It’s that time of year again, some people at home are carving pumpkins and others will be sitting down to binge their favourite horror films.
Some of our personal film favourites include Friday the 13th, Nightmare on Elm Street and Shaun of the Dead, but one thing that makes us want to hide under the covers is the headlines about data breaches that we see on a day-to-day basis.
To get into the spirit of Halloween this year, we’ve picked out 3 real cyber security horror stories that send chills down our spines.
1. Hackers remotely take control of a Jeep while somebody drives it
In 2015, Wired magazine carried out an experiment where they wanted to see what could be done if somebody was to wirelessly hijack a Jeep Cherokee – except they did this in a real-life environment, while the magazine’s editor was driving it down a highway!
The hackers got up to all sorts of mischief at first by switching the radio to different stations, turning on the windscreen wipers and blasting out cold air through the car’s air conditioning system.
Then, the experiment got took to the next level, the hackers cut the transmission as the Jeep was coming up to a long incline on the highway. The Editor said that he started to frantically press the accelerator, but to no avail, the car started to slow down with an 18-wheeler truck bearing down behind it.
Thankfully, the hackers didn’t put the Editor in much more danger and he finished his nightmare car journey unharmed. But it does raise the question about the world we’re entering with the Internet of Things.
If you want to read the full story about the Wired magazine’s hacked Jeep experiment, you can do so here.
2. Wannacry attack on the NHS
In May 2017, around 40 National Health Service organisations and some GP practices were affected by a global ransomware attack that locked down computers containing patient data demanding a payment of €300 (£230) in the virtual currency Bitcoin.
The malicious encryption program, named WannaCry, exploited a flaw in Microsoft Windows XP and spread throughout the organisation’s network after gaining access when an NHS employee clicked a link in a phishing email.
It is estimated that 6,900 appointments were cancelled as a result of the attack, but it’s not known the full extent of the disruption caused to GP appointments, ambulances and other NHS trusts.
The scariest part was how far the malware spread and it was reported to have infected organisations from more than 70 countries. As well as the NHS, other organisations were affected including US delivery company FedEx and car manufacturers Renault.
Microsoft released a patch that fixed the vulnerability before the attack, however people failing to update their Windows machines so the WannaCry encryptor was able to spread across the world like a zombie virus.
As well as creating a case for educating employees about avoiding the risks of phishing emails, it also demonstrates that organisations should make sure they have their own zombie survival/business continuity plan ready.
3. Cambridge Analytica and Facebook
Picture this, you’re scrolling through your Facebook feed and you come across one of your friends sharing a personality test, while you’ve got some time to kill you decide to take it.
Fast forward a few years and you find out that the personality test was just a way for an organisation to access not only your personal data, but your friend’s data as well.
This is the story of many people whose data was harvested in the Cambridge Analytica and Facebook scandal.
If you’d like to know more about the Facebook and Cambridge Analytica scandal, we covered the full story and the consequences of it in a blog post.
Reminiscent of something out of George Orwell’s 1984, Cambridge Analytica used a personality quiz to harvest the data of over 50 million Facebook users, most of those were in the US. This personal data was then allegedly used to influence the results of the US 2016 Presidential Election.
While this isn’t necessarily a cyber security story, it’s a data protection story that people need to be more vigilant about who has access to their personal data and what information can be put online.
If you want to make sure your organisation doesn’t become one of these horror stories, click the button below to register your interest in our cyber security training for staff.