The largest cyberattacks in Russia and the world over the past four years & nbsp. Most common cyberattacks Largest cyberattacks

Hackers have paralyzed dozens of British hospitals, the Spanish Telefonica corporation, and a German transport company. The Russian Megafon had problems, as well as the Ministry of Internal Affairs.

Tens of thousands of computers stopped working almost instantly. This is a very serious signal. We all face computer viruses. We have virus protection. But still, problems arise from time to time. But a personal computer is one thing. Correspondence or some cats will be lost. Unpleasant, but not a tragedy. Another thing, for example, hospitals, as it is now in England. Here lives are at risk.

And industrial enterprises, energy, chemistry. Here, the consequences of cyberattacks can be disastrous. The Russian laboratory of Kaspersky last year detected malware on 27% of industrial systems in the world - an almost total infection.

Power outages as a result of hacker attacks are already commonplace. Every year in different countries such events are recorded. And the paradox - the more perfect the energy system, the greater the risk. The most modern electrical substations do not even have circuit breakers anymore. Everything is controlled by computers. In the event of an accident, it is no longer possible to come and turn on the switch by hand. Modern civilization has proven to be extremely vulnerable.

One more circumstance is especially disturbing. The viruses that attacked the world on Friday were created by the US National Security Agency. This, in particular, says the ex-employee of this agency Edward Snowden, who is now hiding in Russia. And here's the question. Is the NSA thus demonstrating its capabilities, its strength? Shows what can destroy any computer systems? Shows it with the help of some leftist hackers. Or is it really a malware leak? This means the negligence, criminal negligence of the employees of the most important US special services. Worse still. And if bacteriological weapons, nuclear weapons are leaked?

An English patient tells how a program suffered from a virus that blocked all computers in the hospital where he is being treated. It is necessary to cut without waiting for complications, but the surgeon did not dare.

“He said all computers were frozen. There is no guarantee that the operation will be safe and complete. Postponed for a while, ”says Jonathan.

The ultimatum was seen on the screen by the staff of the London hospital, and another hundred thousand users. Red threat level. Hackers don't bargain, they dictate the rules.

What's wrong with my computer?

Your information is encrypted. Documents, photos, videos, databases. You can't decipher it without our code.

How can I recover my data?

We guarantee everything will be all right. You can decipher some of the information right now. You will have to pay for the rest. 300 dollars. In a week, the amount will double. After another week, we will destroy the files. The countdown is already underway.

The hackers deliberately set the ransom amount not gigantic, in the expectation that it would be easier for many of the hundred thousand victims to pay than to fight for files dear to their hearts. Payment only in bitcoins - a cryptocurrency, the movement of which is impossible to track.

In less than a day, the virus spread across the planet. Epidemic! Almost a hundred countries - all of Europe, America, China, India. So far, only Australia has not been touched. And Africa is somehow holding on, but there are fewer computers. Russia has suffered the most.

The short-term defeat of their networks was confirmed by the Ministry of Internal Affairs, then Russian Railways, then Megafon, Yota. Other cellular operators were also attacked, but they survived. The Ministry of Health and the Ministry of Emergency Situations survived.

“There is a presidential decree on the creation of the Russian segment of the network, this is a closed Internet around government officials. The defense industry has been behind this shield for a long time. Simple computers of employees were damaged. It is unlikely that it was the access to the databases that suffered - they are also on other operating systems and are, as a rule, with providers, ”explains German Klimenko, Advisor to the President of Russia on Internet Development.

The virus has tested the strength of the top Russian banks. It seems that the hackers specifically attacked government agencies and big business. Petty extortion, more like cyber terrorism.

The title is a play on words. "WannaСry" - "I want to decipher" and at the same time "I want to cry". This virus has already been at the center of a spy scandal. "WikiLeaks" is sure: it was with his help that the American intelligence services followed users around the world, those who have forgotten, Edward Snowden recalled.

"Wow! The NSA's decision to create attack tools against American software now threatens the lives of patients in hospitals! " - tweeted Edward Snowden.

