The Darker than Usual Side of Cybercrime

Whether or not you believe in omens and superstition [picture a black cat walking under a ladder], Friday the 13th is a day of infamy. To celebrate—if that’s a thing—let’s look at some creepy cyber incidents that will have your skin crawling in good old Friday the 13th fashion.

The “Friday the 13th” hack – the virus Jerusalem

If you have paraskevidekatriaphobia [Yes, this is an actual word that means “fear of Friday the 13th”], you wouldn’t be happy to find out that there used to be a virus that would execute each year on the “unluckiest day of the year.”

The actual name of the virus was “the virus Jerusalem,” originating in Israel in 1987 to commemorate the 40th anniversary of the Jewish state. The sole purpose of the virus was to execute every year on Friday the 13th.

The virus infected computers through CD-ROM, floppy disks (back when they were a thing), and email attachments, which it still does to this day. Some things never change, huh? The virus targeted .exe and .com files under MS-DOS, causing slow computer performance due to increased memory usage.

Since the virus would activate on Friday the 13th based on the computer time, one workaround people found was to skip this date on their computers and change it to the following day. Threat actors got hip to the trick, and it doesn’t work anymore.

Real cybercrime horror stories

Halloween is a couple of months behind us, but that’s another great occasion where people love getting scared by horror stories. And there’s nothing better than a horror story that actually happened, especially if it can also happen to you.

Hackers are very much like ghosts. They lurk in the shadows waiting for the perfect opportunity to strike. You often don’t even know they’re there, but they know everything about your organization: employee names, addresses, and even financial information.

Scared yet? Check out these three cyber horror stories:

The Colonial Pipeline ransom attack

The Colonial Pipeline is the largest refined products pipeline in the United States, spreading 5,500 miles from Houston to the port of New York and New Jersey, supplying 100 million gallons of gas and refined oil to the East Coast each day.

So when the company announced it had been hit by ransomware in May 2021, it caused sheer panic throughout the region. The Colonial Pipeline Company was forced to halt its operations, causing severe price hikes and gas shortages, with no resolution in sight.

What’s even scarier is what caused all of this: a single leaked password. That’s right; one leaked password is all it took for hackers from the notorious Darkside group to access the Colonial Pipeline network and encrypt a significant portion of its data with ransomware.

Amid the panic surrounding the attack, Colonial Pipeline paid the attackers $4.3 million in Bitcoin to recover its data, some of which is still with the attackers despite the U.S. government’s best efforts to recover the amount.

The most surprising thing about this attack is that Colonial Pipeline didn’t have a ransomware response plan in place, only an emergency response protocol. If a cyberattack can affect critical infrastructure in one of the world’s most powerful countries, it can happen to everyone. Read more on what you can do to mitigate ransomware attacks and create a proper response plan. Speak to a SecurityScorecard subject matter expert to help you with the implementation process.

Nation-state attack on Sony Pictures

North Korea is a daunting enemy, and Sony Pictures was quick to find out when they were attacked by the infamous Lazarus Group in 2014. Sony made an enemy out of the North Korean government after starting production on “The Interview,” a movie mocking their leader.

In an effort to prevent the movie from ever seeing the big screen, Lazarus obtained and leaked terabytes of sensitive information from Sony, including private employee information, communication, and even full, unreleased movies starring superstars like Brad Pitt.

The intentions behind the attack were initially unclear but became fairly obvious after the attackers threatened physical violence against any theater that displayed “The Interview.” While no threats were carried out, and the movie was still released to the public, the attack cost Sony millions in lost revenue after several of its most anticipated films were leaked and illegally downloaded.

All this goes to show that cybersecurity isn’t only a business issue; it’s also a safety issue. If you’re not doing everything you can to protect your organization and its employees, you aren’t doing nearly enough.

The attacks that crumbled a tech giant

What Google is for internet users today, Yahoo was in the late 90s and early 2000s. The company is still largely successful, but it all started going downhill after a series of cyber attacks in the early 2010s, which crumbled Yahoo’s reputation.

The first attack occurred in mid-2013 but was only discovered two years later after agents found a 2015 listing on the dark web selling information on 1 billion Yahoo user accounts for $300,000. The data for sale included names, emails, passwords, and answers to security questions. After further investigation, Yahoo discovered 3 billion affected accounts, three times more than what the initial discovery suggested. The attack likely occurred because Yahoo’s encryption was weak and, therefore, easily hackable.

To add insult to injury, as the 2013 hack saga unfolded, Yahoo was recovering from a different, Russia-sponsored attack, which exploited poor cookie management to bypass password protection. This attack affected 500 million accounts.

This is a harsh reminder of the consequences cyberattacks can have on an organization’s reputation and place in the market. It’s also a reminder that threat actors can lurk in the shadows and stay there for years before being detected. While Yahoo is still a formidable company, it’s no longer the tech powerhouse it used to be, largely due to the effects and scale of these attacks.

Overcome all fear with SecurityScorecard

The latest advancements in cyber threats and techniques have CISOs scrambling for solutions. SecurityScorecard offers a full range of products and services that will cover your organization from every angle.

With consistent, data-driven ratings, you will gain an outside-in view of your security posture so you can take preventative action. Scoring is based on our trusted, transparent ratings methodology and data collected on millions of organizations.

To add button: <Get Your Free, Instant Score Now>

Continuous compliance monitoring will track adherence to current public and private sector security mandates and detect potential compliance gaps. Ensure vendor compliance by Inviting vendors to collaborate around key security and compliance issues with our co-branded outreach emails.

Contact us immediately if you learned that adversaries got a hold of your data. The initial 24 hours after the discovery are critical. We’ll find the root cause and eliminate it. Afterwards, our detailed forensics services can discover all compromised information. Our team will provide you with expertise to: