Cybersecurity Breach Tier List 2024
Summary
TLDRThis video script explores the most significant cybersecurity incidents since the internet's inception, using 'The Mad Hat metrics' to rank their severity. It delves into major breaches like Marriott's 500 million user data exposure, Adobe's 153 million account compromise, and the widespread damage of NotPetya and WannaCry ransomware. The script also examines the 2014 Yahoo data breach affecting all 3 billion users and the 2024 CrowdStrike incident that led to millions of computers crashing, resulting in billions in losses. The analysis highlights the importance of security measures and the catastrophic consequences of their neglect.
Takeaways
- 😱 The CrowdStrike incident in July 2024 caused an estimated 8.5 million Windows computers to crash globally, leading to significant disruptions and billions in losses.
- 📉 CrowdStrike's market value plummeted by $25 billion following the incident, highlighting the severe impact on the company's reputation and financial standing.
- 🛑 Major disruptions included cancelled flights, hospital surgeries, and 911 system outages, demonstrating the far-reaching consequences of such a cybersecurity event.
- 💡 The incident was attributed to an update by CrowdStrike that led to null pointers and kernel issues, resulting in the widespread blue screen of death for Windows users.
- 💸 Fortune 500 companies faced an estimated loss of $5.4 billion, with Delta Airlines alone reporting $500 million in losses due to the outage, underscoring the massive economic impact.
- 🔒 The Marriott data breach in 2018 affected 500 to 600 million accounts, with sensitive information including passport numbers and encrypted payment card details being compromised.
- 🤔 The true cause of the Marriott breach remains unclear, but it is suspected that nation-state actors were involved, indicating the potential for geopolitical motivations behind cyber attacks.
- 💳 The Target data breach in 2013 involved the theft of credit card numbers from nearly 40 million customers, followed by the theft of PII data of up to 70 million customers, showing the vulnerability of retail giants.
- 🛑 The Equifax data breach in 2017 exposed personal identifying information of approximately 143 million US consumers, including Social Security numbers and driver's license numbers, leading to a $1.38 billion settlement.
- 🚫 The WannaCry ransomware attack in 2017 rapidly spread to over 200,000 computers in 150 countries, exploiting the EternalBlue vulnerability and causing an estimated $4 billion in damages.
- 🌐 The NotPetya malware attack in 2017 was one of the most destructive, primarily targeting Ukraine but spreading to 60 countries, causing over $10 billion in losses and被认为是 a state-sponsored attack by Russia.
Q & A
What was the impact of the Marriott data breach in 2018?
-The Marriott data breach in 2018 impacted an estimated 500 to 600 million accounts, with personal information including names, mailing addresses, phone numbers, email addresses, passport numbers, and more being exposed. Some accounts also had payment card information compromised, although it was encrypted using AES 128.
What is the significance of the Adobe breach in 2013?
-The Adobe breach in 2013 affected 153 million Adobe accounts, exposing sensitive data such as user IDs, encrypted passwords, names, email addresses, and credit card information. The breach was significant due to the exploitation of vulnerabilities in Adobe's ColdFusion servers and poor security practices.
What was the Stuxnet worm and how did it affect Iran's nuclear program?
-Stuxnet was the world's first known digital weapon, specifically designed to disrupt Iran's nuclear program by targeting the country's uranium enrichment centrifuges. It was discovered after inspectors noticed rapid failures of centrifuges at Iran's Natanz facility. The worm spread globally but primarily impacted the intended target, causing an estimated monetary loss of over $50 million.
What were the consequences of the Sony PlayStation Network attack by Anonymous in 2011?
-The attack by Anonymous disrupted the PlayStation Network for three days before Sony suspended it. The security breach affected 77 million users, exposing personal information such as names, addresses, email addresses, birth dates, and possibly credit card information. Sony's response cost an estimated $171 million, but its stock price rebounded after the incident.
What was the cause of the Equifax data breach in 2017?
-The Equifax data breach in 2017 was caused by a severe security vulnerability and an unpatched Apache Struts software flaw. Attackers exploited this to gain unauthorized access to the personal identifying information of approximately 143 million US consumers, including Social Security numbers and driver's license numbers.
