Top 10 Biggest Cyber Attacks in History

Published on
23/01/2024 10:15 AM
biggest cyber attacks in history

Cyber attacks aren’t new. Ever since the birth of the internet and the rise of online technology, we’ve been dealing with several cyber threats in all shapes and sizes. 

But as a business' cybersecurity strategy evolves, so do the hackers trying to attack it, resulting in more complex and more dangerous attacks than ever before. 

Cybercrime is on the rise too, Over 2.3 million cyber attacks were reported in the UK in 2023 alone, with the average attack costing businesses £3,230 each.

Whether it’s malware, ransomware or phishing, these attacks can range from small-scale disruptions to large-scale disasters, and they can have a significant impact on individuals, businesses, and governments.

What is a cyber attack?

A cyber attack is any attempt to disable, manipulate, or gain unauthorized access to a computer system, network, or device Cyber attacks can be launched by individuals, cyber groups, or even nation-states, and can target individuals, businesses, governments, and critical infrastructure.

There are many different types of cyberattacks, but some of the most common include:

  • Malware. Malware is malicious software that can be installed on a computer system without the user's knowledge or consent. Malware can steal data, damage files, or disrupt system operations.
  • Phishing. Phishing is a type of social engineering attack that attempts to trick users into revealing sensitive information, such as passwords or credit card numbers. Phishing attacks can be carried out through email, text messages, or even phone calls.
  • Distributed Denial-of-service (DDoS) attacks. DoS attacks are designed to overwhelm a computer system or network with traffic, making it unavailable to legitimate users.
  • Man-in-the-middle (MitM) attacks. MitM attacks occur when an attacker intercepts communication between two parties, allowing them to eavesdrop on the conversation or even modify the data being exchanged.
  • Zero-day attacks. Zero-day attacks are attacks that exploit vulnerabilities in software that the software vendor is not aware of. Zero-day attacks are particularly dangerous because there is no patch available to fix the vulnerability.

Cyber attacks can have a devastating impact on individuals, businesses, and governments. They can lead to financial losses, data breaches, and often large-scale reputational damage for the organizations involved. 

Biggest Cyber Attacks in History

Of course, some cyber attacks are worse than others. While some only cause short-term problems and outages, other, bigger cyber attacks can be devastating – leaving companies with their reputation in tatters and a massive hole in their wallet. 

In this list, we’re counting down ten of the biggest cyber attacks in history, exploring each attack's impact and the lessons we can learn from it.

Marriott Hotel Data Breach

The Marriot hotel group revealed in 2018 that it had been hit by a massive database breach revealing the personally identifiable information of around 500 million guests. The issue was apparently lurking in the background of the company’s technology for several years and didn’t come to light until 2018. Only two years later, another data breach exposed the data of 5.2 million guests. 

 

The Marriott hotel chain has also been a victim of other attacks since. In 2022, the chain confirmed it had been hit by another data issue in which hackers stole around 20GB of data, which included customer payment information and business documents held by the brand.

WannaCry Ransomware

One of the most well-known cyber attacks involving ransomware, the WannaCry Ransomware attack was a global event which took place in 2017. Implemented by the WannaCry Ransomware crypto worm, this attack targeted various computers running the Microsoft Windows operating system. Users had their data encrypted, and criminals demanded Bitcoin in payment. 

The event is estimated to have affected more than 200,000 computers in 150 countries. The total damages of the attack ranged anywhere from hundreds of millions to potentially billions of dollars. A new version of the WannaCry ransomware attack also appeared again in 2018. 

 

Ukraine Power Grid Attack

Another major cyber event which ended up affecting an entire country, the Ukraine Power Grid attack took place in 2015. The event resulted in power outages for around 230,000 customers across the Ukraine for between 1 and 65 hours. The issue was attributed to an advanced persistent threat group known as “Sandworm”, and became the first publicly-acknowledge attack on a power grid. 

 

The attack is considered one of the most significant threats implemented by a cyber criminal to an entire community or country of people. At the same time as this attack, consumers of two other energy distribution companies were also being affected by cyber issues on a smaller scale. 

