It’s that special time of year where ghouls and goblins roam the streets, hidden creatures go bump in the night, and ghastly cyber criminals sneak upon you when you least expect it.
If you’re looking for something to truly scare your socks off, check out these terrifying cyber threats that will send a tingling chill down your spine. ?
“A Harbinger of Twitter Doom”
Hate to say it, but tweeting about Pokemon, shopping, or the U.S. Presidential election could make you a phishing victim.
This summer, Forbes staff writer Thomas Fox-Brewster wrote a story about two data scientists from ZeroFOX, John Seymour and Philip Tully, and their Frankenstein-esque invention, SNAP_R, which stands for Social Media Automated Phishing and Reconnaissance.
Essentially, the tool is used to lure Twitter users by reading a user’s profile for details like their bio, the topics they users frequently posts on, etc. That information is then used to create a relevant tweet back to that user with a potentially malicious link. In a quick experiment of man (Fox-Brewster in this instance) vs. SNAP_R, the SNAP_R tool demolished the competition, sending over 819 spear-phishing tweets to users at a rate of 6.75 tweets per minute! In the end, SNAP_R claimed 275 victims, compared to only 49 from Fox-Brewster. This tool is so wicked good, Fox-Brewster himself dubbed it “a harbinger of Twitter doom.” ?
A Digital Zombie Army
Photo credit: wiki.teamfortress.com
Remember the Distributed Denial of Service (DDoS) attacks that shut down Github, Netflix, Twitter, Amazon, Reddit, Spotify and several other major websites two weeks ago? As we now know, a Chinese electronic component manufacturer, Hangzhou Xiongmai Technology, acknowledged that its DVRs and webcams were compromised by malware that exploited vulnerabilities “involving weak default passwords in its products.”
Security researchers identified the malicious program as Mirai–a malware that infects IoT devices protected by weak factory default passwords and turns them into a remote-controlled army of botnets that can be used to launch DDoS attacks. Two weeks ago, Mirai targeted Dyn, the DNS service provider that hosts several major websites.
But, this might be the beginning of more worldwide DDoS attacks. Hundreds of thousands of IoT devices can be used for a DDoS attack, and, according to Gartner Inc, approximately 6.4 billion IoT devices will be in use worldwide this year. Good luck sleeping with your webcam at night.
Buckle up! Your next flight might be a bumpy ride. In the last few years, multiple reports of hack attacks on various airline systems have made headlines, causing turbulence in the security industry. For instance, the Daily Pakistan says that Pakistani hackers have been breaching the networks of Indian airports, blocking communication ‘between the pilots and the control tower just before landing and start playing Pakistan’s patriotic songs like ‘Dil Dil Pakistan’ in the cockpit.”
Just last year, USA Today reporter, Steven Petrow, had a terrifying in-flight experience on an American Airlines flight. Petrow used the airline’s in-flight Wi-Fi to complete a story about Apple’s battle with the FBI, but later discovered his own email was hacked by a passenger sitting right behind him! ?
The most frightening part of this tale is that there is a very real possibility that a plane’s control systems could be compromised via its in-flight Wi-Fi network. A prime example came last May when Security Researcher Chris Roberts was removed from a United Airlines flight and banned after the FBI claimed he hacked a plane’s entertainment system, causing the plane to veer slightly off course in flight! However, Roberts later denied manipulating the plane in flight to Wired. Regardless, I’ll wait until after my flight to connect to check my email.
The Not-So-Friendly Ghosts
Unfortunately, this security threat isn’t as friendly as Casper. As law enforcement and intelligence agencies develop stronger methods for detecting and preventing cyber attacks, hackers are also developing programs to avoid getting caught. This has lead to the creation of two very similar (and terrifying) forms of rootkits–which are software programs designed to gain unauthorized access or controlled by a computer system without being detected.
The first is Ghostware. The HackRead describes Ghostware as the “Snapchat of malware” because this sophisticated malware program can sneak into a company’s system, steal the company’s data, and then disappear without a trace. To detect a Ghostware breach, an IT admin would have to catch the program in the act in order to determine what data was compromised.
The second is Two-Faced Malware. According to HackRead , Two-Faced Malware is a program designed to fool a sandbox–a security mechanism created to separate running systems and test suspicious program or code without corrupting a company’s internal network. Two-Faced Malware works by disguising itself as a benign code but later morphs into malicious code after bypassing sandbox inspection and receiving an “innocent” rating. As a result, a company’s security systems will have an even harder time detecting malicious programs.
No, I’m not making a joke about The Headless Horseman. There’s actually chilling, sophisticated cyber threats dubbed “headless worm” attacks. Headless worms are malicious code or viruses that target IoT-connected “headless” devices, including smartphones, wearables, medical devices, and more. Similar to DDoS attacks, headless worms take advantage of the IoT network by traveling from device to device and could be programmed to disable devices and cause substantial damage and outages.
If you want to read more about terrifying cyber threats, check out these posts on our blog…IF YOU DARE!