Major cyber attacks. What is a cyber attack? Recent examples show alarming trends. Attack on Lebanese banks
The Latvian newspaper “Hour,” citing data from an investigation conducted over 10 months by experts in the field of computer crimes, reported that the foreign ministries of Iran, Bangladesh, Latvia, Indonesia, the Philippines, and Brunei were attacked by a spyware program called GhostNet. , Barbados and Bhutan. In addition, according to the publication, traces of “electronic spies” were found in the embassies of Germany, Portugal, India, Pakistan, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand and Taiwan. As the publication noted, the creators of the program had access to 1295 computers government agencies and individuals.
2008
The Conficker virus was discovered on the network. By April 2009, it was already in more than 12 million computers.
Were injured digital systems ships of the British Navy, as well as the House of Commons of the British Parliament. The virus easily cracks passwords and then uses infected machines to send spam or as a base for storing stolen information.
2007
Hackers launched attacks on the websites of official Estonian institutions. On April 27, hackers hacked the website of the ruling Reform Party. On the same day, access to the Estonian government website was restricted. On April 28, access to the websites of the President of Estonia, the country's parliament and the Estonian Ministry of Foreign Affairs was blocked for some time. Hacker attacks on the websites of Estonian government agencies began after the country's authorities decided to begin work on the exhumation and identification of the remains of Soviet soldiers buried at the Monument to the Soldier-Liberator.
Representatives of the Estonian government in their organization Russia and Russian intelligence services. According to experts, the hacker attacks were global and did not originate from one country.
2005
There was a virus attack on the systems of leading print publications, as well as radio and TV companies in the United States. In particular, the Windows 2000 operating system was temporarily disabled in the New York Times newspaper and on the ABC and CNN TV channels. The hacker also hacked into the databases of several banks and manipulated accounts, disrupting the transfer system Money. Hundreds of thousands of computers around the world were infected.
2004
Italy was attacked by the latest computer virus Sasser, which spreads using flaws in Windows software. Tens of thousands personal computers private users and various organizations froze and disconnected for long hours. Particularly great damage was caused electronic systems Italian Railways and State Post Office. Even the computers of the Italian Ministry of Internal Affairs were out of order for some time. Microsoft has offered a $250,000 reward for information about the creator of the virus.
Almost every day there are new reports in the media about cyber attacks recorded in different countries Oh. There are cases that people will remember for a long time.
"Titanium Rain"
Unknown hackers managed to carry out an illegal operation called “Titanium Rain” for almost four years in a row. From 2003 to 2007, attackers hacked into the networks of security, energy and defense departments of various countries. Separately on this list is the British Foreign Ministry, which was also attacked by Internet criminals.
In total, during the specified period, hackers downloaded several terabytes of secret information, but remained undetected. It was believed that the illegal activities were carried out by Chinese military personnel living in Guangdong Province. Beijing officials denied these assumptions, noting that the criminals simply “disguised” their computers under false addresses.
The main feature of Operation Shady RAT is that it continues to this day. As in the first case, the PRC is considered the source of the threat, but experts cannot yet substantiate their accusations.
Back in 2011, McAfee, a company specializing in the development of antivirus software, recorded a number of hacks related to the same features. As it turned out, it was a large-scale hacker campaign that had been going on since 2006.
Attackers send emails to employees of large organizations, infecting their PCs with Trojan-type viruses. The UN Olympic Committee, the Association of Southeast Asian Nations, as well as an incredible number of commercial firms from Japan, Switzerland, Great Britain, Indonesia, Denmark, Singapore, Hong Kong, Germany and India have already become victims of hacking. In addition, computers of the governments of the United States, Taiwan, South Korea, Vietnam and Canada were attacked.
Revenge for the monument
In 2007, after the Estonian authorities decided to demolish a Soviet monument in the center of Tallinn, the country was subjected to massive cyber attacks. Due to problems, several banks and mobile operators were not working for quite a long time. At the same time, citizens could not use ATMs or Internet banking. Visiting government and news resources also proved impossible.
In light of recent events, government officials immediately blamed Russia for the attack. Moscow rejected the claims, stressing that the Kremlin does not deal with such things.
