The Most Bizarre Cyber Attacks of 2022

img blog The Most Bizarre Cyber Attacks 2022 r1

Being cyber security experts we know that most cyber attacks aren’t reported to authorities. That means the public has no way of really understanding which companies, associations, or individuals have been targeted. As such, most small to medium businesses tend to think cyber criminals will target larger, more profitable businesses.

But, that type of thinking is based on the assumption that all cybercriminals are motivated by money, and they all have a developed skill set. 

Nothing could be further from the truth. 

What Motivates Hackers

According to excerpts from an article by sw comms, the Six Primary Motivators for Hackers are: 

  • Money

A primary motivation for hackers is the money they can obtain by stealing your passwords, and bank details, holding your customer information for ransom, or selling your data to competitors or on the dark web.

  • Challenge

A large portion of hackers are driven by the opportunity to break the unbreakable system and gain recognition from their peers. This competitive behavior drives groups of hackers to challenge each other to cause disruption at the expense of another business.

  • Hacktivism

Infamous hacker groups use their skills to target large organizations and embarrass their IT teams, break their sophisticated security systems and humiliate upper management.

  • Revenge

Certain types of hackers are motivated by anger and use their skills to directly affect a person, group, or company without any fear of repercussion. 

  • Subversion

Hackers have been accused of meddling in current and corporate affairs – a modern-day version of espionage.  

  • Infamy

Hackers are motivated by a sense of achievement, working independently or in groups, they want to be recognized. Social media has given them a platform to boast about their exploits on a global scale.

Different Types of Hacker Skillsets 

The world is filled with different types of cyber criminals. So, if you think they’re all after money, think again. We recently heard of attacks on three different non-profits, including the Scouts. 

Who would do such a thing? It could be hackers who are learning the trade, angry at an institution, or employing an ex they want to frame. 

Let’s briefly address the different types of hackers, their motivations, and their wildly different skill sets…

According to an article by TechTarget article, they wrote, “There are three well-known types of hackers in the world of information security: black hats, white hats, and grey hats. Today, the hacker hat rainbow is broadening. While the terms are not as well known or well used, newer hat colors describe other hacker traits. From green to red to blue, time will tell if these nicknames take hold.

Black, White, and Grey Hats

A Black Hat hacker is someone who maliciously searches for and exploits vulnerabilities in computer systems or networks, often using malware and other hacking techniques to do harm. These stereotypical hackers often break laws as part of their hacking exploits, infiltrating victims’ networks [either] for monetary gain, to steal or destroy data, to disrupt systems, to conduct cyber espionage, or just to have fun.

On the other end of the spectrum, a White Hat hacker is a security specialist hired to find vulnerabilities in software, hardware, and networks that black hats may find and target. Unlike black hats, white hats only hack networks when legally permitted to do so. Also known as ethical hackers, white hats disclose all vulnerabilities to their employers. White hats will also disclose the vulnerability to the vendor whose hardware or software is affected so it may patch other customers’ systems. 

Because things are never black and white, enter the Grey Hat hacker. A fusion of black and white, grey hats exploit security vulnerabilities without malicious intent, like white hats, but may use illegal methods to find flaws. They may even release the vulnerabilities to the public or sell details about them for a profit like a black hat would. Grey hat hackers also often hack without the target’s permission or knowledge. 

Green, Blue, and Red Hats

Over the years, people have attempted to paint the hat moniker other colors to describe different types of hackers. Rounding out the rainbow are green, blue, and red hats.

Green Hat describes hacker wannabes who, though they lack technical hacking skills and education, are eager to learn the tricks of the trade. ***Their motivation may be for money, fame, revenge, or simply the challenge of learning a new skill. Don’t be surprised if that bored teenager isn’t just playing video games in the basement.   

A Blue Hat is defined as a hacker seeking revenge. Blue hat hackers are also wannabe hackers like green hats, but vengeance is blue hat hackers’ only motivation — they have no desire to hone their hacking skills [long term].

Red Hat hackers have been characterized as vigilantes. Like white hats, red hats seek to disarm black hats, but the two groups’ methodologies are significantly different. Rather than hand a black hat over to the authorities, red hats will launch aggressive attacks against them to bring them down, often destroying the black hat’s computer and resources.”

Without further ado let’s move on to The Most Bizarre Cyber Attacks of 2022…

7 Weird & (Not So) Wonderful Cyber Attacks

According to an amusing article by justcybersecurity.co.uk, they wrote, “Cyber attacks have now well and truly joined the ranks of “just another risk to deal with in business”. They are no longer an exception to the norm, the threat they pose is the norm.