He, like Snowden, also worked for the US National Security Agency. He also believes that the NSA has not done without it. The hackers themselves launched the virus on the network or by order of the special services: see how it works? Who can say for sure?

“This is a computer war sponsored and supported by the United States of America. And we will see such attacks more than once, ”said Wayne Madson, a former NSA employee.

The virus that has made so much noise does not break into the computer software, does not look for weak points in protection. The developers, accidentally or intentionally, left an unlocked door on Windows XP. Back in March, after a spy scandal erupted, Microsoft released a program that closed the gap. You just had to download it. Those who did not do this are now in a situation: hackers have changed the locks, and they demand money for the keys.

"This is the first case of massive use of military viruses by the CIA or the NSA," said Igor Ashmanov.

Only this is its uniqueness, says Igor Ashmanov, one of the main Russian IT consultants. The virus is uncomplicated, not new. It was made publicly available just as proof: the American special services are watching everyone. The source code was used by cybercriminals.

“He was sterilized, in the sense that some places were removed from him in order to make him harmless, sterilized. But the hackers just revived him, added living water, he became combat again. And they launched it, perhaps just to check, ”Igor Ashmanov believes.

It turns out that any virus created by the special services can fall into the hands of hackers. And it's not always a relatively harmless screen locker.

At one time, the United States and Israel developed a virus that significantly slowed down the Iranian nuclear program. He simply disabled the uranium enrichment centrifuges.

And during Operation Desert Storm, the Iraqi Air Force radars were blocked by a computer program written by French programmers. What will happen if terrorists have such cyber weapons? Considering that computers now control everything from nuclear power plants to planes and trains.

Yesterday, the virus paralyzed the work of Germany's largest rail carrier, Deutsche Bahn. The Spanish cellular company Telefonica also barely coped with the virus attack.

“I don't think there is a motive for world domination here. This is an elementary extortion, blackmail in order to get money. If hackers had to fight for world domination, there would be some political demands or motives, ”says Natalya Kasperskaya, President of the Infowatch group of companies.

“The first source of distribution is the discovery of malicious emails, that is, e-mail messages,” explains Nikolai Grebennikov, vice president of engineering at Acronis.

Human factor. Some of the employees flinched nevertheless - opened the letter with a tempting headline. The damage from such gullibles is $ 80 billion a year.

“Of course, cybercriminals focus their efforts and financial resources on creating such means of attack that will allow them to get some benefit. By restricting access to IT resources, or to some services. The only such good method of protection is comprehensive protection, ”says Nikolay Grebennikov, vice president of engineering at Acronis.

Two simple points. Teach staff about hygiene on the Internet, that is, update antiviruses, do not open suspicious letters, do not visit porn sites, and be sure to back up all important data.

This alone is now saving English hospitals from complete collapse. The histories of diseases and medical records of patients, somehow, in the old fashioned way, were still kept.

Over the past couple of years, from robberies of virtual banks to half-open attacks from nation states, IT security has come under threat. In this installment, I'll tell you what a cyberattack is and what lessons can be learned from recent web attacks.

Definition of a cyberattack

What is a cyberattack? It is an attack from one or more computers to another computer or network. Cyberattacks can be divided into two main types: attacks in which the goal is to shutdown the target computer or disable it offline, or attacks in which the goal is to gain access to the data of the target computer and possibly gain from them administrator privileges.

Types of cyberattacks

To achieve these goals, attackers use a variety of different technical methods. New methods are always proliferating and some of these categories overlap. You may have already heard these terms.

Malicious software

Malware is short for malware. Malware is any software, no matter how structured or how it works, that is designed to damage a single computer, server, or computer network.

According to Microsoft, worms, viruses and Trojans are varieties of malware that differ from each other in how they multiply and spread. These attacks can cause the computer or network to become inoperable, or provide root access to an attacker so that they can remotely control the system.

