Table 2 Targeted Cybersecurity Attacks against Critical Services, Energy Sector etc.
Year | Target Facility | Country | Agent | Impact | Ref |
|---|---|---|---|---|---|
1982 | Pipeline explosion | Russia | Malware (SCADA) | Explosion and fire. | (Zakhmatov et al., 2011) |
1992 | Ignalina Nuclear Power Station | Lithuania | Virus (Control System) | Â | (Panda, 2015) |
1992 | Chevron (Warning System) | USA | Virus | Hacking by a disgruntled employee who left thousands of employees exposed to toxicity | (Miller & Rowe, 2012) |
1994 | Salt River Project | USA | Malware (Control System) | Hacking by an employee, resulting in deleting of critical files resulting in disconnecting water supply to customers | (Panda, 2015) |
1997 | Worcester Airport | USA | Trojan (Control System) | Air traffic Control tower system down for six hours | (Panda, 2015) |
1999 | Gazprom | Russia | Trojan (SCADA) | No serious consequences | (Panda, 2015) |
2000 | Maroochy Water System | USA | Trojan | Water spillage | (Panda, 2015) |
2001 | Gas Processing Plant | USA | Unknown | Service outage in the vicinity | (Panda, 2015) |
2002 | PDVSA | Venezuela | Worm | Production outage | (Panda, 2015) |
2003 | Banking Facility; Ohio Nuclear Facility | Â | Slammer aka Sapphire | Unknown | |
|  | Railways |  | SoBig | 23,000 miles of one railway line | (McGuinn, 2004) |
2004 | National Science Foundation’s Amundsen-Scott South Pole Station |  | Unknown | Controlling life support systems of Antarctic research station – Cyber Terror Attack | (Poulsen, 2004) |
2006 | L.A. Traffic Lights | USA | Malware | Reprogram the lights | (Panda, 2015) |
2008 | Lodz Tram attack | Poland | Â | Control of the tram network | (Panda, 2015) |
2008 | Hatch Power Plant | USA | Malware | Unintentional shut down due to an update | (Desarnaud, 2017) |
2009 | Civil Aviation | Â | Unknown | Data compromise; shutdown of systems | |
2009, 2010 | Natanz - Iran’s Nuclear Plant (Centrifuges) | Iran and Many countries | StuxNet | Iran’s Nuclear centrifuges were targeted. The equipment was replaced at an alarming rate. | (Naraine, 2010; Falliere et al., 2011; Nakashima & Warrick, 2012; Sanger, 2012; Langner, 2013; Kushner, 2013; Thomson, 2013) |
2011 | No Specific Target; Iran Nuclear Plants | Iran and Many countries | DuQu | Targeted; | (Boldizsár et al., 2011; Boldizs’ar et al., 2012; (Guilherme & Peter, 2011; Kaspersky Corp, 2011; Kaspersky Corp, 2015) |
2011 | Areva | France | Malware | Non-critical data theft | (Desarnaud, 2017) |
2012, 2015; 2016–17; 2018–19 | Saudi Aramco (UAE); RasGas (Qatar); Italy | UAE, Italy | Shamoom (alias) Disttrack; W32.Disttrack A; W32.Disttrack B; | 30–35,000 Machines; D-Dos attack; FileWiper or File Eraser | (Symantec Crop, 2017; Leyden, J, 2012; NewYork Times, 2012; Perlroth, 2012; Glymin, 2017; ENISA, 2019 Symantec Corp, 2018, Trend Micro, 2018) |
2012, 2015 | Iran’s Nuclear Plant, Lebanon, Sriya, Sudan, etc |  | Flame aka Flamer, (StuxNet. Resource 207) | Approx. 1000 Machines, | (Boldizsar et al., 2012; sKyWiper Analysis Team, 2012; Alexander, 2012; McElroy & Williams, 2012; Goodin, 2012; Nakashima et al., 2017), |
2013 | North American Energy Companies | Â | Dragonfly | More than 1000 energy companies in North America and Europe | |
2014 | SCADA/ICS | Â | Havex | Noticed in 146 Command and Control Server | |
2014 | Korea Hydro | South Korea | Malware | Reactor Manual theft; electricity and radiation exposure data | (Desarnaud, 2017) |
2015 | Ukrainian Kyivoblenergo |  | Black Energy 3 | 225,000 Customers left without power for 6 h on a cold December | (Lee, 2016) |
| Â | Polish Airlines | Â | Unknown | 1400 passengers grounded | (Rene, 2015) |
2016 | Gundremmingen (German Nuclear Power Plant) | Â | W32.RAMNIT; Conficker | Isolated Incident on the Power Plant as the plant was isolated. The previous version of Conficker A, B, C, D, E is reported to have caused damage to 1.7 million people. | (Symantec Corp, 2011) |
2020 | Public Health Services | U.S.; | Ransomware | 200,000 email addresses compromised, leading to many health services being impacted with ransomware. Some restored to paying the ransom. | (Kochman, 2020) |
2020 | Â | Â | AZORult; Trojan | Spreads as payload and often is used by other payloads like Djvu; primarily collects user data | (Doffman, 2020) |
2020 | Citrix Application Delivery Controller | Australia, Canada, Denmark, India, Sweden, Singapore U.K., USA, Switzerland, UAE- | FTP protocol exploiting vulnerability CVE-2019-1971; Algorithm Command’ file/bin/Pwd | World Wide Citrix Gateway devices were impacted affecting banking, defence, healthcare, energy, technology, higher education, legal, media | (Glyer et al., 2020) |
2020 | Cisco Router Exploitation Kit – Cisco RV320 | Remote code execution; Metasploit Module is exploiting vul. CVE-2019-1653 CVE-2019-1652 |