Conflict in South Ossetia
In August 2008, an armed conflict began between Georgia and the self-proclaimed republics of South Ossetia and Abkhazia. Since then, Tbilisi began to be subject to online attacks, for which the Russian Federation was immediately blamed. Moscow officially supported the opposite side, so attacks by its hackers on Georgian resources seemed quite logical. Prime Minister Dmitry Medvedev did not confirm this information and said that the state has nothing to do with cyber attacks.
Tbilisi law enforcement agencies still managed to identify the criminals, who turned out to be members of the Russian Business Network group. According to foreign experts, members of the association deliberately blocked the websites of Mikheil Saakashvili, the Ministry of Foreign Affairs and the Ministry of Defense of Georgia.
Stuxnet and Iran's nuclear program
In June 2010, experts discovered a worm called Stuxnet. It exploits Windows vulnerabilities to hack Siemens industrial systems. Similar software is installed at nuclear power plants and other enterprises associated with the segment.
The largest number of infected computers was seen in Iran, where 16 thousand machines were attacked. It is assumed that this software developed by Israel in order to prevent Tehran from developing nuclear weapons. In 2011, The New York Times confirmed the allegations, citing its own research.
Olympics and WADA
No less interesting were hacks from the hacker organization Fancy Bears, outraged by the actions of the World Anti-Doping Agency (WADA). In most cases, we are talking about documents incriminating the department of supporting foreign athletes and having a biased attitude towards Olympic participants from Russia.
IN last time, when Internet criminals made themselves known, they posted excerpts of correspondence between two WADA members on the Internet. According to these materials, several members of the US team used cocaine to lose weight before competitions. At the same time, the agency knew about what was happening, but did not react in any way to the athletes’ actions.
Hillary Clinton and WikiLeaks
During the election race in the United States, in which Hillary Clinton became one of the participants, another anonymous organization gained popularity on the Internet and in the media. Its members published on the Internet fragments of correspondence from the candidate, who, while serving as Secretary of State, used a personal mail server, not government lines.
Most of the documents ended up on the WikiLeaks portal, which accused Clinton of many violations. After this, a real scandal erupted around the official related to her activities. Later in World Wide Web there was even information that the wife of the ex-president of the country periodically practices same-sex love with her assistant.
Hackers paralyzed the activities of dozens of British hospitals, the Spanish corporation Telefonica, and a German transport company. The Russian Megafon, as well as the Ministry of Internal Affairs, had problems.
Tens of thousands of computers stopped working almost instantly. This is a very serious signal. We all face computer viruses. We have virus protection. But problems still arise from time to time. But it's one thing personal computer. Correspondence or some cats will disappear. Unpleasant, but not a tragedy. Another thing is, for example, hospitals, as they are now in England. People's lives are at risk here.
And industrial enterprises, energy, chemistry. This is where the consequences of cyber attacks can be catastrophic. The Russian Kaspersky Lab discovered last year malware by 27% industrial systems world - almost total infection.
Power outages as a result of hacker attacks are already commonplace. Every year such events are recorded in different countries. And the paradox is that the more perfect the energy system, the greater the risk. The most modern electrical substations no longer even have switches. Everything is controlled by computers. In the event of an accident, you can no longer come and turn on the switch with your hand. Modern civilization has turned out to be extremely vulnerable.
One more circumstance is especially worrying. The viruses that attacked the world on Friday were created by the US National Security Agency. This is, in particular, what ex-employee of this agency Edward Snowden, who is now hiding in Russia, says about this. And here's the question. Is this how the NSA demonstrates its capabilities, its strength? Shows that it can destroy any computer systems? Shows this with the help of some left-wing hackers. Or is this really a malware leak? This means negligence, criminal negligence of employees of the most important US intelligence agency. What's worse. What if bacteriological weapons or nuclear weapons leak?
An English patient tells how he suffered from a program virus that blocked all computers in the hospital where he is being treated. It is necessary to cut without waiting for complications, but the surgeon did not dare.
“He said all the computers were frozen. There is no guarantee that the operation will be completed safely and successfully. They put it off for a while,” says Jonathan.
The ultimatum on the screen was seen by both the staff of the London hospital and another hundred thousand users. Red threat level. Hackers don't bargain, they dictate the rules.
What happened to my computer?
Your information is encrypted. Documents, photos, videos, databases. You won't be able to decipher it without our code.
How can I recover my data?