Phishing

Phishing is a method by which cybercriminals create emails in order to deceive a target and commit some malicious action.

The recipient may be tricked into, for example, downloading malware that disguises itself as an important document, or they may be asked to click on a link that takes them to a fake website, where they will be asked for confidential information such as usernames and passwords in banks.

Many phishing emails are relatively crude and are sent via email to thousands of potential victims. However, there are also more professional letters, opening which you don't even think about a setup.

DDoS attacks

Denial of service attacks are brute force attacks that try to interfere with some online services. For example, attackers can send so much traffic to a website or so many database queries that it interferes with the ability of these systems to function, making them inaccessible to anyone. The essence of a DDoS attack is that someone is using an army of computers from all over the world that have already come under the influence of malware or a viral document.

Man-in-the-middle attacks

A method by which attackers manage to secretly sneak between a user and the web service they are trying to access. For example, an attacker could set up a Wi-Fi network with a login screen designed to simulate a hotel chain; Once a user is logged in, an attacker can collect any information that the user sends, including bank passwords.

Cryptojacking

A specialized attack that forces someone else's computer to do the job of generating cryptocurrency for you (a process called mining in cryptoling). Attackers either install malware on the victim's computer to perform the necessary calculations, or sometimes run JavaScript code that runs in the victim's browser.

SQL injection

A means by which an attacker can exploit a vulnerability to gain control of a victim's database. Many databases are designed to execute commands written in structured query language (SQL), and many websites that receive information from users send this data to SQL databases. For example, in a SQL injection attack, the hacker writes some SQL commands to a web form requesting name and address information; if the website and database are not programmed correctly, the database might try to execute these commands.

Recent cyberattacks

It is possible to talk about which cyberattacks were the worst only from a subjective point of view. The attacks on our list are mentioned because they received the most attention from the public.

Without further ado, here are the largest cyberattacks in recent history:

WannaCry

WannaCry was a ransomware attack that spread rapidly in May 2017. Like all ransomware, she hijacked infected computers and encrypted the contents of her hard drives, then demanded payment in bitcoins to decrypt them. Malicious software has taken root in computers operated by the UK's National Health Service.

Malware is nothing new. What makes WannaCry significant and intimidating are the means it used to spread: it exploited a vulnerability in Microsoft Windows using code that was secretly developed by the US National Security Agency. Dubbed EternalBlue, the exploit was stolen and leaked by a hacker group called Shadow Brokers. Microsoft has already patched the vulnerability some time ago, but many systems have not been updated. Microsoft was furious that the US government created a weapon to exploit the vulnerability rather than share information about the hole with the infosection community.

NotPetya

Petya was another ransomware when it started spreading via phishing spam in 2016; its main claim to fame was that it encrypted the master boot record of infected machines, making it difficult for users to access their files.

Then, all of a sudden, in June 2017, a much more dangerous version of malware began to spread. This software is different from the original, and became known as NotPetya. The phishing was originally spread through compromised Ukrainian accounting software and spread through the same EternalBlue exploit that WannaCry used. NotPetya is widely believed to be a cyber attack by Russia against Ukraine. Russia categorically denies this. And perhaps the era of cyberspace warfare is opening.

Ethereum

Although this one may not have been as loud as some of the others on this list. It deserves special attention due to the huge amount of money. Ether is a bitcoin-style cryptocurrency, and $ 7.4 million in Ether was stolen from the Ethereum app platform in a matter of minutes in July. Then, a few weeks later, there was a $ 32 million robbery. The entire incident raised questions about the security of blockchain-based currencies.

Ekifax

A major credit rating agency announced in July 2017 that “criminals have exploited an application vulnerability on a US website to gain access to certain files,” gaining personal information for nearly 150 million people. The ensuing repercussions made people even more angry, especially when the Equifax site, where people could see if their information had been compromised, seemed primarily intended to sell Equifax services.

