With the emergence of cutting-edge innovations like cloud computing, AI, and machine learning, IT has revolutionized traditional business operations. It's a great asset to every organization, but as IT develops, so are threats to organizational security. Research and studies have revealed that IT threats and vulnerabilities are becoming significantly worse daily and are now a major concern for organizations and individual users. Phishing attacks are one of these threats that have become more common by causing trouble in the network system.
Phishing
is the malicious exercise of impersonating a trustworthy website, user, or
organization to acquire private information. Asks for confidential information
like login, credit card details, bank account details, social security number,
etc.
Major phishing attacks that made history
Over the years, phishing attacks have occurred with an increasing frequency, causing damage to numerous individuals and organizations. Here are some well-known incidents of major phishing attacks:
- AOHell,
the first recorded phishing attack
A Pennsylvania teenager created AOHell in early 1994 to hack America Online (AOL) accounts. The program stole users' passwords and used its credit card generator to create fake AOL customer service accounts.
- The
Nordea bank incident
In 2007, phisher tricked Nordea customers by installing the "haxdoor" Trojan, posing as an anti-spam source code, which caused a $1.1 million loss. In this attack, the phisher installed keyloggers on victims' computers and directed them to a fake bank website to steal login credentials.
- The
‘Phish Phry’ operation
In 2009, 50 people from California, Nevada, and North Carolina, and nearly 50 Egyptian citizens, attacked the U.S. and Egypt and stole $1.5 million through bank frauds. This was one of the FBI's most serious cybersecurity lapses in history.
- RSA
incident
In 2011, RSA, a defense contractor for the United States, was hacked via a spear phishing attack that exploited a vulnerability in Adobe Flash, exposing 40 million users to potential harm.
- Dyre
phishing incident
The Russian hacking group Dyre created malware that stole millions of dollars in 2014. Using a phony tax consultant identity, the attackers deceived victims into signing up for a phishing website. After that, they posed as law enforcement and bank personnel to extort money.
- Facebook
and Google incident
Between 2013 and 2015, two big giants, Facebook and Google, were attacked by Evaldas Rimasauskas from Lithuania, causing a total loss of $100 Million each. First, the attackers enticed Quanta into sending them money, and then, they sent fake invoices and contracts to Google and Facebook signed by executives of both companies.
- The
Sony pictures leak incident
In 2014, Sony Pictures lost 100 Terabytes of the company's sensitive information due to a phishing attack. Attackers broke into Sony's network by sending phishing emails pretending to be coworkers of top-level employees.
- Crippling
of Colonial Pipeline
In May 2021, a major phishing attack by the DarkSide gang cost the fuel supplier Colonial Pipeline $3.5 billion. Attackers used an employee's password to get into the network and caused oil supplies to be cut off for a week.
About InfosecTrain
The
primary goal of any phishing attack is, and always will be, to acquire
sensitive information about the target and then use it for malicious means.
To
prevent phishing attacks, improve security. If you want to gain more knowledge
about phishing attacks, check out InfosecTrain. InfosecTrain provides a variety of cyber security certification training courses that cover all the topics required to prevent
phishing attacks.