Though there are too many humdrum, workaday threats doing the rounds to count, there are also some rather entertaining, oddball cyber stories out there too. So, let’s shake off the drudgery of the usual digital woes and explore some more off-the-wall cyber attacks – old and new; “good” and evil; intelligent to just plain dumb.

1. The Hacker Whose Fingerprints Preceded Them

A would-be cyber criminal did the number one thing that ties someone to the scene of a crime – leaving clear fingerprints behind. However, this bumbling hacker managed to do so digitally. Yes, they uploaded their own fingerprints to the scene of a crime they were trying to commit. You can’t make it up.

Darktrace AI, an autonomous cybersecurity AI, detected a hack that took place at what is only being described as a “luxury goods business” by the media. The company had installed fingerprint scanners at their warehouses to reduce the risk of theft. Which is smart – keys can be lost and PIN-number locks can be easily foiled, so using biometric authentication is a step in the right direction.

However, in order to gain access to a system that authenticates people by their fingerprints, the system has to have people’s fingerprints on file. So, after discovering a vulnerability in one of the scanners, our bumbling hacker did what seemed like a natural next step (to them, at least): they uploaded their own fingerprints in order to try and gain physical access.

Thankfully, Darktrace identified that the scanner was acting strangely within moments. It sounded the alarm to the company’s IT security boffins who handed over the fingerprints, clear as day, to law enforcement.

2. Ransomware That Demands Acts of Kindness

“Hacktivism” is nothing new. Using cybercrime tactics to enact political or social activism has been around since at least the mid-90s when the term was first coined. In more recent years, you’ve most likely heard of worldwide hacktivist groups like Anonymous, Lulzsec, and even the recent (and governmentally endorsed) IT Army of Ukraine.

Hacktivists usually focus on disrupting crucial IT infrastructure, defacing digital assets, or breaching data that shows the target organization’s immorality or malpractice. However, the anonymous (with a lowercase “a”) attackers in this story are taking a different route.

Instead of the usual strains of ransomware that demand crypto payments in exchange for access to encrypted or blocked IT assets, GoodWill ransomware encourages the victim to carry out a series of charitable acts to regain access to their systems.

Nobody with a good heart could argue with the specific acts themselves: donating clothes and blankets to the homeless, feeding children from underprivileged backgrounds, and helping the sick with their medical costs.

However, the fact that you are required to document the acts on your phone, taking photos and videos of complete strangers (including children) and posting them to social media could contravene privacy laws depending on where you are in the world. 

The ransomware also requests that victims gather 5 random children from off the street and take them out to eat. There are countless ways to be charitable that don’t run the risk of kidnapping charges!

3. A Phone Charging Cable That Can Hack You

We’ve all been there – our phone displays the “battery critically low” notification just as we need it to stay in the land of the living for just a few more minutes. If you’re in an office or co-working space, you might be tempted to ask to borrow someone’s charger – you may even find one lying around. However, be cautious.

There are cables out there that are designed to look just like genuine Samsung or Apple chargers but actually have a cyber-sting in their tail. Hak5’s O.MG range of ethical pentesting products are designed to look like innocuous cables and devices, but when they’re plugged in, they create a WiFi network that enables the hacker to keylog their target, issue commands on the target device, and even detect WiFi networks around it.

Obviously, the products sold by Hak5 are all strictly intended for use by those on the right side of the law – chiefly ethical hackers and law enforcement. But they present a very stark feasibility study: that hacking someone through a dodgy phone cable or mystery dongle is very much possible. The devices themselves can even monitor the networks around them and silently “self-destruct” if needed.

4. “Gizza Job – or Else”

How do you go about getting an IT job at a global hotel chain? Normal folk would probably give answers like “make sure your CV is exceptional”, others may say “practice your interview skills”, and others may say “interact with the relevant people on LinkedIn”. All great answers.

However, the job-seeker in our story turned to cyber-blackmail. 

He sent an infected email to numerous employees at the Marriott Hotels chain that allowed him to steal swathes of confidential and financial information from across the chain’s whole network. He then threatened to release this information unless he was given a job on Marriott’s IT team.

Marriott informed US law enforcement, and together they laid a trap. A Secret Service agent posed as a Marriott HR team member, discussing a job proposition with the “candidate”. They set up a sting operation (on the pretense of a job interview) to get the hacker on-site, and asked him all about the hack which he told them gladly.

He left in handcuffs and didn’t have to worry about finding a job again for another 30 months.

5. “This Hack’s Really Underground, You’ve Probably Never Heard of It” 

Moral victories don’t come very often in the world of cyber security. Yet when indie rock royalty suffered a cyber attack, they dealt with it flawlessly.

Hackers got their hands on a trove of unreleased material from mopey legends Radiohead, demanding a ransom of $150,000 in exchange for keeping it under wraps.

