allow attackers to gain elevated privileges upon connecting to a domain controller.

This is what actually happened later. While Microsoft already patched the vulnerability in August 2020 whilst releasing the monthly Patch Tuesday updates.

However, instead of catching the users’ attention, the bug caught the attention of cybercriminals.

Eventually, a trail of security breaches happened, affecting different firms as the attackers used publicly known exploits on vulnerable systems, ultimately transforming the vulnerability into “Zerologon.”

14. Multiple attacks on COVID-19 vaccine firms

Amidst all the biological and cybersecurity chaos throughout 2020, the research firms succeeded in developing vaccines against COVID-19.

But it seemed the perpetrators didn’t like it much, or they became curious about the vaccine. In December, reports about a cyber-attack hitting the European Medicines Agency (EMA) surfaced online. As revealed, the incident also caused a data leak regarding developing the Pfizer Inc and BioNTech COVID-19 vaccine.

Before that, in November, North Korean hackers targeted COVID-19 vaccine front-runners, including AstraZeneca, Johnson & Johnson, Novavax, and the South Korean firms, Celltrion, Genexine, and Shin Poong Pharmaceutical.

(Is a malicious COVID-19 vaccine in the making? We hope not!)

15. SolarWinds cyber attack

As 2020 ended, the most devastating cyberattack of the year surfaced online.

Reportedly, the perpetrators, presumably, Russian state actors, injected malicious codes and backdoors to an Orion Platform product from SolarWinds. This allowed them to spy on and steal data from the product’s users.

SolarWinds is a software development firm having numerous US federal agencies and Fortune 500 companies in its customer base.

Eventually, a whirlwind of disruption surfaced online as multiple big names appeared on the victim list.

16. DoD & NASA cyberattacks

Known as one of the earliest cyber attacks in history, the DoD and Nasa incidents caused NASA systems to go offline for 21 days. A teenager orchestrated the breach, infiltrating NASA and DoD networks.

The hacker created a backdoor end on the servers and downloaded high-level software worth over $1.7 million. While no further attack happened, the security breach resulted in a 21-day shutdown of NASA networks. The teenager was found guilty and held for 6 months in a detention facility.

17. CardersMarket hacked

This cyberattack compromised 2 million credit cards and resulted in fraudulent purchases worth $87 million.

The attack happened through several exploits and targeted multiple victims on the dark web. Specifically, the attacker targeted credit card resellers’ markets belonging to competitors, which he used to create his own database. This move caused significant damage to the competitors, making this attack one of the biggest in history.

The perpetrator, Max Butler, using the pseudonym ‘The Iceman,’ executed the attack. He later pleaded guilty to two counts of wire fraud and received a 14-year sentence, the longest incineration on a cyberattack-related charge. Furthermore, the court also imposed legal fines amounting to $40 million in restitution to the victims.

18. Heartland Payment Systems breached

In 2009, Heartland Payment Systems disclosed that its systems suffered a breach the previous year. As one of the world’s top 5 card data processors, the breach significantly affected up to 100 million cards and over 650 financial service companies.

Several attackers, including Albert Gonzalez and two Russians, were charged with the breach.

Visa temporarily halted operations with Heartland until the company could verify its compliance with the Payment Card Industry Data Security Standard (PCI DSS). Heartland also enhanced its security measures by encrypting its entire account information system, setting a new trend for increased security in the card processing industry.

19. Stuxnet developed as a state weapon

Israeli secret agencies and the US joined hands to develop Stuxnet meant to jeopardize Iran’s nuclear weapons program.

The worm would see the destruction of the SCADA equipment found in the manufacturing process, specifically in fuel enrichment. The efforts bore fruits leading to the destruction of the nuclear equipment.

Stuxnet grew in popularity across mainstream media worldwide. The incident marked the onset of a new generation of cyber-war.

20. Operation Aurora – the Google Hack

Google has also been a victim of cyber attacks. The company faced a series of attacks dubbed “Operation Aurora” instigated by the Chinese government’s military. Despite taking place in the 2000s, the attacks surfaced in 2010.

The cyberattack targeted not only Google but also some of the biggest tech giants at the time, including Yahoo, Adobe, Morgan Stanley, Juniper, Symantec, Rackspace, and Northrop Grumman.

Google hack was a turning point in the company’s business operations. It marked the end of its ties with the Chinese government, particularly search results censoring and operational shutdown.

21. The Press Release hackers

Cybercriminals from Eastern Europe infiltrated multiple newswire systems to pilfer pre-release press statements between 2010 and 2015. While this may seem pointless, it was one of the most intelligent attacks of the time.

The cyber criminals utilized the confidential data to anticipate stock market changes and make trades that generated over $100 million in profits.

In 2016, the US Securities Exchange Commission (SEC) and the US Department of Justice (DOJ) caught up with the criminals.

22. LulzSec and the “50 days of lulz”

This attack involved cybercriminals targeting video game companies, multinationals, and government agencies. One of their legacies is the ’50 Days of Lulz’ campaign that attracted so much attention across media channels.

The mocking and brave tone in public spaces makes this attack quite interesting. The group bragged about its accomplishments but was later caught up in 2011.

23. Diginotar hack changes the browser landscape

The DigiNotar hack of 2011 is a lesser-known event that significantly impacted internet security. It involved Iranian government hackers breaching DigiNotar and using it to create SSL certificates for mainstream websites such as Gmail and Google.

The attackers then used these certificates to infringe on encrypted traffic and monitor over 300,000 Iranians. The investigation uncovered severe security and business issues within the Dutch company.

Later, all major browsers declined to verify HTTPS websites running under DigiNotar certificates. This event caused Google, among other tech-based companies, to stay alert. As a result, the entire practice of issuing SSL/TLS certificates underwent a revamp.

Many of the protocols and procedures implemented following the DigiNotar hack remain in use to date.

24. Sony PlayStation hack and massive outage

Sony reported a security breach that infringed on the private information and financial data of 77 million PlayStation Network users in 2011. The extent of the hack was one of the biggest hacks at the time and had far-reaching consequences for Sony.

Sony terminated Sony PlayStation Network for 23 days, leading to reduced profits and lawsuits filed by users quoting credit card fraud. To make things right, Sony had to provide users with free PlayStation 3 games to entice them back online.

The hack is notable because it highlights the severe impact of inadequate security on a company. Sony’s case also triggered a new trend where firms added a clause to their terms of Service that restricted individuals from taking legal action based on security breaches.

Although such clauses were not new, Sony’s approach made them popular, leading other companies to adopt a similar policy.

25. Shamoon and its destruction

Shamoon, or DistTrack, is a malicious software developed in Iran to respond to the Stuxnet attack. The Iranian government created the cyber weapon in 2012, having learned the devastating effects of malware.