Ed Shofer, CEO of SenecaGlobal, says the Equifax violation is especially dangerous “because they've been told about the fix — it needed to be implemented in a tool called Apache Struts they use — long before the violation even happened. Yet they did not manage to do it in full in a timely manner. To prevent such violations, it is necessary to change culture and resources; this was not a technical issue as a technical fix was already known. Equifax certainly had the resources, but it clearly didn't have the right culture to ensure that the right processes were in place and followed. "

Yahoo

This massive hack of Yahoo's email system is commendable because it did happen back in 2013 - but the severity of it, with all of Yahoo's 3 billion email addresses affected, didn't become clear until October 2017. The stolen information included passwords and backup email addresses. The data has been encrypted using legacy, easy-to-break methods that attackers can use to compromise other accounts. In addition to affecting account holders, a breach could lead to reconsideration of the deal in which Verizon bought Yahoo, even if that deal had already been closed.

Github

On February 28, 2018, version control hosting service GitHub was hit by a massive denial-of-service attack, with 1.35 TB per second of traffic visiting a popular site. Despite the fact that GitHub was intermittently interrupted offline and was able to completely repel the attack in less than 20 minutes, the scale of the attack was worrying; at the end of 2016, he outpaced a massive attack on Dyn, which peaked at 1.2 TB per second.

While the Dyn attack was a product of the Mirai botnet, which required malware to infect thousands of IoT devices, the GitHub attack used servers running the Memcached memory caching system, which can return very large chunks of data in response to simple requests.

Memcached is intended to be used only on secure servers running on internal networks, and generally has little protection against intruders from tampering with and sending massive amounts of data to unsuspecting victims. Unfortunately, there are thousands of Memcached servers on the open Internet and their use in DDoS attacks has increased significantly. It is hardly fair to say that the servers are "hijacked", since they will happily send packets wherever they are told without asking questions.

Just days after the GitHub attack, another Memecached-based DDoS attack hit an unnamed US service provider with 1.7 TB of data per second.

Cyberattack statistics

If you want to understand what's going on in the dark world of cybercrime, it's best to dive into the numbers that seem to only be on the rise. The number of unique “cyber incidents” in the second quarter of 2018, as determined by Positive Technologies, was 47 percent higher than in the entire previous year. And these attacks are becoming more targeted: 54 percent are targeted, not part of a massive campaign.

Willie Sutton is known to have said that he robbed banks because there is money. So it might come as no surprise that Positive reported a big spike in attacks on cryptocurrency platforms given the increasingly lucrative nature of the technology. Overall, cybercrime brought criminals about $ 1.5 trillion in 2018. Individual cybercriminals can expect to receive about 10-15 percent more than their offline counterparts. About 10 percent of all laundered crime proceeds come from cybercrime proceeds.

If you are worried about the security of your phone, you should be concerned - mobile attacks are on the rise. In the third quarter of 2018, the number of malicious mobile installation packages at Kaspersky Lab increased by almost a third compared to the previous several months. But there is an easy way to avoid these attacks, as Norton says 99.9 percent of these packages come from unofficial "third-party" app stores.

Preventing cyberattacks

Looking for tips on how to avoid falling victim to cyberattacks like these?

Even if you do not currently have the resources to bring in a third-party expert to test your computer systems and make security recommendations, you can take simple and cost-effective steps to reduce your risk of being the victim of a costly cyberattack:

• Train employees on the principles of cybersecurity.
• Install, use, and regularly update anti-virus and anti-spyware software on every computer that your company uses.
• Use a firewall to connect to the Internet.
• Install software updates regularly.
• Back up important data regularly.
• Control physical access to your computers and network components.
• Protect your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure and hidden.
• Individual accounts are required for each employee.
• Limit employee access to data and information and restrict software installation permissions.
• Change passwords regularly.

New messages about cyberattacks recorded in different countries appear in the media almost every day. There are cases that people will remember for a long time.

"Titanium rain"

For almost four years in a row, unknown hackers managed to carry out an illegal operation called "Titanium Rain". From 2003 to 2007, cybercriminals hacked into the networks of the security, energy and defense departments of various states. Separately on this list is the British Foreign Office, which has also been attacked by Internet criminals.