The band’s guitarist Jonny Greenwood stated on Facebook that the hacked material comprised a MiniDisk archive of unreleased tracks from the band’s late 90s heyday. (Crikey, anyone here remember MiniDisks?!)

Rather than paying the ransom, the band did something that the hackers were probably not expecting. They released an album called “Minidisks [Hacked]” and made it temporarily available through Bandcamp.

Greenwood’s characteristically sardonic post read “Instead of complaining – much – or ignoring it, we’re releasing all 18 hours on Bandcamp in aid of Extinction Rebellion. So, for £18 you can find out if we should have paid that ransom.”

6. The New Hottest Impersonator Around: Artificial Intelligence

Skilled impersonators have graced our screens for years, but human impersonators beware – there’s a new mimic in town! 

In 2019, hackers used highly advanced AI software to impersonate an executive’s voice and made off with €220,000 in the process.

Artificial intelligence was used to mimic a C-Suite boss at a German company who then made a call to a CEO at a British subsidiary. The recipient of the call didn’t suspect a thing when the German exec – effectively his boss – requested that he make the urgent payment to a Hungarian supplier.

The UK CEO reportedly recognized “his boss’s slight German accent and the melody of his voice on the phone”. Scary stuff.

7. IoT Leaves Casino in Hot Water

Hackers exploited a vulnerability in a North American casino’s internet-enabled aquarium thermostat to exfiltrate 10 GB of data to a mystery server in Finland using protocols usually reserved for media streaming. Our jury’s still out on why something like this needs to be internet-enabled in the first place.

We advise that all internet-connected devices be vetted for vulnerabilities before installation. We’d also give a device like this a bit of a sense-check: sure, temperature, salinity, and feeding can and should be automated for the good of the animals… but do those controls really need to be online? 

Cyber nasties can come at you from all angles, whether it’s from a highly sophisticated cabal of criminals, a bumbling would-be hacker, or even a desperate job hunter! Hopefully these weird and wonderful stories will help you avoid some of the more unusual cyber attacks out there.”

6 More Weird Security Stories of 2022

According to a mind-bending article by Malwarebytes, they wrote, “There’s been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches.

Whether we’re talking social media, email, or even malware, there’s been a mind-bending tale of tall behaviour in almost every corner. It’s time to forget about nation-state attacks and the nagging sensation that every single piece of data ever created has ended up on a TOR site somewhere.

For one brief moment in time, we’re going to wallow in weirdness.

419 scams in Space

There are not many individual scams that can put “18 years and counting” on their resume. However, what we have here is something very odd and very special. Way back in 2004, a spam email claimed that assistance was needed for a lost astronaut. Supposedly trapped on a top-secret Soviet space station, the astronaut’s cousin implored recipients to help bring the missing astronaut home. Of course, this was tied into a nonsensical scam about recovering lots of lost money should he be brought safely back.

So yes, it’s weird…but it’s just a one off. Right?

Well, no. Turns out this baffling attempt at parting people from their money would come back around every so often. To be more precise, 2010, 2016, and now 2022 with a whole new astronaut to recover. This feels like less of a final frontier and more of a never ending, he’ll be back again in a few years frontier. See you in 2026?

A dance-off of destruction

If you’ve ever wondered how certain people give off bad vibes, you’ll be one step closer to understanding how other types of bad vibes stand a chance of destroying your hard drive. If you happened to be one of the few people running a certain type of OEM hard drive on a Windows XP desktop, Janet Jackson was someone to avoid.

How so? Because the video for Rhythm Nation matched a resonant frequency identical to those hard drives. When the two clashed, there would be only one winner and it wasn’t the hard drive.

Amazingly, it was possible to crash a second device in the same room while playing the video on the first. Even Michael wasn’t able to pull something like that off.

Monkeying around with digital artists

Apes! NFTs! Cyberpunk! Wait, what?

In May, artists offering their wares on several platforms were approached by individuals claiming to represent the “Cyberpunk Ape Executives”, because of course they were. The “executives” claimed to have wonderful ape-related NFT projects waiting in the wings. $200 to $350 per day is not an untidy sum for artists, many of who may not pull in anything close to that from commissions.

Sadly, it was all a large ape-shaped lie. The supposed promo zip for the project contained a number of ape pictures and an infostealer. While there was no direct evidence of account theft from the malware file, numerous accounts caught out by this attack were indeed compromised. Whether those compromises specifically were via some additional form of social engineering, we’ll likely never know.

Invisible ads for thee but not for me

You might think that adverts designed not to be seen sound like some sort of wonderful utopia. Finally, you can set down your ad blockers and your beacon trackers and presumably wander into the woods a free person.

