5 Lessons We Must Learn From The World’s Biggest Cyber Heists
Cybercrime is accelerating at an alarming rate, with $10 trillion thought to have been lost to the global economy in 2024 thanks to hackers, data thieves, phishers and other “bad actors”. Incidents are increasing in frequency and scale, and the emergence of new and more powerful forms of AI is only likely to make things worse.
The largest cyber heists involve staggering figures that are hard to comprehend—records and dollars are looted in their millions. However, they still offer important lessons in cybersecurity and the cultural issues it encompasses, that individuals or organizations of any size can learn from.
In this article, we'll explore five key lessons that can be learned from some of the biggest and most devastating cyber heists:
Lesson 1: Keeping Software Up to Date is Crucial
In 2017, hackers exploited vulnerabilities in networking software to steal sensitive data from millions of customers in the U.S. and around the world. This included social security numbers, dates of birth and addresses, all considered sensitive personal identifiable information that can be used to track people or borrow their identity to commit further crimes.
There were 150 million victims in the U.S. alone, with fines and court settlements paid out by the company amounting to hundreds of millions of dollars. The clearest lesson to be taken from the world’s largest ever data theft is the importance of keeping software up to date and always installing the latest security updates.
Failure to update an element of the Apache Struts networking software was identified as a key point of failure.
Lesson 2: Recognize and React to Phishing Attempts
Ransomware malware, termed WannaCry, is thought to have spread to over 200,000 computers across 150 countries in 2017. Ransomware works by encrypting data and then extorting payments from the owners in order to have it safely returned, usually with threats that it will be irrecoverably deleted if the money isn’t paid.
WannaCry was particularly devastating because it targeted an older but still widely used version of the Microsoft Windows operating system, allowing it to spread with unprecedented speed. Ransomware often infects organizations through phishing and other methods of social engineering that aim to exploit human behavior.
Understanding how to recognize and react to phishing attempts, as well as building a culture of cybersecurity awareness throughout the workforce, is the first line of defense against these attacks.
Lesson 3: Be Cautious with Cryptocurrency
An attack on what was then one of the leading Bitcoin and cryptocurrency exchanges, Bitfinex, saw hackers make off with 119,756 Bitcoins, worth $72 million at the time (2016) and close to $1 billion as of writing.
Some of it was recovered when two people were arrested and ultimately convicted of laundering proceeds of the theft in 2023. The fact that the thieves carried out the theft by breaking into exchange wallets that were previously considered relatively secure caused a 20 percent crash in the value of Bitcoin.
The safest option for storing coins or digital assets is usually an offline "cold" wallet, as when coins or tokens are on an exchange, they are not in your possession and vulnerable to whatever security flaws are present at their place of custody.
Lesson 4: Deepfakes Pose a Growing Threat
In a sophisticated AI-enabled attack in 2023, deepfaked videos of colleagues and executives at the Hong Kong offices of a multinational company were used to trick an employee into transferring millions into fraudsters’ bank accounts.
Deepfakes, AI-generated lifelike dupes of a real person, created in order to deceive, are used in a growing number of scams. The worker who made the transaction later learned he had been the only genuine participant on a video call where the instruction to transfer the funds was given. Every other participant, including the company’s CFO, was a deepfake created by the criminals.
Having mechanisms in place to check and verify instructions and developing an understanding of how and why deepfake scams work are essential 2020s survival skills for businesses and individuals.
Lesson 5: State-Sponsored Attacks Can Cause Maximum Chaos
Businesses in Ukraine hit by a wave of cyber attacks initially thought they were facing ransomware similar to WannaCry. In fact, NotPetya was a highly destructive file shredder only ever intended to destroy data, while masking its true purpose.
The devastating virus forced ports and airports to close and disrupted many government operations, with damage valued at around $10 billion. Many security research groups now believe NotPetya was a state-sponsored attack originating in Russia.
While everyone hopes they won’t be targeted by cybercrime, the odds aren’t good. State-sponsored attacks are growing and are increasingly being targeted at businesses as well as infrastructure.
These lessons can form the skeleton of a defense against cyber threats. Keeping software up-to-date, storing sensitive data and cryptocurrency securely, encouraging a culture of cyber-awareness, and implementing trustless verification systems are all key parts of the puzzle.
Individuals and institutions alike should learn from these “worst-case scenarios” in order to build resilience against the ever-shifting nature of the cyberthreat landscape.