The biggest cyberattack in history: ‘At the end of the day, it is a digital weapon worth hundreds of thousands of euros.’
The scope is enormous, and we have yet to fully grasp it. In total, a group of cybercriminals has stolen 16 billion passwords from Apple, Google, Facebook, Netflix and PayPal users in what could be the biggest theft in history. The most serious aspect is that all these passwords are active.
Cybercriminals have obtained usernames, passwords, cookies and other sensitive information. The figure is so high because we all have accounts that give us access to dozens of sites, from email and cloud services to social media and streaming platforms.
As is often the case in these situations, information is still scarce and little is known about the attackers, the actual scope of the attack, or the means they used to breach the security of so many platforms. What is clear is that two of the countries most affected were Portugal and Russia.
Just to be on the safe side, experts recommend changing the passwords for all our services if we fear they may have been compromised. And to better understand the scope and tools used, we spoke with David Conde, director of the Thales S21Sec operations centre.
How did the attack manage to affect all major operating systems indiscriminately?
"Cyberattacks are becoming increasingly sophisticated and complex, capable of bypassing all of a company's detection mechanisms. These types of attacks use malicious software, or malware, which steals information from the user's computer,‘ explains Conde. ’This type of malware is designed to infect as many computers as possible, regardless of the type of computer or operating system it has. This guarantees cybercriminals the highest possible number of victims and, therefore, a greater return on investment. This is independent of any use of AI and is based on the great capacity (and resources) of organised groups to create advanced malware that is undetectable and steals and exfiltrates as much information as possible in the shortest possible time, regardless of the nature of the victim. Think that this type of malware is a digital weapon after all and has a value that can reach hundreds of thousands of euros..."
‘Based on the information currently available, the theft of information is due to malicious software called Stealers, which steals information mainly from user credentials and exfiltrates it to cybercriminals,’ adds this cyber expert.
Who could be behind it?
‘Firstly,’ says Conde, ‘the source of the information theft could be more than one cyberattack and could be due to a wave or several cyberattacks carried out by the same cybercriminal gang, using these pieces of malicious software called stealers.’
Why did security fail?
‘Without more specific data, we cannot say for sure what happened,’ concludes Conde. ‘But this type of information theft attack is usually a highly sophisticated attack carried out by organised gangs that manage to bypass all the security controls a company may have in place. The “bad guys” have the ability and the means to carry out attacks despite all the defences an organisation may put in place.’
