Top 10 Cyber Attacks – And How You Can Protect Yourself

It’s no secret that cyberattack cases have grown exponentially over the recent years. And as the ever-expanding digital footprint continues to go mainstream, cyber threats are expected to evolve only further in magnitude and size.

Cyberattacks are, in fact, showing no signs of slowing. Attackers are now highly motivated and surreptitiously vow to launch new techniques to obtain all that seems to be uncrackable.

Despite cyber professionals working at the heart of the system, their devising ways to combat cyberattacks appear to be diminishing. It’s on record that cybercrime will have inflicted damages totaling $6 trillion globally by the end of 2024 and is predicted to reach $10.5 trillion by 2025, according to a special report by Cybercrime Magazine.

In addition to digitalization, supply chains have geared these malicious activities, which cyber terrorists are aware of and willing to exploit. According to research from Hiscox, 55% of half of UK businesses received cyberattacks, although most were “novices” in terms of cyber readiness.

Cyberattack activity is one of the biggest challenges humanity will face in the next decades. While the future attacks remain speculation, here are the 10 notorious cyber attacks that have reached enormous magnitude.

Without further ado, let’s get started!

Deemed as the biggest ransomware attack ever, the WannaCry attack left around 250,000 computers affected in 150 countries in the spring of 2017. This outbreak massively impacted a range of entities, including the NHS, America’s FedEx, LATAM Airlines, Spain-based Telefonica, and more.

Of all targets, the impact on the critical infrastructure of the healthcare sector was felt. It totally locked out vital medical equipment and devices, affecting GP surgeries and hospitals across the UK and Scotland.

The hacker created an Encryptor to infect the system with malware and block access to the files. By doing so, any files users relied on were rendered unusable.

It’s estimated that a 4-day WannaCry attack led to a global financial loss of up to 6 billion US dollars.

Facebook experienced its worst global outage that was met with outrage in the summer of 2019 and decided not to notify its users – but was recently made available in the public domain.

Called the “nightmare week,” it started with revelations that the social media giant had suffered yet another data breach, leaving personal data for over 500 million users exposed. This included full names, phone numbers, email addresses, locations, and other basic information from the user profile.

One member of a well-known association of hackers claimed to be in possession of the information for half a million users and even offered to sell it in chunks. The security researcher reports black hat hackers can use the data to commit fraud and impersonate people.

Malicious actors exploited the weakness of Facebook’s contact importer feature to gain access to user identifiable information. They then posted the data online (on the dark web) for free.

Security experts and lawmakers slammed Facebook for how it mishandled this. Even wondered why it couldn’t notify consumers about this data breach.

One of the most devastating cyberattack to date goes to another ransomware encryptor called NotPetya/ExPetr. It’s the most costly epidemic so far, supposedly even worse than the WannaCry attack.

While some argue this is more of a wiper attack, NotPetya led to total financial damage of over $10 Billion in June 2017. The malware used EtrernalRomance and EternalBlue exploit tools to move around the web, irreversibly encrypting the victim’s machine and everything.

NotPetya attack targeted primarily corporations and businesses rather than individual consumers. Technically, the infection with ransomware spread quickly, weakening the financial software MeDoc.

So, the cyber terrorists managed to gain control over this financial software application, causing many customers using the app to go experience big losses. I’m not seeing an attack of that caliber and such a pain caused to businesses happening any time soon.

In early February 2021, a Florida water treatment facility fell victim to a cyber attack after an intruder tried to poison the water supply. Federal authorities released a report that poor security practices are the main culprit.

To gain remote access to the city’s water plant, malicious actors exploited the TeamViewer software  – the commonly used software that helps the management and employees manage the facility at any time.

Even worse, the facility relied on shared passwords and the computers were running an outdated Windows 7. We all know a 32-bit version of Windows 7 no longer receives security updates, so it was easy for hackers to crack the desktop software.

They found it easy to increase the quantity of sodium hydroxide to a dangerous level before the plant operator noticed it. This incident would’ve brought physical damage to people for sure.

Many organizations still use TeamViewer, raising a question about how serious threats would be in the future. It’s high time we increase funding to secure the critical infrastructure.

Equifax, a major American credit reporting agency, came clean that it had suffered a cyber attack from mid-May to July 2017. The hackers gained access to certain company files and grabbed the personal information needed to do some damage to clients.

