From Barrotes to WannaCry – a 30-year retrospective of cyber attacks

Marking Panda Security’s 30th anniversary this year, the global leader in cyber security reviews the most notorious cyber attacks across three decades.

The World Economic Forum recently reported it expects a 76.1% increase in hacking activity in 2020, with 75% of attacks believed to be motivated by a financial or reputational pay-off. Tracking attacks and learning from historical attacks is vital in developing technology and best practices for prevention.

Reflecting on the development of the cyber security landscape and the dynamic business environment we operate in today, Panda Security Africa CEO Jeremy Matthews says: “In the last 30 years, we've experienced a true revolution in cyber security that has challenged us to learn and adapt the way we do things. At Panda, we have worked to ensure we can provide advanced, adaptive cyber security solutions that make it easier for our clients to manage and protect their digital lives.”

Panda Security’s position as a leader in EDR technology is born out of its 30 years of continuous innovation in endpoint security. Its Cape Town-based office established in 2006 delivers Panda’s high-value offerings to customers throughout Africa.

Here is a look at the last 30 years of cyber attacks:

  • Barrotes is known to be the first Spanish virus, having launched its attack in January 1993. The small program wrote its malicious code on executable files and, as a result, every time the computer started up, the screen was covered in bars, making it impossible to use the device.
  • CIH/Chernobyl originated in Taiwan in 1998 and infected an estimated 60 million Windows 95, 98 and ME users. Once installed on a computer, it deleted all the information from the device – even corrupting BIOS so that the system couldn't boot.
  • Melissa (1999) was one of the first cyber attacks carried out using social engineering techniques. Users received an e-mail with an attachment that presented login details for a pornography Web site. The attachment contained a virus that accessed the victim's Microsoft Outlook agenda and forwarded the e-mail to the first 50 contacts in their address book.
  • I love you was a social engineering campaign delivered via e-mail. Once the attachment was opened, it replaced several files, including .jpegs and mp3s, with a Trojan that aimed to get hold of sensitive information.
  • Mydoom (2004) used Windows' security tools and options to spread throughout the system and files – to dramatic effect; it reduced world Internet traffic by 10% and caused losses of around $40 billion.
  • Stuxnet (2010) was the first known example of cyberwarfare weaponry. It was designed to attack Iranian critical infrastructure with the aim of gathering information and then ordering systems to self-destruct. The worm was spread using USB devices and targeted SCADA systems.
  • Mirai (2016) is the botnet behind one of the largest denial of service (DDOS) attacks to date. It affected large organisations, including Twitter, Netflix, Spotify, and PayPal. Mirai infected thousands of IOT devices but remained inactive until 21 October 2016, when it was used to attack DNS service provider Dyn.
  • Notorious around the world, WannaCry (2017) ransomware was targeted at Windows computers, encrypting their data and demanding ransom payments of $300 in bitcoins. The attack is estimated to have affected over 200 000 computers in 150 countries, including devices in the NHS and Renault.
  • Ransomware variant Petya/NotPetya (2016-2017) ran on computers, encrypting files, blocking the boot sector of the compromised system, and demanding a ransom in exchange for these files being restored. In 2017, the variant NotPetya targeted the organisations with a similar MO. These attacks were particularly notorious as they did not allow victims to recover their files, even after the ransom was paid.
  • Ryuk (2019) attacked critical infrastructure and large organisations towards the end of 2019. This malware, whose origins lie with the Russian group Grim Spider, encrypts the files on infected devices, and only allows the victim to recover their files if they pay a ransom in bitcoins.

For insight into some of the current threats, click here to access recently published malware reports, including our Threat Insights Report and an in-depth analysis of Ryuk Malware. To find out how to protect your organisation against today’s sophisticated threats, contact us here.

Share