Shamoon’s main function is to wipe data. The attackers used it to destroy over 35,000 workstations on Saudi Aramco’s network, which caused the national oil company to suffer for weeks. The attack resulted in Saudi Aramco purchasing most of the world’s hard drives to replace their damaged PC fleet.

This drove up the prices of hard drives and caused vendors to struggle with meeting the demand for months.

26. Flame malware discovered

Kaspersky discovered the Flame malware presumably linked to the Equation Group, a codename for the US NSA. It seemed the most advanced and sophisticated malware ever created until Regin surpassed it in 2014.

Flame’s discovery highlighted the technical gap between the US and other nation-state groups’ cyber arsenals. Reportedly, Flame was part of the same hacking tools used as Stuxnet and was primarily used against Iran.

Its discovery became a significant moment in the escalation of cyber espionage worldwide.

27. Snowden revelations caused a stir

Snowden leaks represent the most significant cyber-security incident in recent years. He unveiled a worldwide spying network established by the US, and its Five Eyes allies post 9/11, making nations such as China, Russia, and Iran develop their own surveillance systems.

They also facilitated the intensification of foreign intelligence collection, contributing to a surge in cyber espionage.

Today, numerous countries promote ideas like ‘national internet’ or ‘internet sovereignty’ to rationalize monitoring their citizens and controlling internet content.

28. Target hacked with POS malware

POS malware emerged in 2013 when Target acknowledged that cybercriminals installed malware on its in-store systems to gather payment card information. While POS malware events had occurred previously, this marked the first instance of a large-scale breach involving a prominent retailer.

More retailers endured POS attacks in the subsequent years. It later surfaced online that cybercriminals use stolen credit card data to produce counterfeit cards and drain consumers’ bank accounts.

29. The Adobe hack affected millions of users

Adobe faced a cyber security incident in 2013 after criminals stole over 153 million user data. Some of the information stolen included passwords, user names, source codes, and email addresses.

The cybercriminals availed the information for purchase on the dark web. This incident pioneered the need for creating strong passwords for online platforms.

30. Silk Road takedown

The Silk Road was a prominent dark web marketplace operating on the Tor network that shut down in 2013. This event demonstrated that the dark web and Tor were not invulnerable, and legal authorities could penetrate this seemingly impenetrable area of the internet.

Following the Silk Road’s closure, numerous other marketplaces emerged but couldn’t survive for long. However, many either succumbed to exit scams (where administrators absconded with users’ funds) or eventually faced dismantling by legal authorities.

31. Saudi Aramco endured a terrible cyberattack

The Saudi Aramco incident impacted over 30,000 computers, where hackers wiped private data. It also affected some of the world’s largest oil producers, causing problems in their supply chain process.

Cybercriminals used a Shamoon virus to locate and wipe data. Hackers successfully destroyed massive amounts of data, bringing the company operations to a standstill.

While the attack didn’t significantly affect the company’s profit margins, it’s a key example of the impact cybercriminals could have on your business processes and operations. The perpetrators were Iranian, despite the Iran government denying any involvement.

32. HaveIBeenPwned (HIBP) site emerged online

HaveIBeenPwned.com website emerged in December 2013 to provide users an easy way to check if Adobe breach had compromised them.

The site currently features databases from over 410 breached sites and data on over 9 billion accounts. It works with Mozilla Firefox, password managers, corporate systems, and even some government platforms. Overseen by Australian security specialist Troy Hunt, the site has significantly enhanced the security stance of organizations worldwide.

33. North Korea’s brazen Sony Hack

The 2014 Sony Pictures breach undoubtedly marked the world’s realization of North Korea’s skilled hackers. A cybercriminal group named Guardians of Peace or Lazarus Squad orchestrated the attack, linking to North Korea’s intelligence network.

The hack intended to intercept the release of the film The Interview, a comedy centered around an assassination attempt on Kim Jong-un, North Korea’s leader. When Sony resisted, the hackers demolished the company’s internal network and exposed sensitive information online.

This seemingly minor hack allowed cybersecurity firms to grasp the extent of North Korea’s hacking capabilities. It proved valuable in subsequent years for handling many other incidents.

Before this event, North Korean hackers mainly targeted South Korea; however, after the breach and the sanctions imposed by President Obama, their operations expanded worldwide, making North Korea a prominent player in cyber espionage and cybercrime.

34. Celebgate brutally targeted celebrities

Cybersecurity firms continue referencing Celebgate or The Fappening in educational sessions on spear-phishing and the consequences of not verifying password reset emails.

Hackers targeted celebrities with fake password reset emails 2014, deceiving them into submitting their Gmail or iCloud passwords on phishing websites. The hackers then accessed the accounts, discovered explicit content, and leaked it online.

While subsequent “Fappening” incidents occurred in later years, the initial leaks transpired in the summer of 2014.

35. Carbanak APT campaigns targeted financial institutions

There was a common misconception that hackers interested in making money typically targeted individual consumers, small retail stores, or businesses. However, the emergence of Carbanak or the Anunak or FIN7 and subsequent reports revealed that a highly skilled group of hackers could steal money directly from banks themselves.

The reports, produced by Kaspersky Lab, Fox-IT, and Group-IB, detailed Carbanak Group’s advanced tactics. Their technical skills allowed them to infiltrate a bank’s internal network and remain undetected for extended periods.

The group was able to steal significant funds through coordinated ATM cashouts or SWIFT bank transactions. The Carbanak group supposedly stole over $1 billion from compromised banks, a feat that no other group has performed yet.

36. Mt. Gox crypto exchange hacked

While the Mt. Gox cyberattack was not the first hacking attempt on a cryptocurrency exchange, it remains the largest cyber-attack in the cryptocurrency industry.

The 2014 hack, which remains shrouded in mystery, resulted in the theft of 850,000 bitcoins valued at more than $6.3 billion today.

At the time of the hack, Mt. Gox was the largest cryptocurrency exchange globally. This triggered a target on exchange platforms because of their relatively weaker security than traditional banks.

37. Phineas Fisher boasted ‘Robin Hood’ style

Phineas Fisher emerged in 2014 as a hacktivist who targeted companies that produced spyware and surveillance tools.

He successfully breached both Gamma Group and HackingTeam in 2014 and 2015, respectively, and shared confidential documents, source code, and zero-day vulnerabilities from the companies’ spyware tools.

Through Phineas’ leaks, the previously obscure industry of companies selling hacking, spyware, and surveillance tools to governments worldwide came into the limelight.

Although some of these tools supposedly helped catch criminals, they were also sold to oppressive governments. The authorities used them to spy on their people, including dissidents, journalists, and political rivals.

