Many famous hacking attacks cases use malware at some point. Malware are malicious software designed to infect devices. The intent behind the infection varies. Why? Because the cybercriminal can use malware to make money, to steal secret information that can give strategic advantages, to prevent a business from running or even just to have fun. Yes, there are hackers who act for pleasure.
Malware is a broad term. It's like a category. Within this category are different types of threats, such as virus, worm, trojan, and ransomware. The cases listed below show how malware attacks can work and give you a glimpse of the harm they cause to businesses and individuals.
To get an idea, according to the FBI, damages caused by different types of malware amounted to more than USD 11 million just in 2018. And the most widely used form of malware spreading continues to be email. As a Verizon report confirmed: of every 10 infection attempts using malware, 9 happen via email.
Check out 8 real cases of malware attacks
1. Melissa, virus, 1999
The Melissa virus infected thousands of computers worldwide by the end of 1999. The threat was spread by email, using a malicious Word attachment and a catchy subject: "Important Message from (someone's name)." Melissa is considered one of the earliest cases of social engineering in history. The virus had the ability to spread automatically via email. Reports from that time say that it infected many companies and people, causing losses estimated at USD 80 million.
2. ILOVEYOU, worm, 2000
The ILOVEYOU worm was used to disguise itself as a love letter, received via email. Reports say that it infected more than 45 million people in the 2000s, causing more than USD 15 billion in damages. It's also considered as one of the first cases of social engineering used in malware attacks. Once executed, it had the ability to self-replicate using the victim's email.
3. MyDoom, worm, 2004
In 2004, the MyDoom worm became known and famous for trying to hit major technology companies, such as Google and Microsoft. It used to be spread by email using attention-grabbing subjects, such as "Error", "Test" and "Mail Delivery System". MyDoom was used for DDoS attacks and as backdoor to allow remote control. The losses are estimated, according to reports, in millions of dollars.
4. Zeus, trojan, 2007
Zeus is a trojan distributed through malicious files hidden in emails and fake websites, in cases involving phishing. It's well known for propagating quickly and for copying keystrokes, which led it to be widely used in cases of credential and passwords theft, such as email accounts and bank accounts. Its use has hit major companies such as Amazon, Bank of America and Cisco. The damage caused by Zeus and its variations is estimated at more than USD 100 million since it was created in 2007.
5. Stuxnet, worm, 2010
The Stuxnet deserves special mention on this list for being used in a political attack, in 2010, on Iran's nuclear program and for exploiting numerous Windows zero-day vulnerabilities. This super-sophisticated worm has the ability to infect devices via USB drives, so there is no need for an internet connection. Once installed the malware is responsible for taking control of the system. It's believed that it has been developed at the behest of some government. Read: USA and Israel.
6. CryptoLocker, ransomware, 2013
The CryptoLocker is one of the most famous ransomware in history because, when it was released in 2013, it used a very large encryption key, which made the experts' work difficult. It's believed that it has caused more than USD 3 million in damage, infecting more than 200,000 Windows systems. This type of ransomware was mainly distributed via emails, through malicious files that looked like PDF files, but, obviously, weren't.
7. Petya, ransomware, 2016
Unlike most ransomware, Petya acts by blocking the machine's entire operating system. I mean, Windows system. To release it, the victim has to pay a ransom. It's estimated that the losses involving Petya and its more new and destructive variations amount to USD 10 billion since it was released in 2016. Among the victims are banks, airports and oil and shipping companies from different parts of the world.
8. WannaCry, ransomware, 2017
The worst ransomware attack in history goes by the name of WannaCry, introduced via phishing emails in 2017. More than 200,000 people have been affected worldwide, including hospitals, universities, FedEx, Telefonica, Nissan and Renault. The threat exploits a vulnerability in Windows. The losses exceed USD 4 billion.