The company’s spokesman said the tricky threat may have affected more than 140 million in the United States, Britain, and Canada. Criminals hit a weak point in website software to retrieve personal data (names, mailing addresses, birth dates, driver’s license numbers, and social security numbers).

According to the indictment, credit card numbers for 200,000 clients were compromised, while important documents with sensitive data used in disputes for 180,000-plus people were stolen.

Other former clients didn’t take it right after they found their personal information had not been deleted despite ceasing to be members a few years ago. This hacking incident dethrones a Yahoo cyber attack in 2016 as the most lethal in terms of severity.

We couldn’t mention the most notorious cyberattacks without including the untold story of SolarWinds hack. In 2019, foreign hackers allegedly infiltrated the supply chain of SolarWinds. The highly sophisticated cyber intrusion allowed for authentication bypass, thus inserting a backdoor into the product.

Everyone and anyone is vulnerable. Sophisticated APT actors used a read team emulation tool (routine software update) to take down SolarWinds Orion software by sneaking malicious code into it.

This code compromised files for over 18,000 customers, government agencies, and companies running vulnerable versions of the SolarWinds Orion software.

Heavy hitters like Intel, Cisco, and Microsoft were hit together with federal agencies in the US, including the Justice Department, the Treasury Department, and the Pentagon.

Cybersecurity experts discovered the attack very late as it went undetected for months. To this day, they’re still working to figure out the scope of this attack.

Of all high-profile attacks in 2021, the Colonial Pipeline ransomware attack on May 7^th made headlines. Fuel stations were brought to a standstill for some days due to shortages. A national gas price surge, $4.4 million lost, and gas shortages caught the world by surprise.

Hackers were able to gain illicit access to the system by using a single yet complicated password. After deploying a legacy VPN that didn’t have multifactor authentication in place, they could maneuver at ease. Meaning they accessed the system without any two-factor verification like text messages.

The attack not only shut key conduits delivering fuel to major cities on the East Coast of the United States but disrupted gasoline supplies as well, causing chaos and panic. All this demonstrated that the company’s infrastructure is highly vulnerable to future cyber threats.

Thankfully, the FBI managed to trace much of the money by monitoring digital wallets and cryptocurrency movement though finding the real attacker proved a lot harder.

Seeing these impacts, you get to understand that if cybercriminals can take down Colonial Pipeline, an important part of the national critical infrastructure system, then they’re willing to go for everyone. And with a good reason!

Even chemical companies aren’t immune to cyber threats. At the same time of the year, the same notorious hackers that targeted Colonial Pipeline also launched an attack against Brenntag, a reputable chemical distributor company.

The Darkside affiliate (the hacking group) claimed to have stolen 150 GB of data, especially for the North America division, causing temporary production shutdowns. Private information taken included the date of birth, medical records, social security number, and driver’s license number.

The manufacturing and other operations in more than 77 countries were halted while malware specialists investigated the breach. In response, the distributor disconnected network connections to contain the threat.

The Darkside ransomware operators had already threatened to expose the stolen information, but Brenntag caved to the demands after further negotiations. It paid a $4.4 million ransom to the ransomware gang to obtain the data encrypted by the hackers during the attack.

It stands as the most exorbitant ransomware payment of the last decades.

In May 2021, the global electronics giant Acer suffered yet another cyber attack on its servers. The Taiwan-based PC maker fell victim to a second data breach in less than a week – the same Desorden hacker group that attacked Brenntag a few weeks ago is thought to be responsible for this.

It lost 60GB of distributor, retailer, and client information alongside login details, audit, and financial data. Referencing the attack, the popular hacker forum offered the screenshots, released the records of over 10,000 Acer users, and offered video evidence of the haul.

The attack targeted its Taiwan servers this time around, but the firm seemed to downplay the effects. Malicious actors exploited the vulnerability in Acer’s servers to obtain files, sensitive financial spreadsheets, and documents.

Cybercriminals confirmed the data was authentic and included clients’ names, phone numbers, and email addresses.

Hackers warned of more potential vulnerable servers that would result in around $50 million ransom going into the future. These subsequent cyberattacks are a big blow to the manufacturer’s reputation.