38. Heartbleed security flaw discovered

The Heartbleed security flaw found in OpenSSL was an exceptional vulnerability that seemed almost too perfect to be real. This bug enabled hackers to obtain cryptographic keys from open servers, providing them access to decrypt data and authenticate on vulnerable systems.

Despite repeated alerts, some server operators neglected to patch their OpenSSL, leading to a series of hacks in 2014 and beyond.

Upon disclosure, approximately 500,000 internet servers seemed vulnerable, taking years to lower.

39. Ashely Madison Data breach

While there have been numerous data breaches, the largest was the Ashley Madison breach in 2015.

In July 2015, a group of cybercriminals named ‘Impact Team’ publicly leaked a private database of Ashley Madison. It was a dating website marketed as a platform for extramarital affairs.

Many breaches expose usernames and passwords on outdated forums. However, the Ashley Madison breach incident was unique since it revealed people’s private affairs like no other breach before it.

The site users became the prime targets for extortion, which compelled many victims to suicide after public exposure. The incident is one of the few regarded as directly linked to a person’s death.

40. Anthem and OPM Hacks

These two hacks took place in 2015, leading to the loss of 78.8 million health records and 21.5 million records for Anthem and the US government, respectively. The Chinese government perpetrated the attacks against the United States to acquire intelligence.

The attack put China on the map as one of the great threats in the cyber world. Before the attack, China cybercriminals appeared less experienced and skilled than other nations. However, they have since become some of the most sophisticated attacks worldwide.

41. SIM Swapping

SIM swapping is a fraudulent activity where hackers deceive mobile operators into transferring a victim’s phone number to a SIM card controlled by the attacker. This technique was first reported in 2015.

It initially served incidents where cybercriminals reset social media passwords or hijacked usernames to resell them online. However, the technique became more prevalent as hackers realized they could use it to access cryptocurrency and bank accounts with this technique.

Telcos in the US are particularly vulnerable to these attacks because they allow phone number migration without requiring an in-person visit to one of their stores.

42. DD4BC and Armada Collective

DDoS extortion increased steadily in 2015. A group named DD4BC popularized the technique that would see cybercriminals threatening organizations with DDoS attacks and demanding ransoms.

Despite the arrest of DD4BC members in 2016, many others adopted the technique, such as the Armada Collective, which became more popular. These techniques remain used to date and pose a great danger to cybersecurity.

43. The Ukraine power grid hacks

The power grid in Ukraine experienced a cyber-attack in December 2015, resulting in power outages in western Ukraine. It was the very first successful attack on a power grid’s control system ever recorded.

The attack used Black Energy malware, and another similar attack occurred in December 2016, which utilized a more complex malware called Industroyer. The second attack cut off power to a fifth of Ukraine’s capital.

While Stuxnet and Shamoon were the first cyber-attacks against an industrial target, the Ukraine incidents were the first to impact the general public. Russian cybercriminals launched these attacks in Ukraine after Russia invaded the Crimea peninsula in 2014.

44. Bangladesh Bank cyber heist

The Bangladesh bank faced a hacking attempt that could leave the bank facing a loss of over $1 billion, but it ended up losing $81 million. The attack linked back to North Korea‘s elite cybercriminals.

The attempted hack had significant consequences for the banking industry. For example, SWIFT, the system used to move funds between banks internationally, underwent comprehensive security updates.

45. Panama Papers jolted up the world

The Panama Papers uncovered conspiracies surrounding the operations of the rich and the politicians. The exposé showed how the high class used tax havens to avoid paying taxes.

Although it is believed that while Mossack Fonseca held the data, cybercriminals could have orchestrated the hack and exposed such information to the public.

46. DNC hack

The Guccier 2.0 attacked Democratic National Committee, leaking documents and emails. US intelligence agencies blame Cozy Bear and Fancy Bear groups for the attack, which seem linked to the Kremlin.

Allegedly, private information stolen from the breach influenced the US presidential election. However, it is not certain whether or not the data had a significant impact on the election outcome.

47. Yahoo suffered repeated data breaches

Yahoo faced a series of attacks between 2013 and 2014, exposing over 3 billion user accounts. Some of the data lost during the event include birth dates, names, and email addresses, among other private information. The company received several lawsuits as a result of the incident. A significant memorable repercussion is a drop in the firm’s value to $350 million.

48. Year of the data dumps (peace of mind)

After the Yahoo attack, more companies were affected by a similar security breach. For example, firms such as Badoo, Fling, MySpace, Twitter, LinkedIn, QIP, OK.ru, Tumblr, and Rambler.ru were attacked.

The breaches saw over 2.2 billion users lose their privacy as their private data was sold in dark web marketplaces. These incidents were made public by traders such as Leaked Source and Peace-of-Mind.

49. The Shadow Brokers

The Shadow Brokers group exposed high-level hacking tools designed by the NSA, which posed a greater danger to cyber security. A month after the leak, one of the hacking tools was used in a WannaCry global attack.

50. The three ransomware outbreaks in 2017

It’s important to mention the three ransomware attacks that occurred in 2017: WannaCry in mid-May, NotPetya in late June, and Bad Rabbit in late October. All three were created by government-sponsored hackers but for different purposes.

North Korean hackers created WannaCry to infect corporations and demand ransom payments to generate funds for the country’s sanctioned regime. NotPetya and Bad Rabbit deployed cyber weapons designed to target Ukrainian companies owing to the Russian-Ukrainian conflict.

None of these entities intended to cause a global outbreak. However, each strain spread beyond its initial intentions due to its reliance on the EternalBlue exploit. The Shadow Brokers leaked these months before, which they didn’t fully understand then.

Ironically, despite being created by the Russian government, NotPetya and Bad Rabbit were more detrimental to Russian businesses than firms in other nations. This may explain why there haven’t been any untethered ransomware outbreaks since 2017.

51. Vault7 leaks

Considered one of the most impactful WikiLeaks leaks, Vault7Leaks exposed CIA secret weapons.

It uncovered the CIA’s technical capabilities, such as hacking and spying tools. While it was initially reported as an anonymous tip, Joshua Adam Schulte was later revealed to be the whistleblower.

52. The MongoDB apocalypse

System administrators have been neglecting their responsibilities for years and leaving databases exposed online without passwords. However, in 2017, hackers began to take advantage of this, leading to a series of attacks on unprotected servers.

This event, known as the MongoDB Apocalypse, gained momentum in early 2017, with hackers targeting various database technologies and leaving ransom notes behind. The attacks showed how vulnerable and misconfigured servers can easily attack and expose private data online.

A new category of security researchers named ‘breach hunters‘ emerged. They search for open databases and then inform the affected companies to help them avoid data breaches. Since then, these breach hunters have unveiled many security breaches and data breaches than by hackers leaking data online.

