EXECUTIVE SUMMARY:
Many organizations have cyber ‘blind spots,’ which can be difficult to detect without formal testing; technical assessments, pen testing, red teaming and blue teaming, phishing simulations…etc. These weird hacks demonstrate the degree to which organizations need to implement and enforce comprehensive cyber security policies, best practices and architecture. Hopefully, your enterprise will never have to contend with any of these weird hacks…
- In 2020, a hacker’s mom broke into a prison and hacked into equipment. Yes, you read that correctly. Her son, penetration tester John Strand, is typically hired to assess the strength of organizations’ physical and cyber defense systems.Strand’s mom, Rita Strand, had previously held professional roles that enabled her to feel comfortable posing as a state health inspector in order to gain access to the correctional facilities.The old adage is that a pen tester can get pretty far with a clipboard and confidence. In this instance, the adage proved true. Rita Strand did not encounter any resistance. She managed to plant USBs that created web-shells and broadcast signals back to a team of tech experts located in a nearby café. She also presented a ‘health inspection report’ to the warden, who gladly accepted a USB drive laced with malware.Other pen testers state that organizations are often susceptible to this type of in-person attack. “If you claim to be inspectors, auditors, someone of authority, anything is possible.” This hack emphasizes the importance of securing physical systems and cyber security awareness among your personnel.
2. In 2019, five men rigged a scheme to steal 25,000 gallons of fuel from pumping stations in the Paris metro area. A factory-issued and non-reprogrammed pin helped them conduct their scheme. The attackers managed to use a special remote to gain access. Their technique enabled them to fill-up tanks without any limits.
After stealing the gasoline, the hackers advertised their bounty on social media, reselling it at discounted prices. The group hauled in roughly $170,000 ahead of being caught by French police. This attack reinforces the importance of changing pre-programmed passwords to codes that are unique to your organization.
3. In 2017, hackers made a splash by using an IoT connected fish tank to access network systems. Once in the systems, hackers managed to identify other vulnerabilities and to exfiltrated found data to a foreign country.
4. The world of IoT has opened up new possibilities in manufacturing and the automotive industry, across medicine and across numerous other sectors. In 2014, San Francisco, a group of hackers managed to reprogram an IoT connected road sign. Initially, the sign read “Godzilla attack—Turn back”!
Pacific Highway Rentals, which owned the sign, stated that they were unaware of how the hackers conducted their experiment. The company’s management appeared relieved that the hackers simply wanted to have “a bit of fun.” Are all of your organization’s IoT devices fully protected?
Hackers are clever. Outsmarting them requires a continual assessment of your cyber security architecture, patching, upgrades and alignment with the latest cyber security recommendations. For more insights into how to outsmart hackers, check out Cyber Talk’s buyer’s guides.
Godzilla image courtesy of Fred Warner, Berkeleyside.
