USA +1 855 726 4878  |  BR +55 11 3069 3925 

The Biggest Cyberattacks of Recent Years

by | Sep 9, 2021 | BLOG | 0 comments

We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from the digital security industry. 

One of the biggest challenges is to keep up with the evolution of these crimes, because as technology advances, crimes become increasingly strategic and sophisticated, requiring even more technological advances and security efforts, in addition to repeating a cycle that is difficult to prevent.

In recent years, especially during the coronavirus pandemic, in which most companies are adopting new work alternatives, migrating to digital environments, the role of criminals has been strengthened. 

According to data from FortiGuard Labs, the year 2020 had 41 billion attempts of cyberattacks in Latin America. The good news is that while these attempts are taking place, the cybersecurity industry has also worked hard and strengthened itself to ensure as much security as possible for digital media and to weaken this cycle of attacks.

To get a sense of this problem’s scale and the lessons we can pass on to those who want to strengthen the security of their information, we have listed the 5 biggest cyberattacks in recent years. Check it out below.

Solar Winds: The Biggest and Most Sophisticated Attack in History

In 2020, Solar Winds, an information infrastructure company, suffered what can be considered, according to Microsoft’s President Brad Smith, as “the biggest and most sophisticated attack the world has ever seen”. This is because several tactics and techniques of cyber invasion and espionage were employed. 

Hackers have inserted malicious software into Solar Winds’ monitoring software update that has been sent to up to 18,000 customers. These include Microsoft companies and the US Departments of Energy, Justice, and Nuclear Safety. But it was FireEye, one of Solar Winds’ client companies, the first victim to identify the attack. 

In the Microsoft attack alone, according to its president, at least a thousand engineers took part. Ongoing investigations indicate that the operation is very complex and surprising even for specialists, as it combines very advanced and stealthy techniques, which have bypassed the radar of the most experienced security specialists. This made everyone apprehensive about a critical vulnerability in the technology infrastructure.

Colossal DDoS Attack Against Dyn

Dyn, an American company of DNS (Domain Name System) services, has suffered a DDoS attack, which, in general, is a type of attack that intensifies data traffic and overloads a certain server, making it unavailable to users.

This attack caused a system crash for all the company’s customers in 2016, who had virtual newspapers and magazines from the United States and other large companies among them: Amazon, Netflix, PayPal, Spotify, Tumblr, Twitter, GitHub, Xbox Live, and PlayStation Network. 

It was an event known as “The American Internet Blackout”, one of the biggest DDoS attacks in recent times.

ASUS Automatic Updates

One of the largest laptop manufacturers in the world, ASUS, was the target of a hacker attack in 2018, with an automatic software update that infected nearly 1 million users worldwide. 

The attack targeted 600 computers, but the malware spread and reached more users. As the attackers used the company’s legitimate security certificate during the action, it was almost impossible to raise suspicion.

This type of crime can increase users’ distrust and lead them to avoid machine upgrades, which can raise the level of vulnerabilities and cause even bigger problems. 

STJ: Great Cyberattack in Brazil

Brazil is one of the countries with the highest number of users connected to the Internet, and according to the Internet Security Threat Report, released in 2019, the country occupies third place in the ranking of cyberattack attempts, fourth in bot attacks, and seventh in crypto-jacking.

As might be expected, government agencies are not left out of vulnerability for cybercrime. In Brazil, the biggest data attack involved the STJ (Supreme Court of Justice), a target of the ransomware action, which invaded more than 1,200 servers of the institution and destroyed the backups on the machines. 

On the scale of this attack, Marta Schuh, Director of Cyber Insurance at the international broker Marsh, stated that: “It was like the STJ databases could be placed inside an incinerator.” As expected, the criminals offered to ransom the information in exchange for a sum of money.


A Leak of Sensitive Data from Over 100 million Americans

Paige A. Thompson, a former Amazon employee, was responsible for hacking the database of Capital One, a US financial institution, compromising the data of more than 100 million Americans and 6 million Canadians by obtaining access to personal data of credit card requests. 

Although the affected information does not contain the users’ credit card numbers, as Capital One claimed, the damage will cost around $150 million to boost the institution’s digital security.

Other Relevant Data on Cybersecurity in 2020

  • 60% of users say they are poorly informed about cybersecurity. (ESET Survey).
  • Lack of backup is the main cause of loss of money for 3 out of 4 users (ESET Survey).
  • Of the top causes for data leaks, 16% are exploiting third-party software vulnerabilities, 19% are cloud-server misconfiguration procedures and login data breaches, and 14% involve phishing activities. (IBM)
  • 52% of data leaks were due to malicious attacks and 23% to human error. (IBM)
  • Only 61% of users believe that some of their passwords are secure. (ESET Survey)
  • The most used password in 2020 was “123456”, accounting for two and a half million users. (Nordpass)
  • 40% of consumers worldwide use between one and three financial applications, but only half have security software installed on their devices. (ESET Survey)
  • Reports of cyberattacks grew 400% during the pandemic. (FBI)
  • DDoS attacks increased 151% in the first half of 2020. (Neustar)

What Can We Expect from the Future?

The trend for the future is to have more devices and users connected to the Internet around the world, which could further increase the number of cyberattacks and attempts. On the other hand, it has been increasingly difficult and outdated to live in a non-digital world even to perform simple everyday tasks. 

Therefore, more than ever, digital security must be a concern for companies and governments, which must continue to invest heavily in the prevention and control of threats, and for users, who must always keep up-to-date on the best ways to protect their data and what legal protection they can receive in cases of attack.

If you are interested in the subject, we also invite you to read the next article. After All, How to Act in Case of Data Invasion and Theft?




References to mentioned research.


Are you enjoying this post? Join our Newsletter!

4 + 13 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...