However, you might miss the ads in the woods, but the people watching you walk around will see ads galore. Amazon decided to trial ad technology which displays ads in Twitch streams, but the ads are only visible to certain people. If you’re the player, you won’t see them. If you’re watching the stream, you will.

Given how hard game developers work to ensure players are often funneled into locations where they see ads, this all sounds somewhat counterintuitive. You’re not only trying to drag a player to a place where an ad exists, but also draw them towards the nice shiny ad in the first place. 

This may well turn out to be a case of Amazon seeing how well we’ve trained players to follow the trail of digital breadcrumbs. Will they gravitate towards ads while not being able to see them? Or wander off in all the wrong places, much to the frustration of the ad teams? Only time will tell.

Mark Ruffalo deepfake smashes life savings

“Mark Ruffalo deepfake romance scam”. What a sentence. What a world. One of the biggest questions about this whole endeavour is “Why Mark Ruffalo”? He seems nice enough, but why did a scammer sit down and decide to use the Hulk actor specifically as bait for this romance scam? Was deepfake Chris Evans not available?

What we do know is that a well-known Manga artist was tricked into handing over large amounts of money at the behest of a deepfake Mark Ruffalo. A video call lasting just half a minute was enough to convince Chikae Ide to part with roughly half a million dollars in return for deepfake Mark Ruffalo’s undying love. 

A carnival of fake cricket

In what may perhaps be the oddest story of this year, a small village became the stage for a fake cricket gambling operation, complete with live streams of the fake cricket games, a commentator used who sounds like an actual syndicated cricket commentator, and even fake crowd cheers piped in through speakers as the games went on.

The bogus operation hit 47 videos and 49k views on its YouTube channel before law enforcement broke up the operation.

There really is no limit to how far some people will go to turn a quick bit of profit.

We can only hope that 2023 is slightly more sensible, with significantly fewer scams and technical oddities. No more fake movie stars, an end to lost astronauts, and most definitely an End of Line for hard drives vibrating themselves into the digital afterlife.” 

The 6 Most Unusual Types of Cyber Attacks of 2022

In an article by Boston Technology Consulting, they wrote, “While organizations build a strong defence against traditional cyber-attacks like phishing, more and more cybercriminals are using sophisticated new tricks for the attack. Hence the need for modern approaches to combat these forces is vital.

1. Cloud Data Attacks

According to IBM, cloud vulnerabilities have increased 150% in the last 5 years. Post-pandemic, most organizations have moved their data to the cloud. Hackers are trying to attack cloud systems through compromised cloud user credentials.

Cybercriminals can send phishing emails, add or delete users, infect computing systems with malware, and also go to the extent of accessing stored credit card details.

Utilizing various methods like cloud security tools, 2-step-authentication, and granting the lowest possible privilege to every user, can help mitigate the cloud threats.  

2. Attack over Secured Radio Transmission

 Hackers have now become a headache to police officials; as seen in some robbery cases, they can pirate the radio transmission that is dedicated to police customary, act as police officers and disturb the flow of communication with actual officers resulting in the misleading of criminal cases.

3. Hacking Hotel Lock Systems

This can be named the most unique and unusual modern cyber-attack. The cybercriminals hack the smart lock systems of sophisticated doors with their code and demand hefty amounts of ransomware to remove the locks. The victims here are the guests who will be locked inside the hotel room without their luggage. As a result, many hotels turn to traditional locking systems. 

4. Mobile Vulnerabilities

As the use of smartphones is skyrocketing these days, modern attacks on mobile operating systems are rising day by day. Security breaches like data leakage, phishing, spyware attacks, and many more threats can be seen in this area. This approach can threaten the sensitive and confidential data of thousands of users.

5. Hacking City Alarms

Cybercriminals hacked Dallas city alarms that are meant to ring in the most emergency cases. The alarms were designed to warn the city about natural disasters like storms, tornados, and earthquakes. The sirens didn’t alert one natural calamity since the hackers had set off all 156 alarm systems!

6. Internet of Things

Today, every smart device is interconnected and exchanges data. IoT has become the primary target for hackers to infiltrate malware in the network. According to Symantec, IoT devices have 5,200 cyberattacks per month. Some of the IoT devices that are vulnerable to cyber threats include smart security cameras, smart TVs, smart homes, smart bulbs, speakers and printers, etc.

One such IoT threat incident was recorded when cybercriminals hacked smart TVs and changed channels and controlled volumes. Cybercriminals can also stalk users’ day to day activities through microphones and cameras.

Conclusion

A rise in remote work and the use of smart devices through IoT has paved the path for cybercriminals to attempt cyberattacks diligently. Not just businesses are affected but a whole country can be at threat if the right measures aren’t taken.

Outlining new rules and policies and training resources to combat uncommon cyber security attacks is very much essential for every organization.”

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives