1. Stuxnet (2010)
When news of Stuxnet first broke in the summer of 2010, it was unlike anything most in the cybersecurity community had ever seen. Believed to be developed by American and Israeli intelligence agencies, the worm and its associated payloads displayed an unprecedented level of sophistication and precision. By exploiting as many as four previously unknown (or “zero-day”) vulnerabilities, Stuxnet was able to compromise systems and hunt for its target: industrial control systems like the ones used to control Iranian centrifuges.
Beyond its level of technical prowess, Stuxnet is notable for being the first widely-known example of malware being deployed as a geopolitical weapon. Where previous cyberattacks had been carried out by relatively unsophisticated entities for financial gain, Stuxnet marked the beginning of an era marked by large nation-state and organized crime actors with unique motivations.
2. The Epic Mat Honan Attack (2012)
Wired reporter Mat Honan had his entire digital life turned upside down in little over an hour in 2012 thanks to a potent mix of factors, from linked accounts to poor security practices by Apple and Amazon’s customer support teams. The Mat Honan highlighted the many weaknesses of security measures we’d all been using, from passwords to security questions. Honan’s story paints a chilling and very real picture of what happens when our modern dependence on technology is flipped on its head. The attacks also highlighted the importance of a robust backup strategy–hackers were able to destroy every picture the writer had of his 18-month old daughter–and Multi-factor Authentication, which could have prevented the account takeovers.
3. The Target Data Breach (2013)
Target wasn’t the first large company to suffer a data breach, but the size, economic impact, and wide-spread media coverage set this December 2013 incident apart. Initiating at an outside HVAC vendor, the attackers behind the Target breach were able to spread into the retail giant’s payment terminals thanks to a lack of network segmentation and access control.
The massive black eye on the bulls-eye, eventually costing the retailer over $200 million, was a wake up call for other enterprises that poor security could have massive ramifications. With over 40 million compromised debit/credit cards, it was equally a wake-up call for consumers.
4. WannaCry and Petya (2017)
The WannaCry worm spread like wildfire in the spring of 2017, decimating the outdated IT infrastructure of the U.K.’s National Health Service (NHS) and thousands of other organizations across the globe. WannaCry, and later Petya, were notable for taking advantage of EternalBlue, a leaked exploit developed by the US National Security Agency (NSA). Both worms leveraged the NSA’s toolkit to encrypt hundreds of thousands of systems and demand a payment of bitcoin, marking a new chapter in a still escalating series of Ransomware attacks.
5. Mirai and VPNfilter (2016-2019)
Mirai and VPNfilter aren’t notable so much for how they spread as what they infected: hundreds of thousands of IP cameras and home routers with weak security. Mirai marked a turning point in how we think about cybersecurity, shifting the focus away from computers and onto the increasing number of Internet-connected devices in our homes and businesses. Mirai showcased the dark power of compromised Internet of Things (IoT) devices in October 2016, when huge swaths of the US Internet infrastructure suffered denial of service attacks perpetrated by “smart” devices that had been infected with the malware.
Three years later, Cisco Talos researchers uncovered an even more advanced strain of malware known as VPNfilter installed on at least half a million routers. Believed to be the work of an advanced group with ties to a nation-state, VPNfilter opened new possibilities for cyber warfare — Cisco’s researchers believe the bug could give attackers the ability to shut down devices and disrupt Internet service across an entire geographic area.
6. The Yahoo! and Equifax Data Breaches (2014 – 2017)
While the 2010s had a seemingly endless number of data breaches, the Yahoo! and Equifax breaches stand out due to their massive scale. The Equifax breach leaked the personal and financial details of roughly half the U.S. population, while a series of breaches at Yahoo! exposed the details of over 3.5 billion Yahoo! Mail accounts. Taken together, these breaches nearly guarantee that everyone has at least some of their information for sale on the black market. The Equifax breach in particular also raised consumer awareness of privacy issues to new heights, helping inspire new privacy laws in California and elsewhere.