10/21/24
Cybersecurity – Attacks
• SolarWinds cyberattack (2020) • A cyberattack on an unprecedented scale, the Sunburst attack on SolarWinds, a major software company based in Tulsa, Oklahoma, sent shockwaves through America in 2020. The attack entailed a supply chain breach involving SolarWinds’ Orion software, which is used by many multinational companies and government agencies • WannaCry ransomware attack (2017) • Carried out in the same year as NotPetya, Like NotPetya, WannaCry propagated via the Windows exploit EternalBlue, which was stolen and leaked a few months prior to the attack. Many of the organizations that fell victim to WannaCry had yet to implement recently released patches that were designed to close the exploit. • Florida water system attack (2021) • A troubling reminder that outmoded tech can provide hackers with an easy entrance point onto an otherwise sophisticated network. In the case of this attack on a water treatment facility in Oldsmar, Florida, an old PC running Windows 7 with no firewall enabled a hacker to gain access and increase the amount of sodium hydroxide in the water by a factor of 100. The breach could have been catastrophic had it not been caught in time.
company confidential
37
Cybersecurity – Attacks • RockYou 2009
• RockYou, a Redwood City, Calif. developer of popular social media games like Gourmet Ranch and Zoo World, disclosed in Dec. 2009 that a user database, exposing personal identification data of some 32 million registered users passwords. • The breach was particularly egregious by some because the password data had been stored in plain text instead of being hashed, as is common practice. • RockYou (2021) • When a user posted an enormous 100GB TXT file on a popular hacker forum in June 2021 they claimed that it contained 82 billion passwords. Tests later found that there were in fact ‘only’ 8.4 billion passwords in the file. • Named after the original RockYou breach of 2009, RockYou2021 appeared to be a mind-bendingly huge password collection. 8.4 billion passwords equates to two passwords for every online person in the world (it’s estimated that there are 4.7 billion people online).
company confidential
38
19
Made with FlippingBook - Online catalogs