What is the most interesting Cyber attack incident for you ?

Hello Everyone

I am doing a conversion course in Computer science. In one of the modules I have to write an essay about a Cyber attack, how it was done and how to prevent it.

I found a few interesting cases online but I figured I should ask experts on what are their favorite hack cases. So here is my question:

What is the most interesting Cyber attack incident for you ?

Kindest Regards
Rokas

Mine is an APT attack from APT32 :frowning:

Oops, just realized you mean like an attack as in historical event not an attack type. My favorite here would have to be the stuxnet worm against Iranian nuclear centrifuges.

Yea yea I know kinda basic but hear me out, they were able to jump a air-gapped network which hadn’t really been accomplished before. This proved that everything, everything, is vulnerable. Also it was carried out by the Equation Group who happens to be my favorite hacker group, threat actor, whatever you want to call it.

Stuxnet was just pretty spectacular all around. The code for the worm itself is really amazing if you ever get the change to disassemble and look at it as well.

@Rodan said:

Hello Everyone

I am doing a conversion course in Computer science. In one of the modules I have to write an essay about a Cyber attack, how it was done and how to prevent it.

I found a few interesting cases online but I figured I should ask experts on what are their favorite hack cases. So here is my question:

What is the most interesting Cyber attack incident for you ?

Kindest Regards
Rokas

I assume you are most interested in public ones. For me, three spring to mind (although they are old now) as public examples of the effort an attacker will go to:

  1. Target. This was a good example of supply chain breach in that the attackers worked out how to pwn the point of sale systems via a 3rd party HVAC company. It’s also an example of a common problem with “alert fatigue” in which companies over-invest in technology and under-invest in people/process.

  2. Marriott/Starwood. This is an example of poor due diligence leading to a company buying a breach. Attackers persisted in the Starwood network during the M&A process resulting in Marriott spending millions to then have to deal with the fallout.

  3. BA. Super sloppy code management and reliance on unchecked 3rd party code in a payment gateway are shockingly bad behaviours.