What was the impact of the Target data breach in 2013 on the company and its customers?
-The Target data breach in 2013 resulted in the theft of credit card numbers from nearly 40 million customers and personal identifiable information of up to 70 million customers. The breach occurred through a third-party vendor and involved a phishing attack and the installation of malware. Despite the breach, Target's stock price remained largely unaffected, indicating that customers continued to shop at the retailer.
What is the significance of the WannaCry ransomware attack in 2017?
-The WannaCry ransomware attack in 2017 was significant due to its rapid spread to over 200,000 computers in more than 150 countries within a few days. It exploited the NSA vulnerability EternalBlue and primarily affected Windows 7 devices. The attack resulted in an estimated $4 billion in damages and highlighted the importance of timely security updates.
What was the NotPetya malware attack, and what were its effects?
-NotPetya was a malware attack that masqueraded as ransomware but was actually designed to destroy computer systems. It spread quickly using the EternalBlue exploit and primarily affected Ukraine but impacted over 60 countries. The attack resulted in an estimated $10 billion in losses, making it one of the most costly cyber attacks in history.
What were the Yahoo data breaches in 2013 and 2014, and what was their impact?
-Yahoo faced two massive data breaches in 2013 and 2014, which led to the theft of sensitive information from all three billion of its users. This included usernames, email addresses, birth dates, phone numbers, and encrypted passwords. The breaches significantly impacted Yahoo's reputation and resulted in a reduced sale price to Verizon and settlement fees of around $150 million.
What was the CrowdStrike incident in 2024, and how did it compare to other major cybersecurity incidents?
-The CrowdStrike incident in 2024 involved an update that caused an estimated 8.5 million Windows computers worldwide to crash, resulting in significant disruptions and an estimated $5.4 billion in losses for Fortune 500 companies. CrowdStrike's market value dropped by $25 billion as a result. The incident was considered 'simply stupid' due to its preventability and the scale of its impact compared to other major cybersecurity incidents.
Outlines
🐉 Cybersecurity Catastrophes: The Big Ones
This paragraph delves into the most significant cybersecurity incidents in history, prompted by recent turmoil in the cybersecurity realm. The speaker aims to evaluate these events using the 'Mad Hat metrics' from the Mad Hat Labs, focusing on the impact, victims, duration, financial losses, and the complexity of the incidents. The tier list of the top 10 breaches is introduced, ranging from minor fails to those so severe they're considered 'plain stupid.' The paragraph sets the stage for a detailed examination of each incident, starting with the Marriott data breach of 2018, which affected 500 million accounts and included sensitive personal information. The breach was traced back to 2014, highlighting a lack of security and the acquisition of Starwood by Marriott, which left the database vulnerable. The incident's financial repercussions and the speculation of nation-state involvement are also discussed.
🛡️ Adobe's Security Oversight and the Stuxnet Attack
The second paragraph discusses the 2013 Adobe security breach, where unauthorized intruders accessed 153 million Adobe accounts, exposing user IDs, encrypted passwords, names, email addresses, and credit card information. The breach was linked to vulnerabilities in Adobe's ColdFusion servers and potentially a spear-phishing campaign. The response to the breach and the financial implications for Adobe are outlined, with the company's stock value remaining unaffected. The paragraph also covers the Stuxnet worm discovered in 2010, which targeted Iran's nuclear program by disrupting uranium enrichment centrifuges. The worm's delivery method and the estimated costs of the damage are explored, along with the attribution of the attack to the US and Israel.
🎮 Sony's PlayStation Network Breach and Equifax Fiasco
This section covers the 2011 cyber-attack on Sony's PlayStation Network by the activist group Anonymous, which led to a significant security breach affecting 77 million users. The breach exposed personal information and possibly credit card details. The methods used in the attack and Sony's response are discussed, highlighting the relatively low cost to the company and the quick recovery of its reputation. The paragraph then shifts to the 2017 Equifax data breach, one of the most severe in US history, where personal identifying information of 143 million US consumers was stolen. The breach occurred due to an unpatched vulnerability and the attackers' ability to exploit the company's online dispute portal. The aftermath, including the settlement costs and the impact on Equifax's market value, is also examined.