53. Equifax hack affected millions of American and British citizens

The Equifax hack resulted in the loss of 145.5 million private data of Canadian, US, and British citizens. The breach is known to have been caused by a failure in the firm’s critical server.

However, less is known about the intrusion and the motivation behind it. Regardless of these knowledge gaps, the breach is still regarded as one of the best in the history of cyber attacks.

54. Coinhive threatened websites with sneaky crypto-mining attacks

Launched in 2017, Coinhive allowed website owners to embed JavaScript code on their websites that would use visitors’ computers for Monero cryptocurrency mining (‘in-browser mining’).

While it served as a legitimate way for site owners to earn revenue without resorting to advertising, attackers frequently commandeered it for malicious purposes without users’ knowledge or consent.

In the end, Coinhive ceased operations in March 2019 due to decreasing user interest and increased regulatory scrutiny.

55. Crypto-jacking emerged as a new (but unsustainable) threat

Coinhive, the web service that enabled cryptocurrency mining through JavaScript, is directly linked to the rise and fall of crypto-jacking. Hackers often use it to target websites, video game modules, router control panels, and browser extensions.

Between 2017 and 2019, when Coinhive ceased operations, crypto-jacking or drive-by mining was a significant problem for internet users. This practice did not only slow down browsers but also drove CPU usage to alarming levels.

While the technique quickly lost its popularity due to limited profit margins for adversaries, it remained and still remains a significant issue for internet users.

56. Cambridge Analytica and Facebook fiasco

The Cambridge Analytical scandal that took place in 2018 gave people more reasons why they should hate Facebook. Initially, most people were skeptical about the company’s data collection practices. However, the scandal justified why users should be worried about their privacy and security on social media platforms.

It was revealed how Facebook collects and manipulates user data to understand personalities and predict human behavior. They used the data analytics results to create individual profiles and then sell them to political affiliates.

The case became one of the most popular incidents revealing just how far we’ve come regarding security breaches and political propaganda.

57. Meltdown, Spectre, and the CPU side-channel attacks

Meltdown and Specter are attacks that specifically target modern processors. They bypass memory isolation security, which is designed to protect the kernel address range from unauthorized user access. As a result, attackers can extract data from the operating system and other programs, sharing it with other malicious parties.

These incidents first appeared to the public on January 2018. They revealed the flaws in CPUs’ hardware that enable cybercriminals to infringe on private data processed inside them.

While there are no actual victims, the case exposed how manufacturers neglect data security in favor of profits, performance, and speed. The incident saw a significant change in how CPUs are designed today.

58. Magecart goes mainstream

Magecart attacks, web skimming, or e-skimming have occurred since 2016. However, they became highly prevalent that they couldn’t be ignored anymore. This was after reports of high-profile breaches involving British Airways, Inbent, and Newegg.

Cybercriminals jeopardized online platforms and implanted foreign code that could capture payment card information and relay it back to the hacker’s server. Although the original Magecart attacks have been modified severally, they have become one of today’s most significant cyber threats. Along with ATM skimming and POS malware, Magecart attacks are now one of the most common ways in which cybercriminal groups obtain people’s financial data.

59. Marriott hack

The Marriott hack gained traction due to its magnitude. The breach exposed the email addresses, names, addresses, credit card data, and passport numbers of over 500 million customers.

The Chinese government was suspected of being behind the incident, but this wasn’t substantiated. However, the company faced severe criticism for its data-handling practices and was subject to various legal precedents.

60. Uyghur surveillance exposed

The year 2019 will be remembered as the time when China’s inhumane actions towards its Uyghur Muslim minority in the Xinjiang region were brought to the forefront.

Mainstream media exposed China’s organ harvesting practices and forced labor camps, while security researchers also contributed to the conversation.

They revealed the use of facial recognition software to monitor Muslims in Xinjiang cities and disclosed iOS, Android, and Windows vulnerabilities deliberately designed to infect and track the Uyghur population.

61. Big game hunting skyrocketed

Ransomware has been a persistent problem throughout the 2010s. However, in 2019, a particularly dangerous version termed ‘big game hunting‘ gained notoriety.

Big game hunting consists of ransomware attackers who target significant entities like corporate networks instead of individuals or small-scale targets. This approach enables hackers to demand more money from the victim organizations, who stand to lose far more than just personal data.

The term ‘big game hunting’ was first developed by CrowdStrike to explain the modus operandi of several ransomware gangs. Since then, the number of groups using this tactic has exceeded ten.

In 2019, big game-hunting ransomware attacks intensified, with most attacks targeting managed service providers, US schools, and local governments. Recently, the attackers have expanded their focus to larger European companies.

62. Gnosticplayers kept the cybersec community busy

In 2019, a hacker known as Gnosticplayers gained popularity for hacking into various companies and selling stolen data on dark web marketplaces.

This hacking style was similar to that of the 2016 Peace of Mind and Tessa88 incident. Gnostic players targeted companies such as Canva, Gfycat, 500px, and Evite, among others, and claimed responsibility for over 45 breaches affecting more than one billion users.

63. CapitalOne breach affected millions in US and Canada

The Capital One hacking incident in 2019 affected approximately 100 million US citizens and 6 million Canadians. It caused the loss of private key information such as phone numbers, names, and credit card data. This was after hackers gained access to payment card systems.

An inquiry into the breach showed that the major suspect was a former employee of Amazon Web Services.

64. Log4j vulnerability wreaked havoc upon exploits

The Log4j incident impacted over 100 million devices. Some companies affected by the vulnerability included Apple’s iCloud, Amazon Web Services, and other SMEs.

The severity of this vulnerability was so intense that the FTC released an official warning to firms imploring them to fix the issue. Despite the unclear cause of this vulnerability, it is believed that it continues to haunt organizations to date.

65. Colonial Pipeline ransomware attack affected the nationwide supply chain

In the history of cyber breaches, this sits at the top of some of the most dangerous attacks in the world. It is known as the largest attack on the US pipeline that distributes gasoline to the Southeastern part of the country.

The attackers were paid a $4.4 million ransom, but it still took multiple delays to get operations running. The impact of the attack was felt across the country, such as 71% of Virginia’s gas stations running out of fuel.

However, no victim has been found guilty despite its impact, as the culprits remain unknown.

66. VMware ransomware incident

Over 1,000+ server networks went offline after VMware vulnerabilities in February 2023. The ransomware attack was so huge that general meetings were held the entire day to conceptualize the problem.

As reported by Alessandro Longo, the Director of Cybersecurity 360, Italian IT leaders were the major victims of this attack.

To respond to the incident, the Italian Government met with the national cybersecurity intelligence to curb the attack and restore public services. However, the VMware attack went off for a few weeks before finding a solution.

67. Attacks on fast food joints

Several fast food joints, including Hut, Taco Bell, KFC, and Pizza Hut, were affected after an attack on Yum in 2023.