We guarantee everything will be fine. You can decipher some of the information right now. You will have to pay for the rest. 300 dollars. In a week the amount will double. In another week we will destroy the files. The countdown is already underway.
The hackers deliberately set the ransom amount to be small, in the belief that many of the hundred thousand victims would find it easier to pay than to fight for files dear to their hearts. Payment is only made in bitcoins, a cryptocurrency whose movement cannot be tracked.
In less than 24 hours, the virus spread across the planet. Epidemic! Almost a hundred countries - all of Europe, America, China, India. So far, only Australia has not been touched. And Africa is somehow holding on, but there are fewer computers there. Russia suffered the most.
The short-term defeat of their networks was confirmed by the Ministry of Internal Affairs, then by the Russian railways", then "Megafon", "Yota". Others were also attacked mobile operators, but they survived. The Ministry of Health and the Ministry of Emergency Situations survived.
“There is a presidential decree on the creation of the Russian segment of the network, this is a closed Internet around government officials. The defense industry has been behind this shield for a long time. Were injured simple computers employees. It is unlikely that it was access to the databases that was affected - they are also on other operating systems and are, as a rule, located at providers,” explains Adviser to the Russian President for Internet Development German Klimenko.
The virus tested the strength of top Russian banks. It seems that the hackers specifically attacked government agencies and large businesses. Petty extortion, more like cyber terrorism.
The title is a play on words. “WannaСry” - “I want to decipher” and at the same time “I want to cry.” This virus has already been at the center of a spy scandal. WikiLeaks is sure: it was with its help that American intelligence services monitored users around the world, those who forgot, Edward Snowden reminded.
"Wow! The NSA's decision to create attack tools against American software now threatens the lives of hospital patients!" Edward Snowden tweeted.
He, like Snowden, also worked for the US National Security Agency. He also believes that this could not have happened without the NSA. Did the hackers launch the virus on the network themselves or on the orders of the intelligence services: see how it works? Who can say for sure?
“This is a computer war that is sponsored and supported by the United States of America. And we will see this type of attack more than once,” says former NSA (USA) employee Wayne Madson.
The virus that made so much noise does not hack computer software, does not search weak points in defense. The developers, accidentally or intentionally, left an unlocked door in the Windows XP system. Back in March, after the spying scandal broke, Microsoft released a program that closed the gap. You just had to download it. Those who didn’t do this are now in a situation: hackers have changed the locks and are demanding money for the keys.
“This is the first case of the massive use of military viruses by the CIA or NSA,” notes Igor Ashmanov.
This is the only thing that makes it unique, says one of the main Russian IT consultants, Igor Ashmanov. The virus is simple, not new. IN open access it was posted precisely as proof: American intelligence agencies are watching everyone. The source was used by cybercriminals.
“He was sterilized in the sense that they removed some places from him to make him non-hazardous, sterilized. But the hackers simply revived him, added living water, and he became combative again. And they launched it, perhaps, just to check it,” says Igor Ashmanov.
It turns out that any virus created by intelligence agencies can fall into the hands of hackers. And it is not always a relatively harmless screen blocker.
At one time, the United States and Israel developed a virus that significantly slowed down the Iranian nuclear program. He simply disabled the uranium enrichment centrifuges.
And during Operation Desert Storm, the Iraqi Air Force radars were blocked computer program, written by French programmers. What will happen if such cyber weapons end up in the hands of terrorists? Considering that computers now control everything from nuclear power plants to airplanes and trains.
Yesterday, the virus paralyzed the work of Germany's largest rail carrier, Deutsche Bahn. Spanish cellular company Telefonica also barely coped with the virus attack.
“I don’t think there is a motive for world domination here. This is basic extortion, blackmail for the purpose of obtaining money. If hackers needed to fight for world domination, it would be some kind of political demands or motives,” says Natalya Kasperskaya, president of the Infowatch group of companies.
“The first source of distribution is the opening of malicious emails, that is, email messages,” explains Nikolai Grebennikov, vice president of engineering at Acronis.
Human factor. One of the employees finally wavered and opened the letter with a tempting title. The damage from such gullible people is 80 billion dollars a year.
“Of course, attackers are focusing their efforts and financial resources on creating such means of attack that will allow them to obtain some benefit. By restricting access to IT resources or to some services. The only one like this good way protection is comprehensive protection,” says Nikolai Grebennikov, Vice President of Engineering at Acronis.