🛑 The Infamous Target Breach and the WannaCry Ransomware
The fourth paragraph details the 2013 Target data breach, which saw the theft of credit card numbers and personal identifiable information of millions of customers. The breach was facilitated through a third-party vendor and involved the use of malware like Citadel. The failure of Target's security team to act on alerts and the use of a free version of Malwarebytes are highlighted. The paragraph then discusses the WannaCry ransomware attack of 2017, which affected over 200,000 computers globally, including major companies and the UK's National Health Service. The use of the EternalBlue exploit by the ransomware and the estimated damages are covered, along with the role of a cybersecurity researcher who helped stop the spread of the malware.
💥 NotPetya's Global Rampage and Yahoo's Historical Breaches
This section examines the NotPetya malware attack of June 2017, which was more destructive than WannaCry and primarily targeted Ukraine but spread to over 60 countries. The attack utilized the EternalBlue exploit and caused widespread damage, with companies like Maersk, Mondelez International, and FedEx incurring significant losses. The paragraph also revisits Yahoo's data breaches of 2013 and 2014, which affected all three billion of its users, making it the largest breach in history. The impact on Yahoo's sale to Verizon and the overall consequences of the breaches are discussed.
🚨 The CrowdStrike Incident: A Costly Misstep
The final paragraph discusses the CrowdStrike incident of July 2014, where an update to a file caused an estimated 8.5 million Windows computers to crash, leading to significant disruptions and financial losses. The incident resulted in flight cancellations, hospital surgeries being postponed, and 911 system outages. The financial impact on Fortune 500 companies and Delta Airlines is highlighted, with the incident causing a loss in CrowdStrike's market value. The paragraph emphasizes the severity of the incident and the potential for even greater damage had it been a malicious attack.
Mindmap
Keywords
💡Cybersecurity Incidents
💡Data Breach
💡Ransomware
💡Nation-State Actors
💡Zero-Day Exploit
💡Encryption
💡Malware
💡Patch
💡Distributed Denial of Service (DDoS)
💡Cyber Insurance
💡Blue Screen of Death (BSOD)
Highlights
A giant monster is attacking cybersecurity, causing major shutdowns globally in a historically significant incident.
The video compares the CrowdStrike incident with other major cybersecurity breaches using the 'Mad Hat metrics'.
Marriott's data breach affected 500 million accounts, with personal details and payment card information at risk.
Adobe's 2013 breach exposed 153 million accounts, including encrypted passwords and credit card information.
Stuxnet, the first digital weapon, targeted Iran's nuclear program, causing significant damage to centrifuges.
The 2011 PlayStation Network attack by Anonymous disrupted services for millions of users.
Equifax's 2017 breach exposed sensitive data of 143 million US consumers, including Social Security numbers.
Target's 2013 data breach involved the exploitation of a third-party vendor and resulted in the theft of 40 million credit card numbers.
WannaCry ransomware in 2017 affected over 200,000 computers, demonstrating the dangers of self-replicating malware.
NotPetya malware was deployed in 2017, causing over $10 billion in damages and targeting Ukraine primarily.
Yahoo's 2013-2014 data breaches were the largest in history, affecting all three billion of its users.
The CrowdStrike incident in 2024 led to 8.5 million Windows computers crashing globally due to an update error.
The impact of the CrowdStrike incident was unprecedented, with billions of dollars in losses.
Cybersecurity incidents can be ranked from 'fail' to 'apocalyptic' based on their impact and handling.
Many breaches were due to unpatched vulnerabilities and lack of timely security updates.
The video emphasizes the importance of proper cybersecurity measures and the consequences of neglecting them.