During this period, the hackers downloaded several terabytes of classified information, but remained unnoticed. It was believed that illegal activities were carried out by the military from China, living in Guangdong province. Beijing officials denied the speculation, noting that the criminals had simply "disguised" their computers with false addresses.

The main feature of the Shady RAT operation is that it continues to this day. As in the first case, the PRC is considered the source of the threat, but experts cannot yet argue their accusations.

Back in 2011, antivirus software company McAfee recorded a number of hacks related to the same features. As it turned out, it was a large-scale hacker campaign that had been going on since 2006.

Attackers send emails to employees of large organizations, infecting their PCs with Trojan-type viruses. The UN Olympic Committee, the Association of Southeast Asian Nations, as well as an incredible number of commercial firms from Japan, Switzerland, Great Britain, Indonesia, Denmark, Singapore, Hong Kong, Germany and India have already become victims of hacks. In addition, computers from the governments of the United States, Taiwan, South Korea, Vietnam and Canada were attacked.

Revenge for the monument

In 2007, after the Estonian authorities decided to demolish a Soviet monument in the center of Tallinn, the country was subjected to massive cyber attacks. Due to malfunctions, several banks and mobile operators did not work for a long time. At the same time, citizens could not use ATMs or Internet banking. Visiting government and news sources was also impossible.

In the light of recent events, state officials immediately blamed Russia for the attack. Moscow rejected the claims, stressing that the Kremlin does not do such things.

Conflict in South Ossetia

In August 2008, an armed conflict broke out between Georgia and the self-proclaimed republics of South Ossetia and Abkhazia. Since then, Tbilisi began to be subjected to online attacks, of which the Russian Federation was immediately accused. Moscow officially supported the opposite side, so the attacks of its hackers on Georgian resources looked quite logical. Prime Minister Dmitry Medvedev did not confirm this information and said that the state had nothing to do with cyber attacks.

Law enforcement agencies in Tbilisi still managed to establish the identity of the criminals, who turned out to be members of the Russian Business Network. According to foreign experts, the members of the association deliberately blocked the websites of Mikhail Saakashvili, the Ministry of Foreign Affairs and the Ministry of Defense of Georgia.

Stuxnet and Iran's nuclear program

In June 2010, experts discovered a worm called Stuxnet. It uses Windows vulnerabilities to hack Siemens industrial systems. Similar software is installed in nuclear power plants and other enterprises associated with the segment.

The largest number of infected computers was seen in Iran, where 16,000 machines were attacked. It is believed that the software was developed by Israel in order to interfere with the development of nuclear weapons by Tehran. In 2011, The New York Times confirmed the allegations, citing its own research.

Olympics and WADA

No less interesting were the hacks from the hacker organization Fancy Bears, outraged by the actions of the World Anti-Doping Agency (WADA). In most cases, we are talking about documents incriminating the department of supporting foreign athletes and prejudice against participants in the Olympic Games from Russia.

The last time Internet criminals made their name, they posted snippets of correspondence between two WADA members online. According to these materials, several members of the US national team used cocaine to lose weight before the competition. At the same time, the agency knew about what was happening, but did not react in any way to the actions of the athletes.

Hillary Clinton and WikiLeaks

During the election race in the United States, one of the participants in which was Hillary Clinton, another anonymous organization gained popularity on the Internet and in the media. Its members posted on the Web fragments of the correspondence of a candidate who, while in the post of secretary of state, used a personal mail server, not government lines.

Most of the documents ended up on the WikiLeaks portal, which accused Clinton of many violations. After that, a real scandal erupted around the official related to her activities. Later, information appeared on the World Wide Web that the wife of the ex-president of the country periodically practices same-sex love with her assistant.