 

The 2014 Yahoo Attack

In 2014, Yahoo became the victim of one of the biggest data breaches in history. Approximately 500 million accounts were hacked by a state-sponsored actor. The theft was the biggest known cyber breach recorded at the time, and criminals were said to have stolen everything from names and email addresses to telephone numbers, passwords, and date of birth details. 

 

Read: Why Did Yahoo Fail? The Rise and Fall of a Dot-com Tech Giant 

 

Although the attack officially took place in 2004, Yahoo only discovered the incursion after later reports were filed relating to a secondary breach. All the reports issued turned out to be false, but the investigation revealed significant details about the 2014 attack.

Adobe Cyber Attack

In 2013, Adobe, one of the world’s leading software developers, confirmed a cyber attack had compromised around 38 million accounts among active users. Originally, the firm had believed around 2.9 million accounts had been affected. Adobe further announced the hackers had stolen parts of the source code of Photoshop, its picture-editing technology. 

 

Following news about the attack, a spokeswoman for Adobe revealed the initial statement made by the brand did not reveal the full scale of the problem. Adobe was fined over $1 million in a multi-state suite over the breach. What’s more, the reputation of the company was significantly damaged.

 

The PlayStation Network Attack

Sony is one of the better-known companies in the digital landscape, but its no stranger to cyber threats. The 2011 PlayStation Outage, sometimes referred to as the PSN Hack, was the result of an external intrusion into the PlayStation Network, in which personal user details from approximately 77 million accounts were compromised. A huge number of accounts and consoles were also prevented from further accessing the network. 

 

In May 2011, Sony admitted the personally identifiable information from all of the accounts had been exposed. What’s more, the outage caused by the event lasted for a total of 23 days. At the time, it was one of the largest cyber attacks of all time and the longest PlayStation outage in history. The event led to around $1781 million in costs for Sony and caused multiple lawsuits.

Estonia Cyber Attack

During 2007, Estonia became the host of the first cyber attack launched on an entire company. During this time, around 58 Estonian websites were taken offline, which included the websites of government official groups, media outlets, and banks. The issue was caused by a DDOS attack which overloaded Estonian servers, and used “zombie” computers to amplify the effects. 

 

According to some studies into the major digital event, the attack followed a political argument in retaliation to the relocation of a specific group into the outskirts of the city. The event is said to have resulted in around $1 million in costs.

The NASA Cyber Attack

Another major cyber security event to take place in 1999, the NASA cyber attack involved the breach and subsequent shutdown of NASA’s crucial computers for around 21 days. Around 1.7 million pieces of software were also downloaded during the attack, which cost the space company around $41,000 on repairs. What made this attack so famous wasn’t the expense associated with the crime, but the criminal responsible for the action. 

 

Soon after the attack took place, a fifteen-year-old computer hacker pleaded guilty to the issue and was sentenced to six months in jail. As part of his sentence, the boy was required to write letters of apology to both the NASA administrators and the secretary of defence.

 

MOVEit

In May 2023, Progress Software disclosed a zero-day vulnerability in its MOVEit Transfer file transfer software that allowed attackers to gain access to MOVEit servers and steal customer data. In the months that followed, the vulnerability was exploited by several hacker groups, including the notorious Cl0p ransomware gang. The Clop gang targeted a wide range of organizations, including multiple government agencies, healthcare providers and businesses including British Airways, Boots and the BBC


By September, the MOVEit cyber attack had affected over 2000 organisations and exposed the data of 60 million people – and this number keeps growing. The breach is considered to be one of the largest and most damaging cyber attacks in history, not only due to the number of individuals impacted but also its financial damages and long-lasting impact.

 

The Melissa Virus

One of the earliest cyberattacks to highlight the importance of digital security in the tech-driven world was caused by the Melissa Virus. In 1999, a programmer called David Lee Smith hacked an AOL account and used it to publish a file on the internet. The file promised access to dozens of free passwords to fee-based adult websites. When users downloaded the document, it set a virus free on their computers. 

 

The virus resulted in significant damage to a huge range of users and companies, including Microsoft. While cyber security managed to contain the spread of the virus within a relatively short space of time, it took a while to remove the infections entirely. The collective damage of the attack was estimated to equal around $80 million, making the attack one of the biggest and most notable cyber attacks of all time.