This is not a complete list, by far. I welcome people to add links or notes to things that they think should be on the list, too.
1997: Eligible Receiver
https://en.wikipedia.org/wiki/Eligible_Receiver_97
2003 attack. Discovered in 2005. Titan Rain
https://en.wikipedia.org/wiki/Titan_Rain
http://content.time.com/time/printout/0,8816,1098371,00.html
http://courses.cs.washington.edu/courses/csep590/05au/readings/titan.rain.htm
https://www.theguardian.com/technology/2007/sep/04/news.internet
2005 attack. Discovered in 2010. Stuxnet
https://en.wikipedia.org/wiki/Stuxnet
https://www.youtube.com/watch?v=rOwMW6agpTI
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
http://isis-online.org/isis-reports/detail/stuxnet-malware-and-natanz-update-of-isis-december-22-2010-reportsupa-href1/8
http://isis-online.org/uploads/isis-reports/documents/stuxnet_update_15Feb2011.pdf
2006 attack. Discovered in 2011. Night Dragon Operation
https://en.wikipedia.org/wiki/Night_Dragon_Operation
https://www.mcafee.com/jp/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf
2008. Australian ISC Water Services
http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study_briefing.pdf
2009 attack. Discovered in 2010. Operation Aurora
https://en.wikipedia.org/wiki/Operation_Aurora
2014 Heartbleed Vulnerability
Let's someone image your RAM. Nothing logged on host OS.
https://en.wikipedia.org/wiki/Heartbleed
2014 Shellshock Vulnerability
I'm over-simplifying, but this allowed Remote Code Execution (RCE) in bash. So, you could go to a website and just execute code on the web server. Trivial to exploit. even I wrote an exploit for it while on a conference call.
No comments:
Post a Comment