What really happened? Marriott’s cyber attack went unnoticed for years – it took place sometime in 2014 but came to light in 2018 when a special security tool discovered a suspicious attack on one of the hotel’s reservation systems.

Marriott Starwood’s woes started when the attackers encrypted data and deleted it. On its website, the hotel acknowledged that guest records of more than 300 million stored on the global reservation database were removed from the system.

Hackers leveraged names, email addresses, phone numbers, mailing addresses, birth dates, arrival and departure information, gender, reservation date, hotel account information, and communication preferences. But some of the guest’s records were duplicates.

A data breach can be a hotel’s worst nightmare, primarily when guest information leaks. Financially, Marriot was penalized around $20 million for failing to meet security standards.

Marriot data breach remains the most devastating hotel attack known to date that led to millions of dollars in damage. Although the insurance covered the hotel’s financial repercussions, its brand reputation suffered in sheer size.

The lesson is clear; everyone is vulnerable to a host of identifiable cyber threats. If big companies can be breached, any of us can. But this isn’t a defeatist point; you can step up your cybersecurity protocols to improve your current preparedness against cyberattacks.

Are you a victim of cyberattacks? Here are concrete steps to put in place. With this, you’re up to snuff up in any digital transformation.

• Change and secure your passwords

It takes little effort for a motivated hacker to figure out passwords to your device, bank accounts, and emails, especially if you use common names like the date of birth, identity number, or pet’s name.

Keep on strengthening your login credentials by changing your passwords. Use a password manager to save multiple online passwords. I recommend using NordPass to encrypt that information and for quick access. With it, you don’t have to cram a long list of passwords.

• Conduct audits to identify unusual activity

As your organization grows, you need to regularly check your accounts for unusual activity. You don’t want to compromise your data security. Instead, you’re looking to minimize the hacking activity.

Hire cybersecurity experts who perform audits to boost your data protection. In addition, you can have a full-time specialist who handles any security-related problems. Although scary, its audits help you identify any discrepancies, thereby taking premium security measures before it’s too late.

• Use 2-Factor Authentication

A single password allowed hackers to bypass the Colonial Pipeline system. Use two-factor authentication on important accounts to minimize the risk of being hacked again. It maximizes protection by adding a second step for accessing users’ accounts.

In this case, apart from inserting a password, you have to enter a code sent to your email or phone – something that’s only known to you or only you have access to. A 2-way firewall keeps off any suspicious attack from unauthorized persons.

• Invest in proper software

Attacks and data breaches, regardless of if they’re launched from outside or inside, hinge on people’s behavior. No form of technology can stop a skilled malicious actor with enough resources and time.

With proper software, you can stop the majority but not plurality. It prevents malware, spyware, and ransomware from spreading quickly once the inevitable scams take off.

• Get a top-tier VPN to encrypt your data

Technically, a VPN protects you from cybercriminals who require access to your IP address. Although some sophisticated attack vectors can bypass a Virtual Private Network, it boosts the overall security level.

A VPN is good at preventing external hacking threats. Hackers looking to intercept your data during transfer will have difficulty when your web traffic is cloaked with an encrypted tunnel.

It’s, however, not a foolproof solution for threats originating internally. For example, malware and physical viruses. Just look for an antivirus program, which is reputable, well respected, and regularly updated.

Other security tips include;

• Update your operating system (OS) regularly – it’s worth noting that Windows 7 is vulnerable.
• Avoid downloading software from unreliable sources. Evaluate and only download from sources you can trust.

Hackers are thieves of information. Cybercrime costs may include destruction of data, lost productivity, fraud, and more. Once they get access to your system, the damage will depend on what hackers are after or the end goal of the hacking activity.

Here’s is what hackers can do with the stolen data

• Identity theft

They hijack your personal information (username and passwords) to steal your identity. Quite often, hackers try to glean stolen digital data to steal your money, taking out big loans in your name and opening new credit accounts.

Such malicious activities have long-lasting effects on people’s lives. They leave you on the hook to pay hefty loans hence ruining your credit scores going into the future.

• Phishing attacks

The Internet is a fundamental tool for hackers and other miscreants since it lets them hide behind a shield of digital anonymity.

