What we can learn from the biggest hacks in history
Neil Rowney, Director of Red Mosquito, takes a look at three of the most catastrophic cyber attacks in history, and the lessons we must learn to avoid them happening again.
Cyber-attack — the words alone can be enough to incite panic. Between a lack of understanding and media sensationalism, any mention of a cyber-attack brings to mind catastrophic levels of damage. Recently, Labour leader Jeremy Corbyn came under scrutiny for claiming his party had been the victim of a “very serious” cyber-attack attempt — only for industry experts to review the incident as being comparatively low-level and commonplace.
Like the difference between a cold and pneumonia, there are varying levels of severity when it comes to cyber-attacks. A DDoS (distributed denial of service) attack, for instance, is a very common cyber-attack that can be used for something as petty as forcing a fellow video gamer to disconnect from an online server. On the other side of the spectrum, a sophisticated ransomware attack can cripple a whole conglomerate.
These high-level hacks are rarer by comparison to the average DDoS attack but can do a lot more damage. In this article, we’re taking a look at some of the truly “very serious” cyber attacks that have occurred in history, and the lessons we must learn from them.
Yahoo! data breach
Date of breach: 2013
Date breach was reported: 2016
Type of cyber attack: Yahoo! described the attack as an exploit of the Company’s account management tool. Expert analysis suggested that the hack was achieved through forging cookies, which allowed the attackers to access user accounts without entering a password.
Yahoo! originally reported the hack in 2016, three years after the breach took place, and noted one billion user accounts were affected.
Yahoo! then updated their assessment of the matter in 2017, saying that every single account held by Yahoo! at the time had been breached. This included extended companies of Yahoo!, such as Tumblr. The total number of Yahoo! accounts active in 2013 topped three billion.
It cost the company $16mn in forensic and lawyer costs.
As far as cyber attacks go, having every single user account on your servers compromised is certainly a worst-case scenario. But this is the exact scenario Yahoo! faced in 2013 when a large-scale hack saw all of its live accounts compromised, spilling email addresses, dates of birth, names, security questions, and security answers to be sold off to cyber-criminals.
But more damaging than the attack itself was Yahoo!’s response. The company did not report the breach until 2016, three years after the attack took place. The initial report outlined that a billion accounts had been compromised, which already made it the biggest data breach in history at the time. Worse yet, the discovery of this breach only occurred as Yahoo! was investigating a separate attack dating back to 2014, in which 500mn users were affected. The investigation led to a tip-off from law enforcement which shone a light on this larger breach from 2013.
Yahoo! was slammed by media outlets for how long it took for the company to notice the breach, its hesitation in reporting the problem, and its overall lax security features. This is certainly a stark lesson for businesses big and small to take its cyber security seriously, as well as the importance of reporting any and all data breaches quickly and accurately.
Marriott hotel data breach
Date of breach: 2014
Date breach was reported: 2018
Type of cyber attack: Reported to be a combination of a Remote Access Trojan and MimiKatz, which allows the user to find username and passwords. With this, the hacker was able to access an administrator account and access the wider database. The Remote Access Trojan (RAT) may have been placed in the server from a simple download link clicked in a phishing email.
Up to 500mn customer records accessed, with encrypted payment card information and possibly the key to decrypt it stolen.
Personal information, such as names, addresses, email addresses, passport numbers, and more were exposed.
Hackers had access to the network since 2014.
In 2018, the largest hotel chain in the world reported that up to 500mn user accounts had been compromised on its servers. If the high number of users affected wasn’t enough, an internal investigation revealed that the hacker had had unchallenged access for four years.
Upon reporting the breach, the Marriott set up a dedicated website to provide affected customers with information, as well as a year-long subscription to a fraud-detecting service.
The hack was caused by a RAT , which is a piece of malware that gives the hacker a “backdoor” into a network or server. RATs are usually downloaded from malicious websites or phishing emails — they have to be “allowed in” from the inside, such as an employee falling for a phishing email and downloading an attachment from it, for example. With a backdoor created, a hacker can get into the network and use another program, such as MiniKatz, to gain access to usernames and passwords and be treated as an administrator.
It sounds so simple, but ensuring your staff are trained and aware of simple cyber attack attempts such as phishing emails can avert larger-scale attacks. Ensure that your employees know how to recognise a phishing email. They should not trust an email just because it claims to be from a reputable brand or known name. Phishing emails will usually use panic-inducing language, threatening account closures or worse. Staff should be taught to contact the sender to establish the legitimacy of a claim before cooperating. Most importantly, they should not click internal links in an email, or download attachments, unless they are 100 per cent certain of its legitimacy.
LinkedIn data breach
Date of breach: 2012
Date breach was reported: 2012
Type of cyber attack: Initial attack method not disclosed, but the collected passwords were cracked quickly due to reliance on very basic security measures by LinkedIn.
LinkedIn reported a hack in 2012 that had exposed its users’ passwords. To start with, the company thought the breach had affected 6.5 million users. However, in 2016, LinkedIn announced that this initial estimate was inaccurate — over 110 million user accounts had been compromised, and their passwords were found listed on a forum for people to crack.
The passwords had been stolen from the LinkedIn severs as “hashed” passwords. A hashed password is a scrambled version of itself, formed from the password itself and a key that only the website knows. “Salt” data is also added, which is essentially random data added to each individual password to further scramble the hashed password and make it harder to decipher. However, in this case, experts noted that LinkedIn had failed to use salting, meaning that once one password was cracked, the rest followed the same method to crack as they were all scrambled the same way. After cracking a few passwords, hackers noticed a large number of the passwords had a variation of the phrase “linkedin” within them. With this obvious choice of phrase used to scramble so many passwords, the rest were cracked easily.
LinkedIn learned its lesson quickly, and so must all businesses — basic security measures are not enough. LinkedIn now uses salting, along with other enhanced security measures, to protect its passwords now. It is important for businesses to remain up to date with all the latest security measures and defences available, especially if it is handling user data. If the company doesn’t have the know-how to do this, consulting with a third-party IT security provider is vital to ensure data is protected.