The world's first cyberattack happened thirty years ago - in the fall of 1988. For the United States of America, where thousands of computers were infected by the virus within several days, the new attack came as a complete surprise. It has become much more difficult to catch computer security specialists by surprise, but cybercriminals around the world still succeed. After all, whatever one may say, the largest cyberattacks are committed by programming geniuses. The only pity is that they direct their knowledge and skills to the wrong place.

Largest cyberattacks

Ransomware viruses attacking computers around the world are regularly reported on news feeds. And the further, the larger the scale of cyberattacks. Here are just ten of them: the most resonant and most significant for the history of this type of crime.

Morris worm, 1988

Today the diskette containing the source code for the Morris worm is a museum piece. You can look at it in the Science Museum of American Boston. Its former owner was graduate student Robert Tappan Morris, who created one of the earliest Internet worms and powered it at the Massachusetts Institute of Technology on November 2, 1988. As a result, 6,000 Internet sites were paralyzed in the United States, and the total damage from this amounted to $ 96.5 million.
The best computer security specialists were hired to fight the worm. However, they also failed to identify the creator of the virus. Morris himself surrendered to the police - at the insistence of his father, who was also involved in the computer industry.

Chernobyl, 1998

This computer virus has a couple of other names as well. It is also known as "Snee" or CIH. The virus is of Taiwanese origin. In June 1998, it was developed by a local student who programmed the start of a massive virus attack on personal computers around the world on April 26, 1999 - the day of the next anniversary of the Chernobyl accident. The pre-planted "bomb" went off exactly on time, hitting half a million computers on the planet. At the same time, the malicious program managed to accomplish the previously impossible - to disable the hardware of computers by hitting the Flash BIOS chip.

Melissa, 1999

Melissa was the first malicious code sent by email. In March 1999, he paralyzed the servers of large companies around the world. This happened due to the fact that the virus generated more and more infected messages, creating a powerful load on the mail servers. At the same time, their work either slowed down very much, or stopped completely. The damage from the Melissa virus to users and companies was estimated at $ 80 million. In addition, he became the "ancestor" of a new type of viruses.

Mafiaboy, 2000

It was one of the very first DDoS attacks in the world, launched by a 16-year-old Canadian schoolboy. Several world famous sites (from Amazon to Yahoo) came under attack in February 2000, in which the hacker Mafiaboy was able to find a vulnerability. As a result, the work of the resources was disrupted for almost a whole week. The damage from the full-scale attack turned out to be very serious, it is estimated at $ 1.2 billion.

Titanium rain, 2003

This was the name of a series of powerful cyberattacks that hit several defense industry companies and a number of other US government agencies in 2003. The goal of the hackers was to gain access to classified information. Sean Carpenter, a computer security specialist, managed to track down the authors of the attacks (it turned out that they were from Guangdong province in China). He did a tremendous job, but instead of winning laurels, he ended up in trouble. The FBI considered Sean's methods inappropriate, because in the course of his investigation he made "illegal hacking of computers abroad."

Cabir, 2004

Viruses reached mobile phones in 2004. Then a program appeared that made itself felt by the inscription "Cabire", which was displayed on the screen of the mobile device every time it was turned on. At the same time, the virus, through Bluetooth technology, tried to infect other mobile phones. And this greatly influenced the charge of the devices, it lasted at best for a couple of hours.

Cyberattack on Estonia, 2007

What happened in April 2007 can easily be called the first cyberwar. Then, in Estonia, government and financial sites went offline at once for a company with medical resources and operating online services. The blow turned out to be quite tangible, because by that time Estonia already had an e-government, and bank payments were almost entirely online. The cyberattack paralyzed the entire state. Moreover, this happened against the background of mass protests that took place in the country against the transfer of the monument to Soviet soldiers of World War II.

Zeus, 2007

The Trojan horse started spreading on social networks in 2007. The first to suffer were Facebook users, who received letters with photos attached to them. An attempt to open a photo turned into the fact that the user got to the pages of sites infected with the ZeuS virus. At the same time, the malicious program immediately penetrated the computer system, found the personal data of the owner of the PC and promptly withdrew funds from the person's accounts in European banks. The virus attack affected German, Italian and Spanish users. The total damage was 42 billion dollars.