Although it is uncertain, it appears to have been a double extortion attack, which threatened to steal confidential data and databases from the brand operator.

68. The Lockbit 3.0 attack

The Lockbit ransomware group rose to prominence in 2022, and its activities accounted for 40% of all ransomware attacks reported in August of that year.

Cybercriminals under this group targeted companies such as Uber, GTA 6, and Continental, encrypting their data and threatening to publish it.

Furthermore, they launched a double extortion attack on Royal Mail in February 2023.

69. Apple supplier faced a $50M ransomware attack

In April 2021, the Russian ransomware group REvil conducted a double extortion attack on Quanta, an Apple supplier, to halt Apple’s production and force the company to pay the ransom.

This attack highlights the importance of maintaining high levels of security and never becoming complacent.

70. The Verkada hack exposed users’ live video feeds

Verkada, a cloud-based video surveillance service, was hacked in March 2021, allowing attackers to access the live feeds of over 150,000 cameras in various locations.

The attack was associated with 100+ workers having excess admin privileges that granted them access to vast data, such as customer cameras. The breach highlighted the risks of overprivileged users.

71. Cyberattacks aggravated cold in Finland

In November 2016, cybercriminals used a DDoS attack to disrupt the heating systems in two buildings in Lappeenranta, Finland.

Further, the controllers were forced to reboot repeatedly, preventing the heating from turning on during extremely cold temperatures.

72. The Jeep Hack

Hackers exposed a Jeep SUVs’ vulnerability by taking control of the vehicle through the Sprint cellular network. The hack was possible due to the firmware update vulnerabilities present in the car.

They could control the vehicle’s speed and steering, demonstrating the potential dangers of insecure IoT devices in vehicles.

73. Ripple20 vulnerabilities in IoT

Ripple20 impacted the entire range of Treck Inc.’s low-level TCP/IP library by exploiting 19 existing vulnerabilities in various IoT and embedded devices.

This issue in one library led to a domino effect, impacting millions of devices across multiple sectors. The magnitude of this attack renders it one of the largest IoT attacks to date.

74. Rube-Goldberg attack targeted IoT cameras

The Rube-Goldberg attack is a sophisticated and increasingly common IoT hack. It leverages a vulnerability called Devil’s Ivy to factory reset a camera and gain root access. By doing so, it provides the attacker with full control over the camera.

75. Rolljam attack hacking car key fobs

The assault focused on vehicles and their operation. During this incident, the perpetrator locks the car using a radio signal and intercepts the unlocking signal when the owner attempts to open it.

This signal is then decoded and exploited to control the vehicle. Samy Kamkar created the attack, known as RollJam, using a device with the same name.

76. SweynTooth vulnerabilities

SweynTooth is a group of 18 security flaws found in various Bluetooth Low Energy (BLE) software development kits (SDKs) used in major systems on chips (SoCs). These vulnerabilities can cause crashes, deadlocks, security bypasses, buffer overflows, and more in certain applications when an attacker is within radio range. Various IoT devices from multiple vendors using the vulnerable BLE stack were affected.

77. Vulnerabilities found in ‘CloudPets’ kids’ toy

In 2017, CloudPets, an internet-enabled children’s toy, was discovered to have serious security vulnerabilities.

These flaws allowed anyone within a 10-meter radius to take control of the toy and send or receive messages to and from the children using it. Thankfully, the toy is no more in production, but those still having these toys in their homes must remain careful.

78. Bluetooth attack on Tesla Model X

The breach revealed a weakness in the Model X’s entry system, allowing security experts to access the car within 90 seconds.

Although it did not cause significant harm, it was a notable setback for the Tesla model and posed a serious example of IoT hacking.

The attacker exploited a flaw in the key fob’s firmware update process via Bluetooth, enabling the installation of malicious firmware.

79. Nortek security and control hack

A cybersecurity company, Applied Risk, identified ten vulnerabilities in Nortek Linear eMerge E3 devices.

These vulnerabilities could enable hackers to steal login information, control devices (such as locking or unlocking doors), install malware, and carry out DoS attacks while bypassing security measures.

80. The TRENDnet webcam hack

TRENDnet cameras were found vulnerable to hacking due to their faulty software. Attackers could easily access the camera by obtaining their IP address.

The FTC confirmed these vulnerabilities and noted that the software could also grant attackers access to sensitive user information.

Some private data the vulnerability affects are credentials and mobile app camera data stored alongside consumer login details.

81. M2 Smartwatch vulnerabilities

The M2 smartwatch, produced by Shenzhen Smart Care Technology Ltd., was found to have numerous security flaws.

The vulnerabilities enabled intruders to eavesdrop on and exploit conversations and expose users’ personal and GPS information. Further, TicTocTrack, another smartwatch, had security vulnerabilities that let hackers track and call children.

82. Amnesia:33 exploit triggered DoS and data theft

The Amnesia:33 assault targeted four open-source TCP/IP stacks. This enabled it to exploit its shortcomings, such as insufficient memory management and input authentication, to carry out remote code execution.

Other possible manipulations included DoS attacks and information theft. Because these four TCP/IP stacks were utilized in various IoT devices, the attack was considered severe, similar to Ripple20.

83. BLESA attack left Bluetooth connections vulnerable

BLESA stands for Bluetooth Low Energy Spoofing Attack, which takes advantage of a vulnerability in the BLE software stack implementation.

This flaw is related to the reconnection process of BLE, which involves re-establishing two previously connected networks. Upon analyzing the BLE specification, researchers found that it does not mandate authentication throughout the reconnection process.

Even if vendors follow the specification, they can choose to make the authentication step optional during reconnection, leaving the system open to attacks.

84. Amazon smart speakers hack

Recently, Google, Amazon, and Apple were criticized when studies exposed that company employees could eavesdrop on conversations.

Amazon was flagged for employing numerous auditors to monitor Echo users’ recorded conversations.

85. The LeapPad unlimited vulnerabilities

In 2019, researchers demonstrated vulnerabilities in LeapFrog’s LeapPad Ultimate, a sturdy tablet offering educational, gaming, and eBook apps.

These flaws could enable attackers to track devices, send messages to kids, or launch man-in-the-middle attacks.

86. Smart deadbolts attack

In 2019, researchers from the Rapid7 team discovered a security flaw in a widely used deadbolt lock that allowed attackers to unlock doors and access homes wirelessly. However, the manufacturer, Hickory Hardware, issued patches for the affected apps on Google Play and Apple App Stores.

But that’s not the first such instance as, earlier that year, another team of researchers also warned of a similar vulnerability in U-tec’s Ultraloq smart door lock, which could reveal the device’s location to attackers.

