Cybercrime is not just on the rise—it's flourishing. The increased complexity of the digital landscape and rising global technical competency have enabled hackers to innovate and adapt faster than opposing authorities can combat them.
On average, a cyberattack occurs every 39 seconds, and the effects can range from devastating to entirely unexpected. The consequences of cybercrimes are becoming more unpredictable as the landscape continues to innovate. Whereas earlier cybercrimes typically resulted in consequences like data breaches or identity theft, more recent attacks have caused power grids to shut down, equipment damage in nuclear facilities, and more.
The World Economic Forum cites the cost of cybercrime is expected to reach $10.5 trillion by 2025. For the first time, the WEC's 2023 Global Risks Report added "widespread cybercrime and cyber insecurity" to its list of the top 10 threats to global socioeconomic health over the next decade. The report pointed to "a scarcity of security experts, poor reporting habits and a lack of global agreements about how to regulate cyber threats" as the prime causes of the enormous growth in malware and ransomware attacks in recent years.
Drata compiled a list of 10 of the most impactful cybersecurity attacks from the past four decades to see how public reception of such attacks has changed over time.
On Nov. 2, 1988, Robert Morris Jr., a graduate student in computer science at Cornell, launched the world's first computer worm—a malware computer program that replicates itself on other internet-connected devices, causing them to shut down. He intended the program to help him gauge the size of the internet, but a coding mistake turned the innocent experiment into a denial-of-service attack. Less than 24 hours after the eponymous worm was released, it had compromised about 1 in 10 computers connected to the internet, including systems owned by NASA and the Pentagon.
Morris became the first person to receive a felony conviction under the 1986 Computer Fraud and Abuse Act, receiving a sentence of 400 hours of community service, three years probation, and a $10,000 fine. The incident also inspired the creation of the first Computer Emergency Response Team, or CERT, at Carnegie Mellon University, which has since served as a template for cybersecurity institutions worldwide.
The first cyberattack on an entire country began when Estonian authorities decided to relocate the Bronze Soldier, a Soviet Red Army memorial, to a less prominent location in the capital of Tallinn. While the statute represents victory and liberation to Russian-speaking Estonians, ethnic Estonians consider it a symbol of Soviet oppression.
On April 27, 2007, the disagreement culminated in a series of cyberattacks unleashed by Russian perpetrators on Estonian banks, government, and media outlets. Due to waves of distributed denial-of-service (DDOS) attacks, banking, government, and news services were disabled nationwide. Ultimately, the incident prompted military organizations worldwide and NATO to reevaluate the role of cybersecurity in their defense infrastructures.
The ensuing investigation revealed that the attack originated in China and targeted the Gmail accounts of human rights activists and Chinese dissidents, as well as the corporate intellectual property of dozens of companies, including Microsoft, Google, and Adobe. While officially unconfirmed, security experts worldwide attribute the attack to the Chinese government, marking the first time a government was allegedly complicit in criminal cyber activity.
Considered by some to be the world's first cyberweapon, Stuxnet was a computer worm that operated between 2007 and 2010 and targeted the Iranian nuclear program. Allegedly, U.S. and Israeli intelligence agencies joined forces in an initiative named Operation Olympic Games to sabotage the uranium centrifuges used by Iran to develop its nuclear capabilities. The worm succeeded in its mission by exploiting vulnerabilities in Microsoft Windows. Experts estimate that the operation set the Iranian nuclear program back by two years and damaged nearly 2,000 centrifuges. The incident represents one of the first examples of digital warfare and the use of computer code in international conflict.
Between February 2010 and August 2015, Ukrainian hackers targeted the largest press release newswires, accessing unpublished press releases and facilitating insider trading. Vadym Iermolovych, who initiated the scheme, first accessed the newswires by purchasing stolen employee credentials.
Over the course of those five years, the hackers stole over 150,000 press releases, sold them to investors for tens of thousands of dollars, and used the information to inform their own financial moves. Authorities in the U.S. later described the incident as the world's largest known computer hacking scheme—modest estimates of the hackers' total profits start at $100 million.
In August 2013, every customer account at Yahoo was stolen in the largest data breach ever conducted. Hackers obtained information from 3 billion accounts, including names, passwords, backup email addresses, and other data. In August 2015, investigators discovered a vendor on the darknet selling 1 billion Yahoo accounts for $300,000 and determined it was purchased by at least three buyers. However, the hackers behind the attack, as well as their motives and methods, remain largely unknown.
Some experts attribute the attack to Russian adversaries, as investigators determined that a similar attack on Yahoo the following year originated in the Russian government in an effort to spy on high-profile U.S. figures.
On Nov. 24, 2014, a group of hackers calling themselves the Guardians of Peace instigated a massive cyberattack against Sony Pictures. The hackers' unprecedented motive was to prevent the release of the film "The Interview," a Seth Rogen-directed comedy about an assassination attempt on the North Korean leader Kim Jong-un.
Dissatisfied with the company's response to the threat, the hackers leaked data, including embarrassing email exchanges between employees, unreleased films, employee salaries, and film concepts; deleted the company's digital infrastructure and data; and rendered nearly half of the company's computers inoperable.
The FBI described the cyberattack as one of the largest committed against the U.S., and its ensuing investigation revealed that it was sponsored by the North Korean government. This unveiled a concerning truth about the nature of cyberattacks: because they are relatively low-cost, they are easily implemented by smaller actors.
On July 19, 2015, users of the infidelity-based dating site Ashley Madison logged in to find a message from hackers threatening to release users' personal information if the site was not shut down. The group of hackers, dubbed the Impact Team, claimed they intended to punish the company for profiting from harming others.
After Ashley Madison's parent company, Avid Life Media, refused the hackers' demands to shut down, the group published 120 gigabytes of user data, including names, addresses, credit card transaction information, and search histories.
Many news outlets at the time hastily publicized the names leaked during the breach, and those identified were subject to public shaming and extortion. Numerous divorces, high-profile resignations, and even suicides ensued, prompting debate over the ethics of publicizing illegally obtained personal information.
Amid the then-ongoing conflict leading to the eventual annexation of Crimea by Russian forces, the Russian hacker group Sandworm used malware to access the networks of three Ukrainian energy companies on Dec. 23, 2015. By disabling components of the companies' IT infrastructure and call centers, Sandworm caused hourslong power outages for nearly 230,000 Ukrainians.
Not only was the incident the first successful cyberattack on energy infrastructure, but it is also considered one of the first cyberattacks that resulted in physical consequences. It also introduced the concept of Russian Hybrid warfare, an approach to achieving Russia's political objectives by combining traditional and cyber-based warfare techniques.
When the credit bureau Equifax failed to install a critical security patch for its website's framework, hackers quickly took notice. On May 12, 2017, the hackers accessed Equifax's internal servers, stole employees' credentials, and extracted user information from the company's database. Over the course of 76 days, they obtained the names, Social Security numbers, birth dates, and more belongn to 147.9 million Americans, 15.2 million British citizens, and 19,000 Canadians.
The incident remains one of the largest cyberattacks involving identity theft, and the company's reputation suffered for its lax and inadequate security measures. In an eventual settlement with the Federal Trade Commission, Equifax offered impacted users a choice of free credit monitoring or a modest sum of money.
This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.