Transcripts
inspired by the recent events in the
cyber security space that caused
absolute pandemonium a giant monster is
attacking bikini botom major shutdowns
globally in what might arguably be
considered the biggest cyber security
incident in all of history and I want to
take a look at the biggest cyber
security incidents SL breaches SL big
boo boos to have occurred since the
birth of the internet and the rapidly
growing technology that we've seen so
I've done some majorly salty late night
research all to answer the question
looming in all of our minds was the
crowd strike incident really all that
bad well let's compare and contrast the
[ __ ] out of it using The Mad Hat metrics
of course that I brewed together in The
Mad Hat Labs just for this video impact
how widespread were the effects of the
incident who was affected and for how
long total losses you know money
estimated obviously and the difficulty
of the incident how complicated was it
are we talking about an expensive ass
zero day exploit carried out by a nation
State actor or was it just someone too
stupid to have realized what they gone
done did before it was too late or my
favorite was it just some kid bored on a
Tuesday afternoon in the UK a big like
game I suppose it was see who would who
who could be better a multi-billion
dollar you know agency or a 14y sitting
in his bedroom doing as they saying
around and finding out but for the sake
of all of our sanity I'm going to limit
this tier list to the major 10 incidents
breaches of all time and that should be
enough to compare and place all of these
incidents on the tier list of
imp ranking them from fail to so bad
that it's just plain stupid let's begin
on September 8th 2018 Marriott received
an alert from an internal security tool
regarding an attempt to access the
Starwood guest reservation database in
the US which flagged on an unusual
database query upon investigating the
alert they come to find out there had
been unauthorized access to the Starwood
Network since 2014 the breach impacted
an estimated 500 to 600 million accounts
with an estimated 300 million containing
name mailing address phone number email
address passport number Starwood
Preferred Guest SG account information
date of birth gender arrival and
departure information reservation date
and communication preferences that's a
lot of data some even included payment
card information card number and
expiration but don't worry folks it was
encrypted using the unbreakable AES 128
encryption algorithm which has never
been broken into before oh they had the
encryption Keys too patience ising is
[Music]
theing okay so lots of people were
affected globally all and I mean all of
their data which was readily available
in clear text but how did they they do
it now Marriott has not made any of that
publicly available information so we
don't know exactly what happened but we
do know that Starwood had been
compromised since 2014 back before
Marriott acquired it in 2016 and it took
an additional 2 years for Marriott to
detect any malicious
activity now I'm not sure about that one
I don't know if that checks out because
Marriott was not equipped to handle the
reservations it had just acquired so in
true company merger fashion they left
this largely unsecured database continue
operating which was confirmed later to
contain a remote access Trojan a rat and
MIM cats a tool for sniffing outs
username password combos in system
memory we can only guess that this is
what allowed the malicious Bad actors to
gain admin privileges and query the
database and as of today we still don't
know who actually did it but government
sources speculates that it was in fact
nation state actors part of a broader
Chinese effort to gain information on
American government employees and
Intelligence Officers their reasoning
the code and attack patterns matched up
with techniques employed by state
sponsored Chinese hackers when in doubt
blame nation state actors the overall
difficulty here was low as it was rooted
in what I like to call security comes
last and the Legacy system was unsecured
long enough to allow for a breach now
there are currently class action
lawsuits against the company which are
still ongoing it seems my dog stepped on
a be total estimated losses and fines
combined from what I can tell are
roughly 150 million but supposedly could
reach as high as $ 12.5 billion after
the class action lawsuit with Marriott's
net market cap of 62.4 n billion that's
a significant hit but we'll see if we
actually get anywhere near that after
the class action lawsuit completes
catastrophic the total impact was very
high however the losses for the company
are basically nothing which is
ridiculous look at their stock I think
it's safe to say their reputation is
unaffected and the hack was probably as
easy as sending a fishing email probably
and poking around undetected for 4 years
the hacker had time to graduate college
before they found
them in October of 2013 Adobe received
an alert that the hard drive for one of
its application servers was nearing
capacity further investigation
discovered that one or more unauthorized
Intruders had compromised a public
facing web server and used it to access
other servers on adobe's network
including areas where Adobe stored
consumer data okay okay exploiting a
