A cyber attack takes place every 39 seconds around the world[1]. While many go unnoticed by the general public, others have left their mark on the history books. Here are 4 legendary cyber attacks that should convince you to protect your IT systems!
Stuxnet: the USB key attack that called Iran’s nuclear programme into question
In 2009, the world discovered a new dimension in cyber warfare with the appearance of Stuxnet[2], a highly effective computer worm. This malware, introduced via USB sticks, managed to infiltrate the most heavily protected industrial systems in Iran, including the nuclear facilities at Natanz.
Designed to target programmable logic controllers (PLCs), Stuxnet discreetly altered the operation of centrifuges used for uranium enrichment, forcing them to run at destructive speeds while displaying normal parameters to operators.
This attack, attributed to collaboration between the United States and Israel, demonstrated for the first time how a cyber weapon could inflict physical damage on critical infrastructure.
It also highlights the role that USB ports can play in cyber security breaches. To protect themselves, organisations would do well to install USB decontamination terminals, such as those offered by the Tyrex solution.
Cyber attack against Estonia in 2007: a world first
On 27 April 2007, Estonia[3] was the scene of the first large-scale cyber-attack against a state. Following a controversial decision to move a Soviet statue from Tallinn, coordinated cyber attacks paralysed the country’s digital infrastructure.
Government, banking, media and education websites were inaccessible for several days, plunging the country into unprecedented digital chaos. This attack, widely blamed on Russian nationalist groups, highlighted the vulnerability of states to massive digital attacks and led NATO to strengthen its cyber security capabilities.
WannaCry: digital epidemic and cryptocurrencies
In May 2017, the WannaCry[4] ransomware hit the world, causing a veritable digital epidemic. This malware, exploiting a security flaw in Windows systems, encrypted users’ files, demanding a Bitcoin ransom to unlock them. WannaCry spread rapidly, affecting more than 200,000 computers in 150 countries.
Victims included hospitals, businesses, public authorities and even critical infrastructure. The National Health Service (NHS) in the UK was particularly hard hit, with many surgeries cancelled and patients at risk. Although the attack was stopped thanks to the discovery of a ‘kill switch’, it highlighted the serious shortcomings in IT security around the world.
NotPetya/ExPetr: the most expensive attack in history
In June 2017, a new ransomware variant called NotPetya, also known as ExPetr, swept across the globe. Unlike WannaCry, NotPetya was not designed to generate profits via ransomware, but rather to inflict massive damage.
Originating in Ukraine, this legendary cyberattack quickly affected multinational companies, ports, airports and critical infrastructure. Shipping giant Maersk, pharmaceutical group Merck and food conglomerate Mondelez are among the companies that suffered colossal losses.
Experts estimate the overall economic damage from NotPetya at more than $10 billion, making it the costliest attack in history. This attack highlighted the destructive capacity of cyber weapons when deployed on a large scale.
The London hospital cyber attack: patient data at risk
Finally, when it comes to cyber security, hospitals are often prey! In June 2024, London’s hospitals were hit by a devastating cyber attack, jeopardising patient safety and continuity of care. Partner hospitals of Synnovis, a provider of pathology services, were targeted by the Russian hacking group Qilin on 3 June. Leading hospitals such as King’s College, Guy’s and St Thomas’, as well as the Royal Brompton and Evelina London Children’s Hospital, were severely affected.
The group demanded a ransom of more than €47 million, threatening to disclose sensitive patient data if their demands were not met. When the NHS refused to pay, Qilin carried out its threat by publishing the stolen information on the dark web.
The consequences of this attack were disastrous. NHS England declared a major regional incident, resulting in:
- the cancellation of 4,913 outpatient appointments
- the postponement of 1,391 operations.
These legendary cyber-attacks show the extent to which cyber-security in businesses and critical organisations has become an issue. Any security breach can have devastating consequences. That’s why it’s so important to protect your IT infrastructure and train your employees!
Read also: Cybersecurity: 5 key actions for businesses and public authorities