Gauss, 2012

This virus - a banking Trojan that steals financial information from compromised PCs - was created by American and Israeli hackers working in tandem. In 2012, when Gauss hit banks in Libya, Israel and Palestine, he was classified as a cyber weapon. The main task of the cyberattack, as it turned out later, was to check information about the possible secret support of the Lebanese banks for terrorists.

WannaCry, 2017

300 thousand computers and 150 countries of the world - these are the statistics on the victims of this ransomware virus. In 2017, in different parts of the world, he penetrated into personal computers with the Windows operating system (taking advantage of the fact that they did not have a number of necessary updates at that time), blocked the owners' access to the contents of the hard drive, but promised to return it for a payment of $ 300. Those who refused to pay the ransom were stripped of all the captured information. The damage from WannaCry is estimated at $ 1 billion. Its authorship is still unknown, it is believed that the developers from the DPRK had a hand in the creation of the virus.

Forensic scientists around the world say: criminals are going online, and banks are being robbed not in the course of raids, but with the help of malicious viruses embedded in the system. And this is a signal for every user: to be more careful with your personal information on the network, to more reliably protect the data on your financial accounts, not to neglect the regular password change.

Virus: Titan rain

Year of creation / discovery: 2003

Main target: US government agencies

China / Titan Rain

Target: espionage

In 2003, US government agencies, as well as several US defense companies, were subjected to a series of coordinated cyberattacks aimed at gaining access to classified information. Computer security specialist Sean Carpenter of Sandia National Laboratories identified hackers from the Chinese province of Guangdong as the source of the threat, but at the same time he himself became a defendant in the FBI investigation, since in order to track malicious activity, he was engaged in illegal hacking of computers abroad.

Bronze night

Virus: DDoS attack

Year of creation / discovery: 2007

Main target: Estonian government agencies

Attack country of origin / hacker group: Russia

Target: political

In April-May 2007, against the backdrop of riots caused by the dismantling of the Bronze Soldier in the center of Tallinn, the websites of government agencies, media, political parties, private companies and banks in Estonia periodically fell as a result of powerful DDoS attacks. Estonia blamed the attack on hackers supported by the official Russian authorities. In 2009, a State Duma deputy, a member of the Russian delegation to PACE, Sergei Markov, said during a video conference that the DDoS attack was "accidentally" organized by one of his assistants.

Dalai Lama under the hood

Virus: Ghostnet

Year of creation / discovery: 2009

Main target: India, UN, Dalai Lama

Attack country of origin / hacker group: China

Target: political

In 2009, researchers from Toronto identified a cyber-espionage network that penetrated through Trojans contained in e-mail messages into 1,295 computers in at least 103 countries around the world. Among the victims were embassies, the media, NGOs, as well as organizations associated with the exiled Dalai Lama in India, who, apparently, was the main or original target of the botnet. As one of the addresses from which the mailing was carried out, the attackers used [email protected], and more than 70% of the network's C&C servers were located in China.

Attack on Iranian nuclear facilities

Virus: Stuxnet

Year of creation / discovery: 2010

Main target: organizations related to Iran's nuclear program

Attack country of origin / hacker group: USA, Israel

Target: sabotage

Stuxnet is considered one of the most advanced computer malware, capable of damaging not only computer infrastructure, but also real physical objects, a kind of first true cyber weapon. According to various estimates, the worm, spread using USB media, was able to disable from 980 to 2 thousand uranium enrichment centrifuges at the Iranian nuclear center Natanz, gaining control over industrial automatic control systems. According to media reports, the development cost of Stuxnet was $ 100 million.