87. Attack on Airbnb cameras

Several incidents in 2019 highlighted privacy concerns regarding connected devices in Airbnb. Flaws were found in hotel robots used in place of staff that could allow hackers easy access.

Similarly, Airbnb faced backlash after guests claimed hidden cameras recorded them without consent in rented rooms.

88. The attack on the cardiac devices

FDA authorities prevented an attack on medical devices implanted in patients’ hearts. Hackers could have depleted the pacemaker batteries or caused the devices to malfunction, endangering lives.

While the attack was foiled, it demonstrated the risks of internet-connected health equipment.

89. Multiple security lapses found in Amazon-owned Ring products

These vulnerabilities surfaced in smart home devices like Amazon-owned Ring products. They allowed spying on families and exposing WiFi passwords, hence attracting negative attention.

However, later, Ring’s policy of sharing footage with over 600 police forces drew additional criticism regarding privacy.

90. The Owlet WiFi baby heart monitor vulnerabilities

Medical devices designed to help monitor babies’ heart health and alert parents of any issues, like the Owlet smart baby monitor, can be exploited for malicious purposes if improperly secured.

While devices that aim to give parents peace of mind about their infants’ health seem well-intentioned, they also introduce vulnerabilities if hackers can compromise them.

Most experts argue that connected devices with embedded computer systems, like many baby monitors and medical wearables, risk being hacked. This happens if companies fail to implement strong security measures, especially at the hardware level.

91. Accenture bit by LockBit

Accenture suffered a LockBit ransomware attack in 2021, where the attackers took 6 TB of data and demanded a $50 million ransom. The most exposed server was holding credentials of Accenture client accounts, with one backup database containing nearly 40,000 passwords, mostly in plain text.

92. Kaseya supply-chain attack shook firms globally

Kaseya, an IT solutions provider, experienced an attack on their unified remote monitoring and network security tool.

The attackers aimed to gain administrative control over Kaseya services, affecting both SaaS servers and on-premise VSA solutions used by customers in nearly 12 countries.

Kaseya responded by alerting customers and releasing a detection tool to analyze VSA services and check endpoints for vulnerabilities.

93. Cognyte exposed a database of 5 billion records

Cybersecurity firm Cognyte experienced a security lapse due to an unprotected database. The breach exposed 5 billion records, including names, email addresses, passwords, and system vulnerability data. This information was even indexed by search engines.

94. Hackers stole unprotected Raychat app users’ data

Raychat, an Iranian online chat platform, faced a massive cyber attack in February 2021. A breach in their cloud database configuration allowed hackers to access 267 million usernames, emails, passwords, metadata, and encrypted chats.

Subsequently, a targeted bot attack wiped out the company’s entire data. Reports indicate that a MongoDB misconfiguration left the data exposed, emphasizing the vulnerability of NoSQL databases to bot threats.

Organizations must secure their databases, especially NoSQL databases, which are highly targeted by hackers to steal or erase content unless a ransom is paid. For example, in Raychat’s case, the cybercriminals demanded approximately $700.

95. Hackers exploited Starbucks WiFi for crypto-mining

Starbucks’ WiFi provider in Buenos Aires faced a delay during the initial connection, which allowed hackers to mine Bitcoin from the client’s laptop. However, the company addressed the concern one week later.

96. San Diego Zoo harbored Coinhive

A cybersecurity researcher named Troy Mursch published a report that found Coinhive operating on the website of the San Diego Zoo.

Hackers could inject the script by exploiting an outdated version of CMS Drupal and bypassing the zoo’s cloud security measures.

97. Government of Chihuahua website, among others, crypto-jacked

The Government of Chihuahua’s website was also discovered to run on an outdated Drupal version. It is one of the 300 sites reported to have been crypto-jacked.

98. Wannamine v4.0 resurrected crypto-jacking

WannaMine is malicious software used in crypto-jacking assaults discovered in 2018. Phishing emails containing WannaMine malware are sent to victims, who unwittingly install it on their computers by opening the attachments.

The malware then mines cryptocurrency using the victim’s computer and spreads itself to other devices on the same network.

Its latest version, WannaMine v4.0, which surfaced in 2020, uses multiple techniques to evade detection and removal while also stealing sensitive information.

99. Coinhive short link abused in crypto-mining campaign

Discovered by Malwarebytes in 2018, this campaign misused a Coinhive short link designed for website owners to mine cryptocurrency using their visitors’ CPU power. The exploit involved injecting the short link into a 1×1 pixel iframe, making it difficult for users to notice the miner running in the background.

The short link’s nature allows it to hide the target page, enabling malicious sites to be loaded. Researchers discovered a larger operation that conducted drive-by mining and directed users to counterfeit download pages that installed miner executables on Linux or Windows systems.

100. Mikro Tik Routers suffered crypto-mining attacks

A crypto mining campaign targeting MikroTik routers was discovered in July 2018, initially affecting Brazil before spreading globally. The attack exploited a Winbox vulnerability, which had been disclosed and patched by MikroTik.

However, many router administrators did not apply the patch promptly, resulting in a widespread attack. When users connected to an infected router to visit HTTP sites, they received a custom 403 error page containing a hidden script. This script ran the miner in the browser and loaded the original website in an iframe, allowing the miner to continue running undetected while users browsed.

101. The Estonia attack drew attention to cyber-warfare

This was considered the first act of cyber warfare because it came at a time when Estonia had a conflict with Russia over the relocation of the ‘Bronze of Tallinn’ World War II monument. The attack paralyzed the operations of the Estonian government targeting media outlets, financial institutions, and government services.

At that time, the government of Estonia was digitizing its operations, and even the elections were held online. The Russian government was the main suspect, but they refused to cooperate with investigations from Estonia. One person was arrested, and the incident led to the creation of international cyber warfare laws.

102. The Mafiaboy attack

Michael Calce, a 15-year-old high schooler also known as Mafiaboy, took down several major websites, including Yahoo, eBay, E-Trade, Dell, and CNN. It was so severe, affecting even the stock market.

The young hacker compromised the networks of several universities and used their servers to carry out the attack. The incident formed a basis for the creation of many cybercrime laws.

103. The Spamhaus attack

Spamhaus filters 80% of spam-related content on the internet. This is a good reason to be targeted by cybercriminals who use phishing emails to attack innocent users. The Spamhaus attack was the largest ever at the time, and the attackers bombarded its traffic at a rate of 300 Gbps.

The organization signed up for Cloudflare’s DDoS protection when the attack began. It stopped the attack, and the cybercriminals responded by attempting to bring it down but didn’t succeed. It was later established that a British hack-for-hire teenager was paid to carry out the attack.

104. A terrible DDoS attack pulled GitHub offline for weeks

This DDoS lasted for several weeks and targeted URLs of two GitHub projects developed to bypass Chinese state censorship. Experts speculated that the Chinese government sponsored the attack to pressure GitHub into eliminating the two projects.