Two simple points. Teach staff hygiene on the Internet, that is, update antivirus software, do not open suspicious emails, do not visit porn sites, and be sure to create backups all important data.
This is the only thing that is now saving English hospitals from complete collapse. At least somehow, in the old fashioned way, patient histories and medical records were still kept.
Last year, hackers focused on attacks on companies and exploiting vulnerabilities. Massive cyber attacks like WannaCry, which shocked the world in 2017, were avoided last year. But even without that, cyber pests caused a lot of trouble, proving that the world's companies are still vulnerable to hackers.
Hackers stole more than $500 million from Japanese crypto exchange One of the largest cryptocurrency exchanges in Japan, Coincheck, confirmed on Friday, January 26, the theft of funds from the platform. In total, the theft of 58 billion yen ($533 million) in the NEM (XEM) cryptocurrency is reported.
Coincheck suspended operations with NEM and other altcoins after more than 100 million XRP (about $123.5 million) were withdrawn from the company’s wallet to an unknown destination. At the same time, there were unconfirmed reports at that time that unknown attackers withdrew another $600 million in NEM from the exchange.
And a little later, representatives of Coincheck held a press conference at which they officially announced the loss of 58 billion yen. As stated in the Coincheck message, trading in all types of crypto assets, except for Bitcoin, was also suspended; the site is temporarily not accepting new investments in NEM tokens.
What happened with Coincheck reminded exchange users of the history of the Japanese platform Mt Gox, which in 2014 became the target of hackers, lost 850 thousand bitcoins one-time and was forced to declare bankruptcy.
A virus similar to WannaCry attacked Boeing
Boeing Corporation was attacked by a virus similar to the WannaCry ransomware program, The New York Times reported, citing a letter distributed within the company.
The document, signed by Boeing Commercial Airplane chief engineer Michael Vanderwel, said the virus could spread to aircraft software as well as production systems. He urged his colleagues to be careful, noting that the virus “metastasizes.” At the same time, Boeing’s Twitter page states that the media exaggerated the scale of the cyber hack.
Details of the cyber attack, including intended use WannaCry virus or similar to it, Boeing has so far refused to disclose.
In May 2017, the WannaCry (WannaCrypt) ransomware virus blocked the operation of several hundred thousand computers around the world. He blocked computers and demanded money to be transferred to restore access. Computers with Windows system, for which it was not installed necessary update. Russian government agencies and British hospitals were among others affected by the WannaCry virus.
Data of 3 million users leaked from Facebook
The personal data of about 3 million Facebook users who used an application with psychological tests was in the public domain for four years, New Scientist reported, citing its own investigation.
Data was collected using a Cambridge University project - the myPersonality app. It was launched in 2007 and offered users to take psychological tests and get results quickly. At the same time, a certain number of users agreed to share their personal data from Facebook profiles.
The results of psychological tests were used by academics at the University of Cambridge, who then stored the data on a website with “insufficient safeguards” for four years, the investigation found. Over the years, hackers could gain access to user data “without any particular difficulties,” the publication notes.
It is noted that more than 6 million people passed the tests, about half of them shared data from their Facebook accounts with the project. To gain access to the full data set, one had to register as a collaborator on the project. More than 280 people from nearly 150 organizations did so, including university researchers and employees at Facebook, Google, Microsoft and Yahoo!. However, those who did not register could find the password to access the data through an online search. The app also collected information about the statuses of 22 million Facebook users and the demographic data of 4 million users.
Hackers stole personal data of 2 million T-Mobile customers
International mobile operator T-Mobile has disclosed a recent hack that resulted in attackers gaining access to 2 million of the company's customer accounts. According to T-Mobile, as a result of the hack, hackers stole “some” information: names, email addresses, account numbers and other data. Numbers credit cards, passwords, and social security numbers (the main document in the United States) were not affected.
In an official statement, the operator states that the cybersecurity department discovered unauthorized access to the databases on Monday, August 20. A T-Mobile representative confirmed the hack in a comment to Motherboard, adding that the theft affected “just under 3%” of the accounts. total number There are 77 million users. The company representative did not name the exact number of accounts affected by the cyber attack.
It is still unknown who is behind the attack, but the company suspects members of some “international hacker group.” T-Mobile says it cannot disclose details of the cyberattack and does not have information on whether the attackers were pro-government hackers or simple cyber thieves. The statement says that all the operator’s clients whose Accounts may have suffered during a cyber attack will be notified via SMS.
