Some of the best horror stories are true – and what’s scarier than a cyber breach?
When we know that four in ten businesses experienced a cyber breach in the last 12 months, it’s obvious to see that cyber crime continues to be a serious threat.
Looking back on some of cyber history’s horror stories and at some of the most infamous cyber crime cases, we can remind ourselves to remain vigilant and discover lessons from the past.
Let’s dive in:
MafiaBoy’s Rivolta Hack – 2000
Back in 2000, the internet was essentially the Wild West but… online (the World Wild Web).
Taking full advantage of that was Michael Calce. Under the name of MafiaBoy, he caused a billion dollars worth of damages to Amazon, eBay, CNN, and Yahoo!. The latter was a multibillion-dollar company at the time, and MafiaBoy’s efforts saw it shut down for almost an hour.
Calce was just 16 at the time – now, he works as a white hat hacker and security consultant.
WannaCry – 2017
This worldwide ransomware attack saw the NHS, Telefonica, and FedEx hacked by a cryptoworm.
Computers running with Microsoft Windows were targeted, and demands for ransom payments in Bitcoin were made.
The hack was possible because of a cyberattack exploit called EternalBlue, which was developed by the U.S. National Security Agency and leaked before Microsoft’s security patch was updated on all organisations’ computers. Had these operating systems been regularly updated, they wouldn’t have been exposed to the attack – which hit around 230,000 computers around the world.
WannaCry was estimated to cost the NHS a shocking £92 million, with 19,000 cancelled appointments.
British Airways Breach – 2018
As one of the most well-known data breaches of recent years, the impacts of the British Airways data breach are still being felt today.
The data affected by the hack included both the personal and credit card data of more than 420,000 customers. BA’s systems were modified in order to harvest this data when users input their details – this continued for two months before BA was made aware by a security researcher.
Investigation by the Information Commissioner’s Office (ICO) found that sufficient security measures were unfortunately not in place. There was a lack, for example, of multi-factor authentication and other measures that were in fact available on the operating system BA was using.
In 2020, they were fined £20 million. This was a huge statement for ICO to make: data protection failures won’t be tolerated.
In a BBC News article, Prof Alan Woodward put it this way: “You can put the strongest lock you like on the front door, but if the builders have left a ladder up to a window, where do you think the burglars will go?”
Marriott International Breach – 2018
Another of the most renowned cyber crime cases in the last few years is the breach of one of the largest hotel chains, Marriott International.
In September 2018, they announced that the sensitive data of half a million Starwood guests had been exposed during an attack. But the unauthorised access was not limited to that September – in fact, the investigation revealed that it had been ongoing since 2014.
Data copied in the breach included guests’ names, email addresses, home addresses, phone numbers, and passport numbers.
For failing to keep this data secure, the company was fined a whopping £18.4 million by the ICO.
Stay on top of cyber security
If we can learn anything from these famous breaches and cyber crimes, it’s that we must stay on top of our cyber security efforts.
When it comes to cyber security, it’s not a “one and done” effort, but a continuously developing practice.
For further reading, why not read our blog on ‘The Future of Cybersecurity’?
By Charlie Harris on December 9th, 2021