5 of the world’s BIG cyberattacks

Cyberattacks are a common occurrence in the modern world with 470 cyber incidents and over 500 million breached records in November 2023. Indeed, with modern technology paving the way for a new arsenal of cyberattacks, the world of cybercrime is lucrative for any criminal.

The best way to protect against cybercrime is to educate yourself about potential threats and stay informed about current attacks. Learning about what to look out for and how to recognise imminent threats will help you to keep one step ahead of cyberattacks.

In this article, we’re going to go over 5 of the worst cyberattacks from recent years, including details about the target, attack, and those behind the incidents.

UK Electoral Commission

The UK Electoral Commission is the body that oversees elections within the United Kingdom and stores huge amounts of population data. Its job is to ensure the whole electoral process is honest, fair, and transparent.

In October 2022, a cyber incident was identified after suspicious activity was found in its systems, which dated back to August 2021.

The attackers were able to access reference copies of the electoral registers, which meant anyone who registered to vote within the United Kingdom between 2014 and 2022. They weren’t able to access the details of anyone who registered anonymously but they essentially gained access to the largest record of people within the United Kingdom. The attack gave them access to the following:

• Names
• Email Addresses
• Home Addresses
• Telephone Numbers
• Personal Images Sent to the Commission

Fortunately, the attack didn’t affect the electoral process, nor did it present a high risk to individuals. However, the Electoral Commission did admit that the information could be used to profile individuals in combination with other data from the public domain.

According to the Commission, they have no clue as to who is responsible for the attack and are working with the National Cyber Security Centre to try and investigate.

23andMe

23andMe is a DNA testing company, whose data was allegedly stolen in October 2023 and subsequently offered for sale on a cybercrime forum.

Described as “20 million pieces of data”, the post on the forum claimed to have the “most valuable data you’ll ever see”. 23andMe denied there was any breach within the organisation, stating that the attacker may have ‘compiled login credentials leaked from other platforms and then recycled these credentials’.

While the details of the attack remain murky (since the listing was pulled down and the seller didn’t respond to any requests for more information), this is still a massive breach that could let anyone with the information know about not only a person’s details but also their DNA data.

Twitter

Social media giant Twitter (now known as ‘X’) had an alleged massive data breach in 2021 of over 235 million accounts. The accounts were published on an underground marketplace and set the stage for anonymous handles to be linked to real-world identities.

This breach allowed any Twitter user with an email address to find out the email address or phone number of any other Twitter user; a vulnerability that was found and fixed in January 2022.

Furthermore, according to Ireland’s Data Protection Commission, GDPR record may also have been violated. This lapse in cybersecurity of user data is something which the US Federal Trade Commission has also been leading an inquiry into.

Save The Children

International charity Save The Children was hit by a ransomware attack in 2023, which stole financial, medical, and health data.

In an attack claimed by the notorious ransomware gang BianLian, which famously targets healthcare and critical infrastructure organisations, 6.8TB of data was stolen from the charity. This includes large amounts of business and personal data, such as 800GB of financial records, as well as internal messages, HR files and even medical and health data.

With this, there was no operational disruption to Save the Children and the organisation worked to improve its cybersecurity systems after the attack.

DarkBeam

Cybersecurity firm DarkBeam had more than 3.8 billion records leaked after leaving an interface exposed with the records freely available and unprotected. Unsurprisingly, its reputation took a massive hit following the breach.

The stolen data allegedly comprised ‘login pairs’ – when a username and password are linked together in a record but are otherwise unidentifiable – and was stolen from a database of other breached credentials that were being collated to inform users of a data breach.

Allegedly, the breach may be a result of a researcher using external tools to complete their project and save time, without regard for the protection of data or information.

This attack was simply a consequence of human error. After all, leaving such a sensitive set of data completely accessible to the public is a major oversight. Although, DarkBeam refused to admit liability, the breach demonstrates irresponsible practices at the company.

Final Thoughts

Cyberattacks are incredibly common in the modern world. With so many cybercriminals out to take advantage of vulnerabilities or even launch their own attacks, it’s more important than ever to be aware of the threats that your organisation could come up against in the future.

These are just the largest of the attacks and have led to a massive amount of personal data falling into the hands of criminals and those on the underground. That’s why it’s the responsibility of any organisation to maintain high standards of cybersecurity – to keep personnel and customer data secure.

If you’d like to discuss your businesses data security, contact our team of experts and ensure a safe and hassle free 2024.