This is the second time hackers have gained access to T-Mobile customer data. In 2015, attackers stole the data of about 15 million American subscribers of the operator as a result of hacking one of the servers of the company Experian, which checks consumer credit ratings.
Chinese hacker chips hacked equipment of 30 US companies
In early October, Bloomberg published an article claiming that Chinese hackers were trying to spy on American companies using microchips. According to agency sources, spy chips were embedded in motherboards intended for servers used by companies such as Apple and Amazon. Sources claimed that this happened at the stage of equipment assembly at factories in China, which are contractors of the world's largest manufacturer motherboards Supermicro.
Subsequently, Apple and Amazon refuted these claims, assuring that there is no such problem, and the intelligence services of various countries, including the United States, confirm this. Recently, Apple sent an official letter to the US Congress, in which it harshly refuted all the statements of Bloomberg journalists about Chinese bugs. Supermicro also denied Bloomberg's accusations.
Hackers stole data from 500 million Marriott hotel chain customers
One of the world's largest hotel chains, Marriott International, reported a data breach of 500 million customers. This is the largest hack since 2013, when cybercriminals obtained the data of 3 billion Yahoo! users. The company's statement says that back in 2014, hackers gained access to the database of Starwood, which is owned by Marriott and operates the Sheraton, St. Regis, Le Méridien, W Hotels, Four Points by Sheraton.
Combinations of name, phone number, passport number, email address, postal address, date of birth and gender of at least 327 million people were in the hands of attackers. Marriott does not exclude the possibility that cybercriminals could obtain data about bank cards, which are stored in encrypted form. They also note that Starwood Preferred Guest (SPG) information was available, namely account data, date of birth, gender, arrival and departure times, reservations and preferences.
The company said it would notify all customers who were in the database about the cyberattack. Marriott International said that it took the necessary measures to correct the situation, including reporting the incident to law enforcement agencies, but declined to comment further. After the release of this information, the company's shares fell by more than 5%.
Hackers read correspondence of European diplomats for three years
Unknown hackers had access to diplomatic correspondence in the EU for several years and downloaded thousands of letters, The New York Times reported, citing data from Area 1, which deals with cybersecurity issues. Hackers gained access to European diplomatic channels and for years collected letters from EU officials in which they spoke about Trump, Russia, China and Iran's nuclear program.
The Area 1 company shared with the newspaper information from 1.1 thousand letters from EU diplomats. According to the publication, hackers gained access to correspondence through a European communication network COREU. Topics of correspondence included foreign policy, tariffs and trade, terrorism, migration, and descriptions of various meetings.
Among the hacked data were weekly reports from EU missions in Russia, Kosovo, Serbia, Albania, China, the United States and Ukraine, the newspaper writes. For example, in one letter, European politicians described their impressions of the meeting between Trump and Putin in Helsinki: in their opinion, the summit was “successful” (at least for Putin).
The purpose of the cyberattack that affected European correspondence was not the publication of stolen materials, the newspaper's source reports. On the contrary, it was a “purely spy question,” the publication writes. According to the publication, more than 100 organizations were targeted by hackers, many of which did not know about the hack until they received a message from Area 1.
Experts said the techniques the hackers used over a three-year period resembled those long used by China's elite People's Liberation Army unit. It is also noted that hackers also gained access to US diplomatic channels and correspondence of foreign ministers around the world.
Each of them turned a page in the history of cybercrimes
At the request of Vedomosti, experts from antivirus companies Doctor Web, Eset and Kaspersky Lab, as well as Digital Security (analysis of IT system vulnerabilities) listed the most important cyber attacks in history. Each of them turned a page in the history of cybercrimes and clearly demonstrated the fragility of the new world in which humanity is trying to get used to.
In March 1999, the Melissa virus became the first malicious code to spread across e-mail. The work of the mail servers of several large companies in many countries was disrupted. The mechanism of virus spread caused an explosive wave of infected letters. As a result, the load on mail servers and the processing of mail messages was significantly slowed down - or stopped. Damage from the epidemic was estimated at $80 million. Pictured are experts Fredrik Bjork (left) and Joan Ekstrom, who helped the FBI identify the author Melissa