An attacker uses a social engineering attack to send fraudulent messages, aiming to deceive people into revealing and handing over their sensitive information unwillingly. Masqueraded as a trusted entity, attackers con you into opening urgent messages about your credit card or bank account.

They also dupe victims into verifying credentials via a text message or an email. Deceptive phishing results in devastating results like stealing your money.

• Commit fraud

Fraudsters can use users’ details to commit a number of fraudulent activities. By conversely brute force, faceless attackers harvest information from a victim’s device (personal computer), which is later used for spamming and nuisance marketing campaigns.

In this ploy, cybercriminals use email spoofing to commit wire fraud. Email scamming is so obvious because emails aren’t inherently secure.

Cyber attacks are nowadays common. These cybercrime activities have increased not only in numbers but also in complexity. However, cyberattacks are perpetrated with a set of motives. Let’s dive into common types of cybersecurity attacks that you should be aware of.

Malware Attack

Malware is the type of cyberattack hackers prefer the most. Today, cybercriminals use fireless malware to circumvent enhanced cybersecurity tools already aligned to protect against unusual threats. A malicious code is created and embedded using a native scripting language to harm a network, server, or computer.

It’s common because it encompasses various subsets such as viruses, spyware, worms, cryptojacking, bots, and trojans. Malicious files deny access to the vital components of any network.

Phishing attack

Extremely common phishing attacks involve social engineering techniques that deceive users into sharing sensitive information. Attackers use fraudulent emails, phone calls, and SMS to entice an unsuspecting victim with hidden intent.

The fraudulent messages often appear legitimate, but the malicious script gives attackers an edge to access your device, control it, and gather recipient information.

Ransomeware Attack

Advanced ransomware allows attackers to block access to the device files (like hard drives) once the system is

infected. They threaten to delete or publish the data mostly on the dark web unless a ransom is paid.

Many organizations have lost millions of dollars from these hacking activities because cybercriminals demand hefty payment through untraceable cryptocurrency to regain access to their system. A good example is the “Colonial Pipeline Cyber Attack.”

DDoS attacks

Distributed Denial of Service (DDoS) attacks originating from multiple systems. The attacks work by disrupting the normal traffic of a system, network, or server to overload bandwidth or resources.

That said, the system will neither fulfill nor process legitimate requests. The hacker aims to take a system offline and achieve service denial to intended users.

MITM Attacks

Take place when a hacker eavesdrops on a conversation between two-party transactions. Attackers insert themselves in the middle of a web application and network user. The motive is to collect personal data, banking details, usernames, and passwords.

Attackers can decide to impersonate one party (visitor’s device) to solicit additional information. They end up changing logins, initiating the transfer of funds, and even completing other transactions. MITM attacks are very common when connected to unsecured public Wi-Fi.

Password Attack

Malicious actors steal user passwords. An unauthorized person can control and manipulate your system by accessing your passwords.

Password attackers use brute force attacks to try all possible variants to guess passwords. They use a combination of information as well to obtain unencrypted passwords.

DNS Tunneling

Is an attack that leverages DNS queries to get around traditional security measures aligned by organizations. Cyber terrorists transmit code and data within a network. Once infected, a hacker gets an opportunity to extract data, IP, and identity by encoding it in a set of DNS responses.

IoT-Based Attacks

The rise of the Internet of Things presents a growing number of IoT attacks. Attackers have identified access points to wreak havoc and exploit, granting a route to unleash personal information of the users.

Due to the steady growth of IoT devices, businesses need to invest in reliable security tools on their operating systems.

SQL Injections

It occurs when hackers embed a suspicious code into unprotected websites using SQL, giving access to protected information. Deploying parameters such as statements with limited queries can prevent SQL injections.

Zero-day Exploit

Think of a recently announced network. Exploiting the vulnerability of a new network before a patch is released and implemented is a breeze. Attackers do it effortlessly unless there are agile threat management practices to curb zero-day attacks.

Cyberattacks have expanded from targeting computers, servers, and networks – to harming people, power grinds, railways, chemical plants, and anything with an electronic pulse or heartbeat.

Faceless cybercriminals are stealing millions of records and, in turn, demand a ransom. Although data is a critical component of a digitized economy, malice around it remains incalculable.

The bullseye is squarely on our businesses. If we’re not careful, cyber threats could potentially disable the economy of an involved party. I hope you’re not the next victim.