Mail worm

Virus: Duqu

Year of creation / discovery: 2011

Main target: TNCs in Europe and the Middle East

Attack country of origin / hacker group: USA, Israel

Target: industrial espionage

The Duqu worm, similar in software to Stuxnet, spread via e-mail, exploiting vulnerabilities in the Windows operating system. According to expert estimates, both Duqu (the name is given from the first letters of the name of the DQ files where the stolen information was stored) and Stuxnet were developed by the same team (probably employees of the US National Security Agency and Israeli 8200 unit) as part of the same cyber war operation, in which Duqu performed espionage tasks, and Stuxnet - "shock".

Cyber ​​sword against the Saudis

Virus: Shamoon

Year of creation / discovery: 2012

Main target: Saudi Aramco (Saudi Arabia)

Attack country of origin / hacker group: Iran / Cutting Sword of Justice

Target: sabotage / political

In 2012, more than 35,000 computers on the internal network of Saudi Aramco, the world's largest oil company, were infected with the Shamoon virus. The IT infrastructure of the company suffered significant damage, but the virus, according to official data, did not affect production activities. The attack was claimed by a hacker group called Cutting Sword of Justice, which was allegedly behind Iran, motivating its action by "repressive actions" of Saudi Arabia in the Middle East.

Lebanese banks attack

Virus: Gauss

Year of creation / discovery: 2012

Main target: banks of Lebanon

Attack country of origin / hacker group: USA, Israel

Target: espionage

In 2012, Kaspersky Lab announced the detection of a virus called Gauss, classified as a cyber weapon, but at the same time operating on the principle of a banking Trojan that steals financial information from infected computers, including entered passwords. The main blow fell on the largest Lebanese banks - Bank of Beirut, Blom Bank, Byblos Bank and Credit Libanais, cases of infection were also recorded in Israel and the Palestinian territories. According to media reports, the purpose of the attack was to collect information regarding the links of Lebanese banks with terrorists.

Flame against atom

Virus: Flame

Year of creation / discovery: 2012

Main target: Near East

Attack country of origin / hacker group: USA, Israel

Target: espionage

In 2012, Kaspersky Lab uncovered the most technically advanced spyware virus ever (20 MB in volume), also known as SKyWIper and Flamer. For comparison: the size of the so far most efficient cyber-virus Stuxnet from the point of view of the achieved result was only 500 KB. According to expert estimates, Flame, like Stuxnet, was directed against Iran's nuclear program, where most of the infected computers were found.

October strides the planet

Virus: Red october

Year of creation / discovery: 2013

Main target: government agencies around the world

Attack country of origin / hacker group: Russia

Target: espionage

In 2013, Kaspersky Lab reported a virus called Red October, the collective name for a series of cyberattacks around the world against government agencies, research institutions, energy, aerospace and defense companies. The virus mainly exploited vulnerabilities in Microsoft Office products to collect classified information. Judging by the peculiarities of the program code, the malicious modules were created by Russian-speaking specialists based on Chinese developments.

Tailed virus

Virus: Uroboros

Year of creation / discovery: 2014

Main target: western defense companies

Attack country of origin / hacker group: Russia / Turla

Target: industrial espionage

In 2014, German antivirus company G Data published a report on a malicious program called Uroboros (based on the code element Ur0bUr () sGotyOu #) - named after a mythical snake biting its own tail. The virus stole files from infected computers and intercepted network traffic. The attack targeted mainly Western companies in the military-industrial complex. According to G Data, the creators of Uroboros are likely connected with the Russian intelligence services and are behind the 2008 attack on the US Department of Defense using the Agent.BTZ worm.

Virus on the network

Virus: Regin

Year of creation / discovery: 2014

Main target: state institutions of European countries

Attack country of origin / hacker group: USA, UK

Target: espionage

In 2014, Kaspersky Lab and Symantec released information on the Regin cyber-espionage platform, which featured the ability to penetrate GSM networks. Most of the infected computers were found in Russia, Saudi Arabia, Ireland and Mexico, in one of the unnamed Middle Eastern countries, Regin managed to organize a P2P network, including the presidential administration, a research center, a university and a bank, and the virus was also found on a USB drive in the office of the German Chancellor. Angela Merkel.