public facing server that's difficult
right now Adobe being a leading software
company known for products like
Photoshop and Adobe Acrobat Reader the
thing I had to troubleshoot a stupid
amount of times to complete Dunces who
didn't know how to click the signin
button hey how about you smash right
there smash right there come on smash
smash yes they immediately announced a
massive security breach the breach
impacted 153 million Adobe accounts not
as much as Maria the data exposed in the
breach included user IDs encrypted
passwords names email addresses and of
course credit card info so how did it
happen well this is somewhat unclear
with the information available the
attackers reportedly gained access by
targeting a backup server which was due
to be decommissioned sure due to be
decom missioned huh that's company speak
for we'll replace it when it becomes a
problem good afternoon Bob I was
wondering if I could have $500,000 to
upgrade our call Center
Technology you
serious and the server only had
customers passwords and credit card
information encrypted but of course the
report said Adobe had used a single
block Cipher through the database
resulting in identical p passwords
having the same Cipher text in the
database which became a bigger issue
when the password hints not encrypted
were the literal password or obvious
enough to guess the password hints have
since been removed which is probably for
the best how do they gain access to the
server you might ask H Doby didn't say
of course but the most likely cause of
the breach was the vulnerability in the
cold fusion servers being deployed by
Adobe and hackers abusing that to
remotely control web servers running the
software a vulnerability ability by the
way that adobe knew about that
supposedly pushed an update but
conveniently these servers had not
gotten that update shocking or you know
it could have been a spear fishing
campaign equally as likely get a really
catchy subject line something like hey
I'm probably going to open that up with
roughly $1.1 million in attorney fees
and undisclosed sums of money to
affected users and having its stock
value unaffected this is sadly ranked as
just a fail on adobe's part and the sad
history of breaches but they did respond
relatively quickly to the breach with
roughly a couple months spanning in
between when hackers were first
confirmed to have access to when they
finally detected them in actioned on and
announced to the public about the breach
not an epic failure by any means but
still they a failure now we still don't
know who gondon did it but security
researchers are guessing that the
attackers were somewhere in Eastern
Europe or Russia based on the language
and location of some of the underground
forums where the stolen data was traded
I can smell the failure January 2010
inspectors visiting natan's uranium
enrichment plant in Iran noticed that
centrifuges using two enrich uranium gas
were failing and they were failing fast
replacing the centrifuges did not fix
the issue as there was something more
Sinister at play 5 months later some it
nerds finally found the culprit after
troubleshooting computers that had been
randomly crashing and rebooting they
discovered the world's first digital
weapon infamously known as stucks net a
worm specifically designed to disrupt
Iran's nuclear program now obviously the
impact here was to Iran's ska system but
by Nature a worm tries to infect
everything and anything around it so
that's what it did traces of this worm
can be seen globally but the only real
impact was to what the worm was intended
to do and hardcoded to actually attack
Seamans step seven software a
windows-based software used to program
industrial control systems that operate
specific equipment in Iran's case
specifically the operation of the
centrifuges now monetary loss is kind of
hard to gauge here since Iran didn't
release numbers as far as I could find
but if we lowball the estimate costs of
repairs about 1,000 replaced centrifuges
it's probably $50 million or more now
how did stuck net infiltrate Iran's
airgap systems originally it was thought
to have been delivered via a USB stick
that someone just tossed and hoped it
would get plugged in
but new information has surfaced January
of this year that stuck net was instead
loaded into a water pump near the
Iranian Nan's nuclear facility simple
yet effective and with reports stating
that this worm cost upwards of a billion
dollars to create this was one
sophisticated and expensive Cyber attack
to carry out this was no script Kitty
and no one's taking the WAP for this but
a lot of places are pointing fingers at
the US and Israel for doing it now if
the worm targeted more than plc's this
would have been a apocalyptic but
because the impact was relatively low
and contained within Iran's nuclear
facility got to drop it down a notch to
blighting which is fitting for a worm as
it did in fact spread quite like a
blight on April 4th 2011 the activist
group Anonymous launched a targeted
distributed denial of service attack on
Sony's Playstation network in
retaliation for Sony's legal actions
against hack known as geohot and graph
cholo Cho the attack by Anonymous
disrupted the PlayStation Network for 3
days before they suspended it realizing
that it was negatively impacting