The attack traffic was created by injecting a JavaScript code into browsers for users who visited China’s largest search engine, Baidu. The websites that used Baidu’s analytics feature also injected the JavaScript code. It then made the browsers send HTTP requests targeting the two GitHub pages. After further investigations, it was discovered that the malicious code originated from intermediary services and not Baidu.

105. The Dyn attack caused a ripple effect on other sites

2016 a DDoS attack on Dyn disrupted major websites, including GitHub, Reddit, New York Times, Amazon, Visa, PayPal, Netflix, and Airbnb. The attack used a malware called Mirai, which uses IoT devices such as baby monitors, printers, radios, smart Tv, and cameras to create Botnets. The compromised devices then send requests to a single victim, leading to heavy traffic.

Dyn was devastated by the attack, but they resolved the issue within one day. It is suspected that the attack was planned and executed by Hacktivism groups in response to WikiLeaks founder Julian Assange being denied internet access in Ecuador. Others suspect that it was carried out by a disgruntled gamer.

106. GitHub reversed another huge DDoS attack within minutes

This is one of the largest DDoS attacks where the code management website was bombarded with requests at 1.3Tbps, sending packets at 126.9 million per second.

The attackers used a popular database caching system called Memcached to amplify the requests. They flooded the Memcached servers with spoofed requests, which increased the magnitude of their attack by 50,000 times.

Fortunately, GitHub’s DDoS protection service was alerted within 10 minutes of the attack and quickly stopped.

107. DDoS attack reported by AWS

This was a massive DDoS attack with a traffic rate of 2.3 Tbps. AWS mitigated the attack but did not disclose the targeted customer. The attackers used Connection-Less Lightweight Directory Access Protocol (CLDAP) web servers to carry out the attack.

Global costs of cyber attacks

Cyberattacks cause a lot of physical, emotional, and financial damage. In 2021, losses related to cybercrime were estimated to be 6 billion dollars. Making it worse, the losses are expected to grow annually at a rate of 15% for the next five years, eventually reaching 10.5 billion dollars.

The figure was estimated to be 3.5 billion dollars in 2015, indicating a dire need for comprehensive cyber security solutions. Surprisingly, the losses caused by hackers are more than the damages caused by natural calamities annually. Also, the combined profitability of hackers is higher than the combined profits of all illegal drug businesses worldwide.

Cybercrime generates the following costs:

Damage of Reputation
Restoration and removal of hacked data and systems
Criminal investigations
Disruption of normal activities after the attack
Fraud
Embezzlement
Theft of intellectual property and personal finance data
Loss of productivity
Stolen money
Damage to and destruction of data

Some notorious hackers target cybersecurity companies to damage their reputations. After the attacks, the companies find attracting or retaining new clients difficult. A good example is when hackers encrypted data from an American integrator, CompuCom. The attack led to suspending some services and many expenses to fix the damages. The total loss inflicted was estimated to be 30 billion dollars.

Why will cyber attacks define 21st-century warfare?

Gone are the days when countries only relied on well-trained soldiers, heavy artillery, and outstanding battle strategies to win a war. Today, the enemy has an army that hides behind computers and strikes when you least expect it. The attacks are deniable, effective, low-risk, and cheap, which makes them attractive to many countries, including China and Russia.

Cyberattacks have long been associated with criminals and gangs seeking to steal or extort money. This narrative has changed in the recent past as nations have added cybercrime into their armory.

It would have sounded like science fiction in the 1990s to imagine defense forces and intelligent services developing and deploying malware and viruses against each other. Today’s war is won through data breaches, distributed denial-of-service (DDoS), phishing, ransomware, and even artificial intelligence.

As the battle for supremacy escalates worldwide, all the technically advanced nations are developing offensive and defensive applications in what could define 21^st-century warfare.

Various nations have developed sophisticated cyber weaponry whose offensive capabilities cannot be overstated. In 2020, The UK National Cyber Security Center reported a 20% increase in annual average cyberattack incidents targeting the country.

State-backed cyberattacks are becoming prevalent

The recent increase in cyberattacks among countries can be attributed to the digital transformations caused by the extensive adoption of technology across all arms of a government. Additionally, there is a rise in low-cost tech, devices, and software vulnerable to cyberattacks.

The uniqueness of the technology deployed by a country determines how vulnerable it is to cyberattacks. However, today many nations share the same technologies, leaving them vulnerable. There is no single solution to the current rise of cyber warfare tactics, but education and diplomacy can go a long way in mitigating the situation.

Hacking groups affiliated with governments can be easily stopped through diplomacy, and users can greatly benefit from cybersecurity education. Authorities should also enforce standards to regulate the technology manufactured, sold, and used in the country.

At a personal level, users should not just sit and wait for the government to protect them. They should also protect themselves through privacy-enhancing tools such as firewalls and VPNs.

Cybersecurity – the weakest link

Humans are the weakest links in security systems. Employee actions can unintentionally or deliberately lead to data breach incidents. Users are also targets of social engineering tactics that compromise security systems and lead to devastating losses.

Many experts around the world have tried to solve this puzzle for decades. Some specialists are convinced that educating users is the most effective method, but attackers change their tactics even after education.

Additionally, some users only undergo cybersecurity training to earn a certification and return to work. Users who continually practice what they learn develop cognitive readiness to deal with potential cyber threats in the future. People responsible for cybersecurity in an organization occasionally suffer from professional burnout and frustrations. They have to first communicate with groups of employees who don’t understand the value of cybersecurity and then face frustrations from financial officers about the cybersecurity budget.

Large corporations use advanced technologies to assess user activities and identify high-risk systems or individuals. The system administrators then use the data from the assessments to limit the level of threats without necessarily imposing restrictions on the entire environment. Automation and integration of services and collected data can improve the overall security of end devices.

Top 9 cybersecurity threats and trends for 2023

The information security industry is on high alert due to the new and evolving cyber threats appearing every day. Cybercriminals are using machine learning and artificial intelligence to launch sophisticated ransomware, phishing, and cryptocurrency attacks that have left individuals, governments, and corporations at risk.

Furthermore, the shortage of cybersecurity individuals means that the cybercrime epidemic could wreak more havoc and even shake beliefs about personal privacy and democracy. Here are some potential cyberspace situations in the future.

Disruption: There is a probability that attackers may use ransomware in the future to hijack the Internet of Things, create internet outages, and disrupt the entire internet connectivity.
Distortion: Integrity and information trust may be compromised because of the increased number of unverified sources, including bots and automation.
Deterioration: Organizations may be unable to control their information due to the conflicting demands posed by national security and individual privacy regulations.

