Tuesday, November 12, 2024

Historic Cyber Breaches & Incidents: Timeline

Stories and news reports about cyberattacks and cyber incidents often sound more action-packed than fiction. But it’s true: Malicious actors and cyber criminals are becoming increasingly innovative and sophisticated in their attacks. With each data breach or malware attack, there’s an opportunity to learn how to prevent the next one.  

Understanding the vulnerabilities and mistakes that led to previous cyber incidents is a big part of being an informed cybersecurity pro. Studying the past can help you recognize similar weaknesses in current systems and prevent them from being exploited again. Everything from the methods and techniques that attackers use to the effectiveness of incident response plans can influence how you anticipate, prevent, and respond to threats. 

Learn something new for free

We recently added over 30 video-based cybersecurity courses to our catalog. These free courses can help you develop foundational expertise to pursue popular cybersecurity certifications. Regardless of your field, our new cybersecurity curriculum teaches you how to protect yourself (and your organization) online — an invaluable skill for technologists today. Read on to learn about some major cyber incidents, data breaches, and cyberattacks throughout internet history. 

A timeline of notable cyber incidents

2003

The SQL Slammer

In the early aughts, a security researcher named David Litchfield discovered a buffer overflow vulnerability in Microsoft SQL Server 2000. He created an exploit to demonstrate its potential impact, reported the flaw to Microsoft (who issued a patch), and discussed the vulnerability at the Black Hat Security Briefings. He warned that the exploit code had the potential to be used in a worm, which is exactly what happened six months later in 2003.  

The SQL slammer worm spread rapidly to around 75,000 Microsoft SQL Server hosts worldwide. This 376-byte UDP (user datagram protocol) worm caused a global DDoS (distributed denial of service) attack and widespread network disruptions — the worm halted credit card systems and ATMs and shut down emergency services in some areas.
 
The SQL slammer worm was impressively fast. It doubled in size every 8.5 seconds and infected more than 90% of vulnerable hosts within 10 minutes. The incident led to a significant shift in how Microsoft and the security community approached software security and vulnerability disclosures. 

2010

Stuxnet worm

The first known cyberweapon, called the Stuxnet worm, was discovered in June 2010. Stuxnet infected software at 14 industrial sites in Iran, including a uranium-enrichment plant. Unlike a virus that must be downloaded to be activated, Stuxnet spread autonomously over networks. It targeted Microsoft Windows machines, Siemens Step7 software, and programmable logic controllers. This enabled the worm’s authors to spy on and sabotage industrial systems, causing centrifuges to malfunction without operators noticing.  

2014

Sony Pictures hack

You might remember the Sony Pictures cyberattack of 2014, because it got a lot of media attention. Attackers hacked thousands of company computers and hundreds of servers using malware, stole terabytes of private data and intellectual property, and released it online. The FBI determined that the North Korean government was responsible for the attack, and threat actors used a multi-pronged type of server message block worm to infect the networks.  

2017

Equifax data breach

In July 2017, System Administrators at the consumer credit reporting agency Equifax discovered that attackers had accessed their online dispute portal and harvested personal information of at least 145.5 million individuals. The breach was due to issues in identification, detection, database segmentation, and data governance. While Equifax took steps to improve security and notify affected individuals, U.S. federal agencies assessed Equifax’s security controls. In 2019, Equifax agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau that included up to $425 million to compensate people affected by the data breach.  

2017

WannaCry ransomware

The WannaCry ransomware attack on May 12, 2017, affected over 200,000 computers in more than 150 countries, hitting major organizations like FedEx, Honda, Nissan, and the UK’s NHS. A 22-year-old security researcher found a “kill switch” to temporarily stop the malware, but many computers remained encrypted until victims either paid the ransom or managed to decrypt their data. The ransomware spread using a vulnerability called “EternalBlue,” which the NSA had developed but was leaked by a group called the Shadow Brokers. The exploit targeted older, unpatched versions of Microsoft Windows, allowing WannaCry to spread rapidly over the course of 24 hours. 

2019

SolarWinds hack

In September 2019, Russian hackers breached SolarWinds, a network management software company, by sneaking malicious code into their Orion software updates. This supply-chain attack affected around 18,000 customers (including U.S. federal agencies) giving hackers remote access for espionage.  

The breach was discovered in November 2020 by the cybersecurity company FireEye, which then worked with Microsoft to stop the malicious activity. In response, U.S. government agencies took action to secure systems and coordinate a comprehensive response to the attack. 

2019

Facebook data breach

One of the most widespread Facebook data breaches happened in 2019, when malicious actors scraped public profiles and exposed data from over 530 million Facebook users in an unsecured database on an online forum. Malicious actors used automated software to upload large sets of phone numbers and match them to Facebook profiles to extract information. Facebook has since updated its contact importer feature to prevent scraping.  

Learn more about cybersecurity 

This is by no means an exhaustive list of cybersecurity events. If you’re feeling energized to learn more about the types of cybersecurity threats out there (and how to prevent them), check out our updated cybersecurity curriculum. Get started with Security Principles for DevSecOps, CompTIA Security+: Fundamental Security Concepts, and Enterprise Security: Artificial Intelligence, Generative AI, & Cybersecurity

Explore the rest of our catalog with more than 30 new video-based cybersecurity courses. These free courses are tailored to help you gain the foundational expertise required for popular cybersecurity certifications and empower you with the knowledge to protect yourself online.  

Related Articles

Latest Articles