consumers which is not who they were
targeting Sony experienced additional
issues on April 19th when the
PlayStation Network went down again
revealing a significant security breach
affecting 77 million users Sony said in
illegal and unauthorized person quote
unquote got access to people's names
addresses email addresses birth dates
usernames passwords logins security
questions and probably credit card info
now the company did say it saw no
evidence that credit cards were stolen
but it did add out of an abundance of
caution we are advising you that your
credit card number excluding security
code and expiration date may have been
obtained right sounds like you just
don't want to say that it was taken now
the exact methods and tools used by the
hackers is still unknown with no
specific Mal mentioned anywhere but
Sony's Chief Information officer CIO
this dude believed that the application
server was the weakest link with the Le
hacker able to exploit vulnerabilities
on it sounds complicated but from the
sounds of it the application server was
poorly secured and the database as well
as far as I can tell with reports
stating the hack was performed via very
simple single SQL injection methods by a
hacker group named L SEC o you hate to
see that but I'm not surprised packs are
rarely sophisticated it seems and sonyy
stated that the outage costs roughly 171
million peanuts to Sony really and while
we can see a small drop in their stock
price after the breach it has since
rebounded and rebuilt its reputation and
considering this was done from some
random hacker group who appeared to have
just been bored and Sony was just
coincidentally their target that they
used as their playground for fun and the
relatively low costes to the company and
total users impacted sad that 77 million
users is low but here we are this is our
life now I'd rank it as disastrous since
it was far more impact F in adobe's
breach in March 2017 personal
identifying data of hundreds of millions
of people were stolen from Equifax one
of the credit reporting agencies that
assessed the Financial Health of nearly
everyone in the United States and
shortly after on September 7th 2017
Equifax announced that someone had
breached the data of
approximately 143 million us consumers
the hackers did not access the data from
equifax's core Consumer Credit credit
reporting databases but from the
company's Us online dispute portal web
application I guess that's not as bad
then oh [ __ ] that's 40% of Americans oh
[ __ ] the data included names Social
Security numbers birth dates addresses
and driver's license numbers you know
everything that you would need to know
to open up a new credit line identity
theft is not a joke Jim millions of
families suffer every year nice I've
always said at this point if someone
wants that information on you and they
give a [ __ ] enough to look for it
they're going to find online somewhere
the attackers were active with equifax's
networks for 76 days without being
discovered bruh the breach was caused by
a severe security vulnerability and
apatchy struts that allowed the
attackers to exploit unpatched systems
and unsurprisingly enough they had a
patch released on March 7th and Equifax
was instructed to apply it following a
penetration test but the patch was never
implemented by the IT team come on what
the having worked in security for a
minute now I'm sensing a pattern and
patching policies getting told to update
not updating and this goes on endlessly
so some hacker discovered the unpatched
version of Apache strut software running
on a server in equifax's DMZ an internet
facing server and went to town using
what is considered to be beginner or
novice level hacking why did it take so
long to detect the exfiltration well
equifax's failure to renew a crucial
public key certificate meant that their
data exfiltration detection tools were
unable to inspect encrypted traffic
allowing the hackers to operate
undetected now Equifax has since agreed
to a settlement that will cost them
$1.38 billion and that's not including
the over $1 billion they've already
spent upgrading their security holy look
at all this damage which isn't really a
cost induced by the breach or created by
it really but something that they should
have spent before to secure their sh and
ultimately the US government blamed
Chinese military backed hackers and
charge them in 2020 you just can't make
this up these little bits of update
security policies get overlooked and all
of a sudden you have an apocalyptic
breach definitely one for the record
books for overall impact for such little
hacking knowledge needed in December of
2013 credit card numbers of almost 40
million customers were stolen from a
retail giant known as Target which led
into another announcement in January
2014 where Target announced that
personal identifiable information Pi
data in the form of names phone numbers
addresses email addresses of up to 70
million customers were stolen as well
how'd that happen well in early 2013
attackers conducted extensive
reconnaissance On Target and its vendors
uncovering details about Target's
technical infrastructure through a
Microsoft case study they exploited
vulnerabilities in third-party vendor
Fazio mechanical some HVAC company using
a fishing attack to install Citadel