Below are some cyber threats and trends in 2023

1. A severe shortage of cybersecurity professionals

The advanced cybersecurity threats have led to a scramble for available cybersecurity professionals by government agencies and private organizations as they try to safeguard their data. This trend will likely continue, and the gap will widen as time passes. The shortage has caused panic in the sector because the available workforce is insufficient to combat the ever-evolving threats.

2. Privacy concerns with semi-autonomous vehicles and connected cars

The automobile industry has also experienced some shake-ups from the evolving technology. Hence, we now have internet-connected cars that use onboard sensors to optimize their operations, often through embedded, tethered, or smartphone integration.

This is yet another opportunity for hackers to exploit the vulnerabilities in connected and self-driving cars. There are serious concerns surrounding the privacy and security of these cars and even the possibility of compromising their infrastructure when in motion.

3. Third-party vulnerabilities (partners, contractors, vendors)

Partners, vendors, and contractors contribute to realizing an organization’s objective. Cyber threats are becoming more sophisticated, and companies must understand the cybersecurity risks associated with third parties. Just like employees, they handle sensitive information about an organization.

The terms of the contract govern the relationship between the company and third parties. However, third parties can deliberately or unintentionally expose sensitive company data. Also, cybercriminals can target them with phishing emails and social engineering tactics to reveal sensitive data about the company. Organizations need to re-evaluate their relationship with third parties as cyber threats evolve.

4. Vulnerabilities in smart medical devices and Electronic Medical Records (EMR)

The healthcare industry is continually adopting technology, and the latest development is the introduction of smart medical devices. These devices connect to the internet and collect and transmit data online, raising concerns about privacy, safety, and cybersecurity threats.

There are possibilities that attackers can intercept the sensitive data transmitted by these devices. So, concerns remain about whether a remote adversary can compromise such devices when connected to a patient. If so, attackers could tamper with dosages, disable vital monitors or even send electric signals to a patient.

Additionally, as medical facilities digitize patient medical records, there are questions about access control. Hackers could exploit system vulnerabilities and access sensitive medical records of patients.

5. State-sponsored attacks

Cyber threats, including critical infrastructure, target individuals, businesses, government agencies, and institutions. Today’s wars happen online, where countries recruit skilled hackers to infiltrate other governments and compromise their systems. In the future, state-sponsored attacks will likely increase, especially those aimed at compromising critical infrastructure.

State-sponsored attacks pose a significant risk to the private sector because victim countries may take revenge on the leading corporations of the attacking country. Therefore, businesses in the private sector risk being caught in a tug-of-war between two countries.

6. Cryptojacking

Cryptocurrency is very popular and therefore attracts a lot of attention from cybercriminals. Cryptojacking is a current trend where attackers hijack your computer to mine for cryptocurrency. Hackers piggyback on other people’s computers to get the much-required processing power for mining cryptocurrency. Cryptojacking can lead to serious downtime and financial losses in a company as the IT team tries to resolve the issue.

7. Mobile attacks

How long can you stay without looking at your mobile phone? Mobile devices are now cheap and readily available.

We use smartphones daily to access sensitive information such as banking records and to conduct cryptocurrency transactions. For this reason, there is an emerging trend of targeting mobile devices to steal data.

Mobile attacks include malware and spyware applications, malvertising, and phishing emails and text messages. Anyone who can access your mobile phone will likely uncover confidential information they may use to target you.

Hence, you must secure your mobile devices and applications with strong passwords and biometric features. Besides, ensure enabling two-factor authentication for your accounts on sensitive applications such as banking apps to avoid losses.

8. Risky hybrid or remote work environments

According to Gallup’s workplace article, the number of people working remotely increased from 8% before the COVID-19 pandemic to 39% after the pandemic. Some workers fall in the hybrid category because they can do part of their job remotely from home and the rest in the office.

Remote and hybrid work environments have many advantages for both the employer and the employee. However, they pose a great risk to the organizations.

Employees may use public WiFi connections to access sensitive company information, which attackers can later intercept. Additionally, the company cannot control the devices the employees use, and they end up using unsecured personal devices. Also, employees can use weak passwords, which cybercriminals can easily crack, leading to data breaches.

Moreover, when working remotely, the company cannot limit the amount of decrypted data shared with third parties. Therefore, companies need to develop policies to minimize risks associated with remote work environments.

9. Vulnerability in the cloud

Cloud storages make it easy for employees and users to securely share data and collaborate on projects. The cloud servers use in-built firewalls and sophisticated encryption technologies to limit access to your data. However, cloud storages come with some vulnerabilities, including insecure APIs, shared tenancy, poor access control, and misconfiguration, which attackers can exploit.

What did we learn from these privacy and security stories?

The dozens of privacy and security stories discussed in this article highlight various underlying causes, from individual negligence to mass-scale ignorance. Consequently, these privacy stories teach users different lessons to improve their future online security status.

Here is a quick roundup of what you must practice for your online security to avoid producing any privacy lapse stories from your side.

Leaving systems and devices unpatched can make you suffer huge losses. Keep an eye on the updates and fixes coming up and ensure keeping all IT equipment up-to-date.
Stay wary of the emails you receive. Not every email that looks harmless is actually harmless. Read our guide on phishing emails to learn how to protect yourself from the consequent cyber threats.
As a business, pay attention to customers’ privacy and security to avoid losing market credibility.
Always set up unique and strong passwords. Likewise, reusing passwords or not updating them frequently is also harmful.
Never be careless with your old data, especially if it’s online. Also, since you can’t really train your consumers to implement cybersecurity best practices (you can only ask them), make sure to protect the system’s integrity from your end to avoid any disaster.
Never trust the apps you install on your mobile phones. They can go malicious anytime and start spying on you, especially those free to use since they would do anything to collect your data for monetization. Make sure to allow only the most necessary permissions to an app. And, if you don’t use an app or use it rarely, either uninstall it from your device or disable it.
B2B companies should remain extra cautious about the security of their products. They should also make sure to keep their customers in the loop to avoid any embarrassing situations later on.
Anything connected to the internet is vulnerable to cyber-attacks. So, regardless of the niche of your or your employers’ businesses, if you need internet for anything, then make sure to protect all subsequent IT equipment well-protected.
Businesses must train their staff to manage email security and handle cybersecurity threats.
Be wary of the apps you install on your device, especially mobile phones. You never know when malware will sneak into your device. Also, monitor your financial transactions to spot any unusual situation immediately.
Cyber attacks can happen to anyone. So, the business and the educational and medical sectors also need to pay attention to cybersecurity best practices.
Ads may support content creators but are often offensive and malicious. It’s better to avoid watching and trusting them. Use adblockers as much as you can.

These lessons may protect you from falling victim to such cyber attacks.

What do you feel after reading these top security issues of 2020 and beyond? Do share your thoughts with us via your comments.

Share this article