As 2022 comes to a close, we’re looking back at some of the top articles of the year — and those have to include our weekly Throwback Attacks. Every Thursday, we drop a new Throwback Attack, examining a historical cyberattack on the industrial sector, determining what it meant for the industry and looking at lessons learned. Since we launched Industrial Cybersecurity Pulse back in 2020, these have been some of our most popular articles.
Below are the 10 Throwback Attacks that drew the most traffic to the site — in other words, the articles you most wanted to read. They range from a Florida teenager hacking into the Department of Defense to Chinese nationals stealing plans for the F-35 fighter jet to a mistaken attack on a tiny upstate New York dam. They are also a who’s who list of notable malware strains, including NotPetya, WannaCry and BlackEnergy.
As Shakespeare said, what’s past is prologue.
1. Throwback Attack: How NotPetya accidentally took down global shipping giant Maersk
In 2017, one of the most widespread and devastating cyberattacks was perpetrated against worldwide shipping giant Maersk. It started when staffers began seeing messages advising them that their file systems were being repaired, while others received the message that their important files had been encrypted. A payment of $300 in bitcoin was demanded for the encryption key. This set off a panic in Maersk headquarters; entry systems and phone networks had been rendered useless by the apparent malware spreading rapidly throughout the company’s network and beyond. By the end of the day, their networks had been so deeply corrupted that the company simply shut down.
2. Throwback Attack: A Florida teen hacks the Department of Defense and NASA
In 1999, a 15-year-old north Floridian penetrated into the Department of Defense and NASA computers, earning himself a spot in the hacker hall of fame. Jonathan James, who operated under the internet name “c0mrade,” was a trailblazer in several respects. Not only was he recognized for his high-profile hack at such a tender age; he also became the first juvenile hacker sentenced to serve prison time. This is a worthy entry into the legacy of “Florida man” stories.
3. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist
In early 2015, German publication Der Spiegel published a tranche of documents from former National Security Agency (NSA) contractor Edward Snowden. These documents confirmed something that had been long suspected — that the similarities between China’s advanced J-31 stealth fighter and the U.S.’s F-35 were more than coincidental. Experts in the aviation field had long argued that the J-31 was heavily influenced by the F-35. Snowden’s documents were the first confirmation that this was the result of a data breach of a Lockheed Martin subcontractor that allowed the Chinese access to top secret data on the F-35.
4. Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
In 2013, Iranian hackers broke into the modest Bowman Avenue Dam’s command and control center, theoretically giving them remote access, in a minor but frightening-in-its-implications attack on national critical infrastructure. But why would Iranian hackers go after an insignificant dam in a small village in upstate New York? The theory is that this was a case of mistaken identity. The Bowman Avenue Dam in Purchase, New York, is 2,805 miles from the much more significant Arthur R. Bowman Dam in Prineville, Oregon.
5. Throwback Attack: BlackEnergy attacks the Ukrainian power grid
Losing power in the dead of winter is a nightmare scenario. On Dec. 23, 2015, people in Western Ukraine faced this situation after an unprecedented BlackEnergy cyberattack on the region’s power grid. The massive, nation-state attack first struck the Prykarpattyaoblenergo control center, which, in turn, took out 30 substations. Two other distribution centers were also hit on a smaller scale. The attack left 230,000 residents without power, along with two of the three distribution centers that were hacked because the attack took out the back-up generators, as well. The electricity outage lasted up to six hours for residents, but the computers on-site that were infected couldn’t be salvaged.
6. Throwback Attack: How a single whaling email cost $61 million
A poorly worded email or a message sent in anger can be costly to the average person’s professional career. That’s nothing compared to a single email that cost Austria-based airplane component manufacturer FACC close to $61 million in a “fake president” scam. The attack on FACC had a damaging cascade effect that precipitated the firing of the company’s chief executive officer (CEO) and chief financial officer (CFO). But it all started with a whaling attack, where a cybercriminal masquerades as a senior executive at the firm with the aim of tricking an employee or department into a specific action.
7. Throwback Attack: Three teens stoke fears of a cyber war with the Solar Sunrise attack
In February 1998, the U.S. was preparing to bomb Iraq, as the country’s then-President Sadaam Hussein refused to comply with inspectors who were searching for weapons of mass destruction. Just as tensions in the Gulf were coming to a head, a systematic cyberattack, which would come to be known as Solar Sunrise, was launched against the U.S. In all, this attack took control of more than 500 government and private computer systems. Because of the lingering tensions in the Middle East, it was immediately assumed this highly professional-looking attack was coordinated by Iraqi operatives, but that couldn’t have been further from the truth.
8. Throwback Attack: An insider releases 265,000 gallons of sewage on the Maroochy Shire
In 2001, an Australian man launched a sustained cyber assault against the Maroochy Shire, Queensland, Australia, sewage control, a computerized waste management system. He ultimately released 265,000 gallons of untreated sewage into local parks and rivers, causing serious damage to the local environment. This hack was the first widely recognized example of a threat actor maliciously attacking an industrial control system (ICS). It was also an insider attack, which can be more damaging because the attacker often has specialized knowledge and the ability to manipulate control systems.
9. Throwback Attack: Kevin Poulsen wins a Porsche (and hacks the U.S. government)
It was June 1, 1990, and KIIS-FM was running a competition for callers to win a new Porsche 944 S2. All they had to do was be caller No. 102. However, not everyone who tried to call made it through to the station. A 25-year-old hacker named Kevin Poulsen had tapped into all 25 phone lines and blocked every receiving call but his own. He would go on to win the Porsche under the name Michael B. Peters. While Poulsen is best known for his KIIS hack, he had a more serious and expansive prior history of cyber intrusions. As he began to get more comfortable pushing the envelope, this hobby-turned-obsession would end up getting him into trouble with law enforcement and The Federal Bureau of Investigation (FBI).
10. Throwback Attack: A cyberattack causes physical damage at a German steel mill
In 2015, a cyberattack caused “massive damage” to a blast furnace at a German steel mill. This was the second-ever digital attack that caused physical harm to equipment and served as a potential harbinger of future, destructive attacks on critical infrastructure. Details on the attack were never robust — the name of the plant and date of the attack are still unclear — but a 2015 report detailed how the attack occurred. According to the report, hackers infiltrated the German steel mill’s business network via a spear-phishing attack. Once the attackers gained access, they crossed over into the mill’s other networks, including those that controlled plant equipment. This caused several areas to fail, and operators were unable to shut down a blast furnace properly, which resulted in the damage.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.