Halloween is here and we want to celebrate it with cybersecurity stories that make you shiver!
Halloween is the perfect day for a marathon of horror films and stories. In UNGUESS Security , we couldn't resist telling you about some cybersecurity related ones that fit perfectly for this "scary" day.
Many horror movies have scenes where someone is scared by their own shadow or something lurking in the corner of a room. Those moments are made more frightening when it’s a consequence of a person’s actions.
In the world of cybersecurity, there are consequences to our actions, and they don’t involve just digital data. Instead, they involve real people who may lose their jobs, homes, and even their lives as a result of hacking attacks that are becoming more frequent.
Here are 8 cybersecurity horror stories you won’t be able to stop thinking about.
1.The Equifax Breach
One of the worst hacking attacks occurred at the credit reporting company, Equifax. In 2017, the company fell victim to a data breach that resulted in the loss of data on over 143 million people.
The data in question included social security numbers, names, home addresses, and other sensitive information. In total, the breach cost the company over $700 million in fines, legal fees, and lost revenue. That’s not the worst part, though. The worst part was that the breach could have been prevented.
The breach happened because the company failed to patch a vulnerability in its computer network. The vulnerability was discovered in March 2017. It took until July for the company to patch the vulnerability.
In between those two dates, cybercriminals exploited the vulnerability and accessed the company’s network. They were then able to extract the personal data of millions of people.
2.The Mirai Botnet DDoS Attacks
A DDoS attack is when hackers use a robot network to flood a computer system or website with so much traffic that it crashes. This is a common way to hack a website.
However, occasionally, cybercriminals use the same technique to hack into computer systems. Most often, the computer systems in question are inside electric power plants.
In 2016 another Horror cybersecurity story happened. Cybercriminals attacked an electric grid in Ukraine. They also threatened to attack power plants around the world.
The attacks didn’t come from computers but from the Internet of Things (IoT) devices. Researchers found that a computer virus known as Mirai was responsible for the attacks. The malware was used to create a botnet and the botnet was then used to launch DDoS attacks against the power grid in Ukraine.
The botnet was also used to launch DDoS attacks against many other websites around the world in the following year.
3.KRACK: Wireless Networking Hazards
In 2017, a group of cybersecurity researchers found a vulnerability in one of the most basic parts of wireless networking: the encryption key.
For decades, the standard for Internet encryption had been the WEP standard. Then came the WPA standard. In the late 2000s, the WPA2 standard became the de facto standard for wireless Internet encryption.
Researchers found that those WPA2 encryption keys had a fundamental flaw that could be exploited by cybercriminals. The flaw could allow them to see everything happening on someone’s wireless network.
Researchers determined that their findings could be applied to all modern wireless networks and this includes any wireless network that uses the WPA2 encryption standard. Operating systems have been patched to ensure they are not vulnerable anymore to this attack.
4.Sony Pictures’ Stalking Scenario
This is the cybersecurity Horror story of Sony Picture. In 2014, employees discovered that cybercriminals had infiltrated their network. These criminals moved all the data from Sony Pictures’ computer systems to their private servers.
This data included sensitive information on employees, scripts for unreleased movies, and financial data from Sony’s operations. The crackers even obtained personal information on employees and their families and they used this information to create a fake online profile for one of the employees.
They then used the fake profile to set up a meeting with one of the employees with the goal of eliciting information from the employee that would help the crackers cause.
5. The Loss of Life-Saving Equipment
Medical devices are increasingly connected to the Internet. This means that they can send and receive data. Unfortunately, medical devices were not designed with security in mind. This leaves them open to hacking.
In this very scary cybersecurity horror story, in 2017, a team of computer scientists found vulnerabilities in a machine that is used in more than a quarter of hospitals in the United States. The machine is used to help doctors detect heart attacks and other cardiac issues. It uses an embedded computer system to collect data.
The researchers found that the system had serious security vulnerabilities, for example, it did not require any authentication and it also had a hard-coded password, which could be retrieved by searching the device’s code. The worst part is that the medical device collects data on the patient, including their heart rate and blood pressure.
6. Becoming a bug bounty hunter will help you understand vulnerabilities better
As we’ve discussed, one of the main reasons to participate in a Bug Bounty Program is to test for vulnerabilities and find problems in an application or website. You will be put in a realistic environment where you’ll be tasked with finding and reporting the bugs in software. Becoming a Bug Bounty hunter is an excellent way to get better at what you do. You will be able to get inside the head of a hacker and learn how to better protect your software from vulnerabilities and security threats.
7. Uber: Data Breach and Hackers' Behaviour
In 2016, cybercriminals accessed the computer systems of the ride-sharing company Uber. They downloaded data on 57 million customers and drivers and they also accessed the names and driving license information of 600,000 drivers.
Uber allegedly paid those criminals $100,000 to keep news of the data breach quiet. The company did this to avoid the bad press that would come with admitting the breach. The breach was discovered in 2017 when a team of security researchers found evidence on the internet that the data had been stolen.
They notified Uber, who then confirmed the breach. The breach was the result of several security problems that allowed attackers to compromise Uber’s network.
8.Chain Reaction: Blockchain and Financial losses
Blockchain technology is used for many reasons, and even to create cryptocurrencies like Bitcoin and Ethereum. Crackers have increasingly targeted blockchain companies because they hold large sums of money in their systems. That money is in the form of digital tokens that can be converted into cash if necessary.
In 2018, cybercriminals breached a blockchain company, and this is the closing cybersecurity horror story we want to tell you. The company was a digital advertising firm that used blockchain to manage its payments.
The crackers gained access to the company’s computer systems and then stole digital tokens that were worth $14 million at the time. They sold the tokens on a cryptocurrency exchange, converting them into cash.
The cybercriminals were able to steal the money because they had control of the company’s systems due to the company’s poor security practices since they stored the digital tokens in a position that allowed the company’s employees to access the system from anywhere in the world.
What do you think of these cybersecurity stories? Are they scary enough? Telling you about them was our way of wishing you a happy Halloween!