Picture this: You arrive early to your job and you try to access the company network, only to be greeted by nothing but a blue screen.

From the depths of the interwebs, evil lurks in silence disguised as a friend.

In the world of IT, you always need to consider the constant and persistent threat of a massive cyberattack on your systems. The wise Stephen King once said “Monsters are real, and ghosts are real too. They live inside us, and sometimes, they win.” Today, these monsters live in the gray areas between our systems, waiting in the shadows to strike at the opportune moment. These ghost and monsters have created countless IT horror stories in just 2018 alone that have taught cybersecurity personnel and companies to not take security for granted. Here are some of the biggest 2018 IT security horror stories.

Google, one of the most notable tech giants in a crowded industry, was on the receiving end of a major cyber attack.  The attack was on the supremely unpopular Google+ service, Google’s attempt in entering the social media market to compete with Facebook. Roughly 500,000 accounts were affected by the attack. It is important to note that the vulnerability exploited in the attack was open since 2015 but was not discovered until March 2018.

Google+ is slated to shut down in August 2019 due to lack of adoption, low user engagement, and the mentioned cyber attack that attributed to a bad image.

Newegg was punished by the notorious hacking group called Magecart. This group claimed responsibility for data breaches on both Ticketmaster and British Airways. In regards to British Airways, 380,000 transactions were compromised. What Magecart did was not a direct attack on Newegg, but rather it was an interception of customer credit card information, which was done with the deployment of a credit card skimmer.

The process began by first registering the domain NeweggStats (dot) com. Malicious lines of javascript code were then inserted into the checkout page of the Newegg website, which would capture credit card payment information while the customers were making a purchase and send the information to a remote server.

After hitting the confirmation button to make a purchase, the skimmer code on the checkout page would send the credit card information to NeweggStats without interrupting the checkout process. From there on out, Magecart had full possession of the data to be used or sold.

For every article related to the rise of cryptocurrency and cryptosecurity, there is a case of a hack or theft. In 2014, another exchanged based in Japan called Mt. Gox was hacked. At the time, Mt. Gox handled 70% of all Bitcoin exchanges in the world.

This year, an exchange based in Tokyo, Japan called Coincheck saw $500 million worth in various cryptocurrencies stolen. It was one of the biggest hacks in history. The hackers pulled off the heist with what is known as a ‘hot wallet’, a digital wallet that is connected to one of more external networks. Normally exchange deposits are kept in ‘cold wallets’, which are not connected to external networks.

In cryptocurrency, all transactions are viewable on the internet. The trouble is, the transactions do not list names. 11 addresses were found in regard to the hack and were subsequently labeled as: “coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.”

Thankfully, exchanges could reject the funds that were stolen based on tracking tools that utilized data from the transactions.

Hidden Cobra, a well-known hacker group, also known as “The Lazarus Group” or “The Guardians of Peace”, orchestrated a cyber attack on multiple banks. This group achieved notoriety and fame for their attacks on popular organizations in industries such as media, aerospace, finance, and critical infrastructure sectors. The amount of money withdrawn from the bank heists amounted to over tens of millions of dollars from different banks all around the world.

They managed to create a hacking system that affected ATMs in a very peculiar way. ATMs were fooled into spitting out cash, which was done by compromising the switch application servers, the essential system in the ATM framework that functions as the user identifier. The compromise was done in a way where accounts with minimal or zero balance could be used, bypassing the need to fake an account.

The malware was installed in banking applications that would intercept the transaction requests coming from the ATMs and sending back a positive response to validate the withdrawal with its core banking system. Thus, ATMs were fooled into dispensing large amounts of cash without notifying banks on these inconsistencies or transactions.

Here’s a fun fact: 30 million Facebook accounts were compromised this year. The big blue giant was on the receiving end of the worst security breach received its worst security breach in history. 30 million is a minuscule number compared to 2.23 billion, the number of total worldwide Facebook users. However, 30 million accounts are still 30 million accounts and Facebook accounts commonly contain a variety of personal information, photos, and messages.

Half of the attack focused on collecting account usernames and contact information while the other half targeted specific data such as:

  • Gender
  • Language
  • Relationship status
  • Religion
  • Hometown
  • Current City
  • Birthdate
  • Education
  • Work
  • Access Device
  • Check-in locations

The identity of the hacker(s) remains unclear. What we know is that the information retrieved from the users could manifest in a number of ways, from a secondary and more focused attack to the selling of information to companies, individuals, or entities. The fear of not knowing where or how the information is being handled by an unseen player is what makes this attack so troublesome. On the global Facebook scale, the attack was hardly felt, but there is now data linking to over 30 million individuals somewhere in the horrors of the internet.

They (the hackers) all float down to where nobody knows their names or can find them. Sometimes it’s for the money, prestige, or notoriety. Or it’s just because they can and are always lurking in the shadows, constantly looking for exploits and weak security. The ghosts and monsters are very real. It’s time for companies to focus on security in an age where more and more functionalities are now online and it’s time for companies to be more transparent and honest with its users. Otherwise, it will take less than 27 years for the evil to resurface and it will come back with more horror than the last time.

If you fear one of these horror stories, don’t doubt and contact us.

One Comment

Leave a Reply