Malware, short for “malicious software”, refers to any kind of harmful software program designed to cause damage to devices or networks. Some of the most well-known and costly malware attacks have caused massive financial and reputational damage to individuals, businesses, and governments worldwide.
Some key questions about costly malware are:
- What specific malware attacks have been the most financially damaging?
- What techniques or vulnerabilities do the most expensive malware programs exploit?
- Which sectors, companies, or agencies have been hardest hit by costly cyberattacks involving malware?
- How much monetary damage has resulted from the most expensive malware campaigns?
This article will explore the most financially damaging malware attacks in history, examining the specific vulnerabilities, techniques, and damage caused by the most expensive strains of malicious software ever unleashed.
WannaCry Ransomware
One of the most damaging and infamous malware attacks in history was the WannaCry ransomware attack that spread globally in May 2017. Within one day, WannaCry infected over 230,000 computers across 150 countries. Large organizations around the world were impacted, including government agencies, healthcare facilities, telecommunications providers, and businesses.
Vulnerabilities Exploited
WannaCry exploited vulnerabilities in older Windows operating systems, including a flaw in Server Message Block (SMB) protocol identified as EternalBlue. The ransomware was able to spread quickly and automatically through networks by exploiting these known vulnerabilities that had not yet been patched.
Damage Caused
The total financial impact from WannaCry was estimated between $4 billion to $8 billion. Major disruptions occurred at large organizations like the UK’s National Health Service, which was forced to divert ambulances and reschedule thousands of appointments due to the attack. Telefónica, FedEx, and Renault were also among the major global organizations affected.
NotPetya Wiper Malware
In June 2017, companies around the world were hit by a cyberattack that initially looked like ransomware but was in fact a “wiper” malware designed solely to destroy data. The NotPetya malware is considered one of most damaging cyberattacks on record, causing over $10 billion in total damages.
Techniques Used
Like WannaCry, NotPetya took advantage of the unpatched EternalBlue vulnerability to spread. However, while ransomware encrypts files and demands payment for decryption, NotPetya was engineered to irreversibly overwrite and corrupt master boot records, rendering infected systems inoperable.
Impact
Major multinational companies were debilitated by NotPetya attacks, including shipping giant Maersk, advertiser WPP, pharmaceutical company Merck, and snack food manufacturer Mondelez International. Global damages exceeded $10 billion, with FedEx, Maersk, and Merck each reporting individual losses of $300 million or more.
SIMjacking – Mobile Account Takeover Fraud
While many costly cyber attacks target computer systems and networks, SIMjacking refers to fraud targeting victims’ mobile phones and accounts. SIMjacking can allow criminals to steal credentials, hijack online accounts, and commit financial fraud, siphoning millions from victims.
Technique Used
SIMjacking, or SIM swapping, is when an attacker impersonates a mobile customer and gets their phone number transferred to a SIM card controlled by the attacker. This gives them control of the victim’s phone number, including access to two-factor authentication messages, account reset links, and more.
Financial Impact
According to research by Trustwave, SIM swapping fraud resulted in $68 million in losses during a six month period in 2018. High profile cases have included the theft of $24 million worth of XRP from blockchain company founder Michael Terpin, and the $1 million cryptocurrency hack of Instagram influencer Jay Mazini.
Cryptojacking Malware
Cryptojacking malware secretly hijacks computing power and electricity to mine cryptocurrency. While no large singular events have occurred, the cumulative losses are in the billions of dollars.
Technique Used
Cryptojacking malware works by installing scripts on websites or devices that utilize computing resources to mine cryptocurrency without any authorization. The rise of cryptocurrency prices caused cryptojacking to emerge as a lucrative revenue stream for cybercriminals.
Losses
Cryptojacking malware on the website The Pirate Bay cost visitors an estimated $1 million in electricity costs daily. According to research by McAfee and CSIS, illicit crypto mining cost companies over $2.9 billion in losses in 2018 alone. Individual consumers have also reported hundreds or thousands of dollars in electricity costs monthly due to undetected cryptojacking infections.
FlokiBot Malware
Emerging in 2022, a new banking trojan malware dubbed FlokiBot has been targeting Android users with clever social engineering tactics and aims to steal online banking credentials and payment card information.
Techniques Used
FlokiBot employs phishing links posing as popular services like DHL or COVID-19 exposure notifications to trick users into downloading its malware. Using accessibility features, it can take over accounts and bypass multi-factor authentication. It also overlays fake login pages to steal account credentials.
Potential Losses
In the first months since its appearance, FlokiBot malware has already been used to steal over $500,000 from victims across the world. As it continues spreading, experts forecast that it has the potential to cause millions in additional financial losses due to its advanced evasion techniques.
Potential Future Malware Threats
As malware continues evolving, new attack techniques and destructive new threats are likely to emerge in the future:
- Ransomware targeting industrial control systems could cause widespread disruption.
- IoT malware could enable large botnets that take down web infrastructure.
- Potential? quantum crypto malware resistance to decryption.
- Wormable exploits of widespread vulnerabilities like Log4j.
- New vulnerabilities in blockchain, web 3, or mobile infrastructure.
Most Expensive Malware Strains – Financial Damage Summary
| Malware Type | Total Estimated Damages |
|---|---|
| WannaCry Ransomware | $4 billion – $8 billion |
| NotPetya Wiper Malware | $10 billion |
| SIM Swapping – Mobile Account Takeover Fraud | $68 million (6 month period in 2018) |
| Cryptojacking Malware | $2.9 billion (2018 losses) |
Conclusion
In summary, some of the most financially destructive malware attacks to date include nation-state sponsored attacks like NotPetya designed purely for destruction, ransomware like WannaCry that took advantage of unpatched systems worldwide, cryptojacking campaigns illicitly mining billions in cryptocurrency, and mobile account hijacking enabled by SIM swapping techniques.
As malware continues to evolve, new attack vectors on blockchain, mobile, IoT networks, and industrial control systems raise the specter of even more sophisticated and costly cyberattacks in the future. However, organizations can help mitigate potential damage through robust patching, endpoint security, user education, multi-factor authentication, and regular penetration testing.