malor and gain access to targets Network
on November 12th 20133 now the company
could have prevented this if they had
realtime detection but instead they were
using a free version of malware bites oh
my God the attacker is used an
administrative account to navigate to
Target's Network eventually finding an
exploiting a vulnerability in a Windows
domain controller to access the point of
sale systems by November 30th a custom
black point of sale malware was
installed on most point of sale systems
and funny enough this malware is
available for sale in the online black
market for roughly $2,000 just goes to
show you you don't need to know how to
write malware or hack like a pro just a
little money on the black market and
basic hacking can get you into pretty
much anywhere these days or at least
back then the saddest bit of all that
despite major alerts firing off in
Target's environment their intrusion
detection system and detection of
malicious behavior by their semantic
antivirus no action was taken by the
security team what the hackers even
managed to update the Mal a few times
which fired off even more alert and on
December 2nd hackers exfiltrated data to
servers in Eastern
Europe with another security tool called
fireye detecting the breach and
notifying staff in India who then
relayed the alerts to the staff in the
US who did nothing again the deed was
done with stolen credit card information
sold on the black market these people
were literally kicking back casually
breaking and messing around and copy
posting data overseas now this is an
interesting case because it involves a
third-party vendor breach and failure
combined with some major no shits given
to the alerts that triggered in targets
network with an estimated 200 million
and Target stock doing just fine it's
almost as if customers didn't care about
this breach they just kept on going with
their tar trips and sipping on their
Starbucks waps not a care in the world
now I'd say given the sophistication of
the attack all the Recon involved and
exploitation of technical
vulnerabilities paired with evading
their detection
systems sort of this was pretty
catastrophic if there was more data
available to the hackers I'm sure they
would have taken it luckily they were
limited to what Target had otherwise
we'd be looking at an apocalyptic breach
on May 12th 2017 a worm spread to more
than 200,000 computers in over 150
countries stuck net 2.0 nah this was
none other than the one a cry ransomware
affecting companies like FedEx Honda
Nissan and the UK's National Health
Service the NHS ambulances were having
to be rerouted absolute Pandemonium the
one a cry attack occurred in the span of
4 days but it left people with a lot of
work on their hands while infected
systems in over 150 countries resulted
in roughly $100,000 payout for the
attackers North Korea duh who else would
want to send out that kind of ransomware
worm that could take out country's
infrastructure this guy would now the
actual damages induced were reported in
the $4 billion range damn that's a lot
of wow subscriptions now this of course
spread across multiple countries and
agencies but still God Dam damn now how
did all this happen imagine a plague but
instead of humans it's Windows 7
machines scary times now W cry was
unique due to its wormlike nature
allowing it to self-replicate and spread
rapidly across networks from infected
computers but unlike typical ransomware
that infects devices via malicious sites
or links one cry used infected devices
to propagate itself it exploited an NSA
discovered vulnerability Eternal blue
thanks guys appreciate it and another
back door double Pulsar to infect
primarily Windows 7 devices the attack
began in April 2017 in Asia spreading
quickly through network devices and if
not for the quick thinking of this guy
Marcus hutkins a cyber security
researcher who is working in loose
collaboration with the UK's National
cyber security Center saying that I'm a
hero I mean I sort of just registered
this domain for tracking researched the
Mau and discovered a kill switch which
more or less just stopped the ransomware
entirely I'm screwing over over the rest
of the world that it had not yet had
time to reach at 22 he single-handedly
put a stop to the worst cyber attch the
world had ever seen what have you done
with your life you stop a national Cyber
attack yet that's what I thought get to
work anyways this went full blight on us
so naturally it's blighting for this
Cyber attack in June 2017 the world was
introduced to the most destructive Mal
ever deployed we had just we just got we
just got one a cry damn 2017 was a fun
year I had no clue I was in my second
year of my cyber security program
ignoring my assignments to play League
of Legends pter games now while Ukraine
was the primary target here not Peta
quickly spread to more than 60 countries
destroying the computer systems of
thousands of multinationals between one
a cry in this system admins and security
analysts at the time must have had their
hands full full of resignations [ __ ]
this [ __ ] I'm out cuz you know security
kind of is and always has been the last
thing on the sea su's mind first thing
being
money I wouldn't what a million dollars
even smells like now much like the one
cry attack it also used the
