• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

The Darker than Usual Side of Cybercrime

01/13/2023

Whether or not you believe in omens and superstition [picture a black cat walking under a ladder], Friday the 13th is a day of infamy. To celebrate—if that’s a thing—let’s look at some creepy cyber incidents that will have your skin crawling in good old Friday the 13th fashion.

The “Friday the 13th” hack – the virus Jerusalem

If you have paraskevidekatriaphobia [Yes, this is an actual word that means “fear of Friday the 13th”], you wouldn’t be happy to find out that there used to be a virus that would execute each year on the “unluckiest day of the year.”

The actual name of the virus was “the virus Jerusalem,” originating in Israel in 1987 to commemorate the 40th anniversary of the Jewish state. The sole purpose of the virus was to execute every year on Friday the 13th.

The virus infected computers through CD-ROM, floppy disks (back when they were a thing), and email attachments, which it still does to this day. Some things never change, huh? The virus targeted .exe and .com files under MS-DOS, causing slow computer performance due to increased memory usage.

Since the virus would activate on Friday the 13th based on the computer time, one workaround people found was to skip this date on their computers and change it to the following day. Threat actors got hip to the trick, and it doesn’t work anymore.

Real cybercrime horror stories

Halloween is a couple of months behind us, but that’s another great occasion where people love getting scared by horror stories. And there’s nothing better than a horror story that actually happened, especially if it can also happen to you.

Hackers are very much like ghosts. They lurk in the shadows waiting for the perfect opportunity to strike. You often don’t even know they’re there, but they know everything about your organization: employee names, addresses, and even financial information.

Scared yet? Check out these three cyber horror stories:

The Colonial Pipeline ransom attack

The Colonial Pipeline is the largest refined products pipeline in the United States, spreading 5,500 miles from Houston to the port of New York and New Jersey, supplying 100 million gallons of gas and refined oil to the East Coast each day.

So when the company announced it had been hit by ransomware in May 2021, it caused sheer panic throughout the region. The Colonial Pipeline Company was forced to halt its operations, causing severe price hikes and gas shortages, with no resolution in sight.

What’s even scarier is what caused all of this: a single leaked password. That’s right; one leaked password is all it took for hackers from the notorious Darkside group to access the Colonial Pipeline network and encrypt a significant portion of its data with ransomware.

Amid the panic surrounding the attack, Colonial Pipeline paid the attackers $4.3 million in Bitcoin to recover its data, some of which is still with the attackers despite the U.S. government’s best efforts to recover the amount.

The most surprising thing about this attack is that Colonial Pipeline didn’t have a ransomware response plan in place, only an emergency response protocol. If a cyberattack can affect critical infrastructure in one of the world’s most powerful countries, it can happen to everyone. Read more on what you can do to mitigate ransomware attacks and create a proper response plan. Speak to a SecurityScorecard subject matter expert to help you with the implementation process.

Nation-state attack on Sony Pictures

North Korea is a daunting enemy, and Sony Pictures was quick to find out when they were attacked by the infamous Lazarus Group in 2014. Sony made an enemy out of the North Korean government after starting production on “The Interview,” a movie mocking their leader.

In an effort to prevent the movie from ever seeing the big screen, Lazarus obtained and leaked terabytes of sensitive information from Sony, including private employee information, communication, and even full, unreleased movies starring superstars like Brad Pitt.

The intentions behind the attack were initially unclear but became fairly obvious after the attackers threatened physical violence against any theater that displayed “The Interview.” While no threats were carried out, and the movie was still released to the public, the attack cost Sony millions in lost revenue after several of its most anticipated films were leaked and illegally downloaded.

All this goes to show that cybersecurity isn’t only a business issue; it’s also a safety issue. If you’re not doing everything you can to protect your organization and its employees, you aren’t doing nearly enough.

The attacks that crumbled a tech giant

What Google is for internet users today, Yahoo was in the late 90s and early 2000s. The company is still largely successful, but it all started going downhill after a series of cyber attacks in the early 2010s, which crumbled Yahoo’s reputation.

The first attack occurred in mid-2013 but was only discovered two years later after agents found a 2015 listing on the dark web selling information on 1 billion Yahoo user accounts for $300,000. The data for sale included names, emails, passwords, and answers to security questions. After further investigation, Yahoo discovered 3 billion affected accounts, three times more than what the initial discovery suggested. The attack likely occurred because Yahoo’s encryption was weak and, therefore, easily hackable.

To add insult to injury, as the 2013 hack saga unfolded, Yahoo was recovering from a different, Russia-sponsored attack, which exploited poor cookie management to bypass password protection. This attack affected 500 million accounts.

This is a harsh reminder of the consequences cyberattacks can have on an organization’s reputation and place in the market. It’s also a reminder that threat actors can lurk in the shadows and stay there for years before being detected. While Yahoo is still a formidable company, it’s no longer the tech powerhouse it used to be, largely due to the effects and scale of these attacks.

Overcome all fear with SecurityScorecard

The latest advancements in cyber threats and techniques have CISOs scrambling for solutions. SecurityScorecard offers a full range of products and services that will cover your organization from every angle.

With consistent, data-driven ratings, you will gain an outside-in view of your security posture so you can take preventative action. Scoring is based on our trusted, transparent ratings methodology and data collected on millions of organizations.

To add button: <Get Your Free, Instant Score Now>

Continuous compliance monitoring will track adherence to current public and private sector security mandates and detect potential compliance gaps. Ensure vendor compliance by Inviting vendors to collaborate around key security and compliance issues with our co-branded outreach emails.

Contact us immediately if you learned that adversaries got a hold of your data. The initial 24 hours after the discovery are critical. We’ll find the root cause and eliminate it. Afterwards, our detailed forensics services can discover all compromised information. Our team will provide you with expertise to:

  • Stop additional data loss

  • Fix vulnerabilities and implement measures to prevent further attacks

  • Collect and preserve court-admissible evidence

  • Document and record the incident and the process

  • Assist with involving law enforcement/regulators

  • Notify affected parties under your industry requirements

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube