Issue link: https://maltatoday.uberflip.com/i/1191618
12.12.19 6 FEATURE Learning from the biggest CYBER attack — the words alone can be enough to incite panic. Between a lack of understanding and media sensa- tionalism, any mention of a cyber attack brings to mind catastrophic levels of damage. Like the difference between a cold and pneumonia, there are varying levels of severity when it comes to cyber attacks. A DDoS (distributed denial of service) attack, for instance, is a very common cyber attack that can be used for some- thing as petty as forcing a fellow video gamer to disconnect from an online server. On the other side of the spec- trum, a sophisticated ransomware at- tack can cripple a whole conglomerate. ese high-level hacks are rarer by comparison to the average DDoS attack but can do a lot more damage. In this article, we're taking a look at some of the truly "very serious" cyber attacks that have occurred in history, and the lessons we must learn from them. Yahoo! data breach Date of breach: 2013 Date breach was reported: 2016 Type of cyber attack: Yahoo! described the attack as an exploit of the Com- pany's account management tool. Ex- pert analysis suggested that the hack was achieved through forging cookies, which allowed the attackers to access user accounts without entering a pass- word. Damage: Yahoo! originally reported the hack in 2016, three years after the breach took place, and noted one billion user accounts were af- fected. Yahoo! then updated their assessment of the matter in 2017, saying that every single ac- count held by Yahoo! at the time had been breached. is includ- ed extended compa- nies of Yahoo!, such as Tumblr. e total num- ber of Yahoo! accounts active in 2013 topped three billion. It cost the company $16 million in forensic and lawyer costs. As far as cyber attacks go, having every single user account on your servers compro- mised is certainly a worst-case scenar- io. But this is the exact scenario Yahoo! faced in 2013 when a large-scale hack saw all of its live accounts compro- mised, spilling email addresses, dates of birth, names, security questions, and security answers to be sold off to cy- ber-criminals. But more damaging than the attack it- self was Yahoo!'s response. e compa- ny did not report the breach until 2016, three years after the attack took place. e initial report outlined that one bil- lion accounts had been compromised, which already made it the biggest data breach in history at the time. Worse yet, the discovery of this breach only occurred as Yahoo! was investigating a separate attack dating back to 2014, in which 500 million users were affected. e investigation led to a tip-off from law enforcement which shone a light on this larger breach from 2013. Yahoo! was slammed by media outlets for how long it took for the company to notice the breach, its hesitation in reporting the problem, and its overall lax security features. is is certainly a stark lesson for businesses big and small to take its cyber security seriously, as well as the importance of reporting any and all data breaches quickly and accu- rately. Marriott hotel data breach Date of breach: 2014 Date breach was reported: 2018 Type of cyber attack: Reported to be a combination of a Remote Access Trojan and MimiKatz, which allows the user to find username and passwords. With this, the hacker was able to access an administrator account and access the wider database. e Remote Access Trojan (RAT) may have been placed in the server from a simple download link clicked in a phishing email. Damage: Up to 500 million customer records accessed, with encrypted pay- ment card information and possibly the key to decrypt it stolen. Personal information, such as names, addresses, email addresses, passport numbers, and more were exposed. Hackers had access to the network since 2014. Between a lack of understanding and media sensationalism, any mention of a cyber aack brings to mind catastrophic levels of damage. In 2013 it cost Yahoo! $16 million in forensic and lawyer costs.