vulnerability exploit known as Eternal
blue do spread like crazy because people
didn't install the fix to the Eternal
blue patch when it was first available
that's what you get not Peta spread
through the network on its own
extracting admin credentials and
schedules of tasks to reboot the machine
as soon as a victim reboots their
machine not Peta overwrites the master
boot record with a malicious payload
that encrypts the full disc now it asks
for a ransom but it doesn't actually
have a decryption key because this was
not a financially driven attack it was
Russia but you move attempting to more
or less [ __ ] over Ukraine what you
thought the war in Ukraine was a new
thing nah there's always been beef a one
affected company was Global Transport
and Logistics Giant M where not Peta
destroyed all end user devices including
49,000 laptops because this was not a
traditional ransomware that would
actually release your files if you paid
the ransom it was designed to Brick
everything a wiper as they're called in
total with companies RIT bener mandes
International Nuance Communications
FedEx did you not learn your lesson the
first time with one cry honestly this
doesn't surprise me FedEx kind of sucks
as a reason this meme
exists $10 billion in estimated losses
later due to this malware I'm sorry but
God damn that's a step above one or cry
we' reached apocalyptic levels of damage
and all of this could have been avoided
if you just pushed the update to all
devices [ __ ] don't no don't do that test
the update then push it we'll see why
that's important in a minute here now I
know what you're thinking it can't
possibly get any worse than the ones
I've covered right it can and it it did
in 2013 and 2014 a major internet
service provider Yahoo faced two massive
data breaches that led to the theft of
sensitive information from billions of
its users three billion users all of its
users the largest breach in history the
compromised data included usernames
email addresses birth dates phone
numbers and encrypted passwords credit
cards too no luckily not but I wouldn't
put it past these regular users to reuse
their passwords I don't know in
something like their login for their
Bank nah n there's no way people do that
how was Yahoo affected you ask well it
paid around 150 million in settlement
and fees and reduced its sale price to
to Verizon by $350 million okay okay
that they should feel that right oh [ __ ]
it's sold for 4.8 billion my
disappointment is
immeasurable and my day is ruined leak
every bit of your users's data and still
get paid this is the world we live in
that is some grade a apocalypse right
there so at long last how does crowd
strike incident compare to all these and
rank on our wonderful tier list of of
infamy well on July 19th 2024 an
estimated
8.5 million Windows computers worldwide
crashed and were unable to reboot stuck
in a blue screen of death that regular
users had no hope of fixing all because
crowd strike released an update to a
file that the colonel communicates with
so after the update the colonel was like
yo file what's up and the file was was
like I got nothing literally it had
nothing it had null pointers so
combining that with other issues
involved in the update it bricked the
kernel more or less and you get the blue
screen now I will say it was an easy fix
but one that required system admins and
it professionals to more or less
manually fix and it's basically
impossible to estimate the amount of
people that were affected by this no
longer people in the company that were
affected but it's disruptions everywhere
disruptions included cancelled flights
Hospital surgeries and 911 system
outages Fortune 500 companies are
estimated at 5.4 billion in losses
excluding Microsoft share God damn it I
try indicating a significant operation
cost insured losses through cyber
insurance from 540 million to
1.08 billion covering only 10 to 20% of
the total impact to these for 500
companies Delta Airlines alone reported
$500 million in losses over the 5 days
of this outage and that's not including
what the people lost by not being able
to get on their flights That's not
including hotels their Reserve
Transportation none of that it's it's
it's it's huge it's massive just this is
unprecedented size that's what she said
and you know we don't have to estimate
this [ __ ] crowd strike lost its market
value by $25 billion as a result and it
still looks like it's going down so we
have millions of Windows computers blue
screening and we have billions of
dollars in losses now I ain't no math
wizard but them numbers are anomalous we
haven't seen this kind of [ __ ] in an
incident ever now now think about if
crowd strike had been breached and
someone was able to push out something
truly malicious to all of its wonderful
ful customers unimaginable this incident
was simply
stupid you treat me like you
do when you play your
Browse More Related Video
What is a Computer Security Incident Response Team (CSIRT)? | Noname Security
NOTICIA de ÚLTIMA HORA!
CompTIA Security+ SY0-701 Course - 2.4 Analyze Indicators of Malicious Activity. - PART B
Sony Attacked Anonymous And Immediately Regretted it
Enterprise Computing Preliminary Course Unit 3: Principals Of Cybersecurity
Real men test in production… The truth about the CrowdStrike disaster
5.0 / 5 (0 votes)