Woman sleeping in bed with images of menacing identity theft possibilities projected around her

Your cybersecurity nightmare: A day of shocking online hacks

AdaptabilityCategory
8 min read
Art Martori

As long as the internet has been around, there have been bad actors looking to exploit legit users. And enough time has passed that these guys have developed all kinds of attack vectors, with an equally enormous variety of shocking online hacks.

They can hit you in places you’d never expect, using some of the wildest schemes you could ever imagine.

Effective cybersecurity means a current evaluation of all the potential risks out there, and then implementing measures to combat them. It’s critical to assemble the right tools for online security or, even better, opt for a comprehensive solution.

Understandably, it’s hard to accept there’s a baddie out there hunting for ways to get you. But, in the spirit of Cybersecurity Awareness Month (and Halloween), let’s picture an entire day where you encounter shocking online hacks in all the least expected places.

A nightmare day of shocking online hacks

Let’s imagine going about your typical day. Only this time, we’ll see what it’d be like if you kept running into some of the wildest types of exploits seen lately.

Ready to cue the spooky music?

7:45 a.m. Heading to a client’s office

You start off the day eager to get to the swanky office building where you’re meeting a potential client. Entering the place, you’re awed by the floor-to-ceiling fish tank that dominates the lobby, and you tell the worried-looking security guard how cool it is.

“Yeah, it’s pretty sweet,” she confirms. “It’s connected to the building’s network, so stuff like cleaning and feeding are handled automatically. Only thing, ever since IT finished the setup last week, our system’s been kinda buggy.

“Actually, I can’t even check you in right now. You better just go ahead.”

Little does she know, when IT configured the tank they didn’t update the default password. Hackers used the tank’s connectivity as an attack vector and are currently combing the network for valuable data.

Sounds too fishy to be true? Well, just ask the casino that had the same thing happen in 2017.

8:00 a.m. Meeting with your client’s team

You find the office, and after a round of handshakes make your way to the conference room. One of the partners missed a flight earlier, so they’ll be joining over the phone. Everyone has a seat and waits for the waylaid partner to make their appearance.

But something seems off when they call in. You notice everyone looks confused listening to the partner, who in a halting voice apologizes for being out of pocket and asks someone to email them the account number to pay your deposit.

Nobody seems convinced it’s a good idea, and with a shower of apologies, they usher you from the office. Bummer. Your proposal just got sunk by a vishing attack, where hackers used AI to cobble together snippets and mimic the voice of that missing partner.

11:00 a.m. Running errands around town

Okay… what is up with today? It’s starting to feel like some unknown force is working against you. Luckily, your schedule permits running a few much-needed errands. Unfortunately, however, your route runs through some gnarly road construction.

As you dawdle through traffic, your attention wanders to the construction signs lighting up the street. The messages they display at first are pretty standard: Merge Left. Crews At Work. Slow. Zone Fines Double.

But as traffic lurches farther along, you notice some weird stuff going on. The messages are getting downright NSFW, as are the images flashing across the signs.

Like the unsecured fish tank, someone neglected to lock down admin access to the network connecting those warning signs. Same thing happened recently in Jakarta and in Michigan.

12:30 p.m. Grabbing a quick bite to eat

Traffic (and the weird signs causing it) mercifully disappear as you pull into your favorite sandwich shop. But there’s a long line at the counter, which seems to be caused by one belligerent individual upfront.

“Whaddya mean you’re out of lactose-free gouda?” bellows a red-faced gentleman at the cashier, who desperately tries to assure him they’ve never carried it.

The dude just mutters an obscenity, turns on his heel, and stomps out of the shop, rudely brushing against every customer in line.

Well, whatever… Finally seated with your sub, you start to dig in. Maybe this is where the day turns around. But that’s when your banking app begins to buzz and chime. Someone’s been making suspicious purchases with the same card you just used to pay.

The cheese thing was just a ruse, an excuse that guy used to bump into people with an RFID scanner. These compact devices let the bad actor lift secret data from chip-enabled payment cards.

While they do highlight the importance of personal physical security, today these devices are considered less of a threat and more of an opportunity for a little FUD marketing.

3:00 p.m. Getting a cup of coffee

With the day winding down, you still need to get through your inbox. A little pick-me-up would be nice, too. Time for an espresso at a new coffee shop on the way home. You snag a table, fire up your laptop, and then navigate to the login page for their WiFi.

Something about the page seems odd, the design is sorta janky, but it’s already been a long day and you just aren’t up for another investigation. You connect to the network and get to work.

Oops.

You just connected to a pineapple router, a device made famous by shows like Mr. Robot and Silicon Valley.

Pineapple routers, which you can buy legally for around $100, can allow a bad actor to emulate a public network, executing a man-in-the-middle attack on those who connect.

While you respond to emails, a hacker seated nearby eavesdrops, noting your logins and any other personal data.

5:00 p.m. Drinking a glass of water

You’re exhausted by the time you get home, stumbling to the sink for a glass of water. But something tastes off and you spew the water back out. It’s all the work of a bored hacker with too much time on their hands.

By exploiting a remote access point of the network used by the local water facility, the hacker was able to fiddle with the chemical levels used to treat drinking water. Like a recent incident in Florida, plant staff scrambled to close the vulnerability and restored safe levels.

Still, it leaves a nasty taste in your mouth. Time to brush.

5:03 p.m. Brushing your teeth

You fire up your Bluetooth-enabled electric toothbrush and get to work. It connects to an app on your phone, using AI to gamify brushing and help you level up your technique.

The stress of the day begins to melt away as you get after all those hard-to-reach places. You’re starting to feel like a winner again.

Your creepy next-door neighbor is also rooting for you. They’ve managed to execute a bluesnarfing attack, using Bluetooth to establish another connection to the toothbrush without you knowing.

While compromising your toothbrush could be a first step toward accessing more valuable data, this attack, like many others, is motivated purely by boredom and a desire to creep on the unsuspecting.

8:00 p.m. Getting ready for bed

A day like this definitely calls for an early bedtime. You queue up an audiobook on your smart speaker, get the lights and AC just right, and dive under the sheets. The narrator’s calming drone pulls you closer and closer to a deep sleep.

Suddenly, the voice changes. Now it’s horribly distorted and the speaker is issuing explicit threats and insults. You sit bolt-upright, hit the lights, and then frantically scramble to unplug the speaker.

Looks like someone hacked the account connected to your smart speaker. While you only got a good scare, in other recent incidents the victims had connected systems like their climate control taken over.

What a day. You flop back down and try to sleep.

How do you avoid shocking online hacks?

Okay, we gotta come clean: It’s super, super unlikely all this stuff would hit you in a single day. But one of them? It just might.

There’s no guaranteed way to avoid getting hacked, but it’s not hard to make yourself a less attractive target. That starts with basics like strong login credentials and being mindful of when and where you connect.

It also helps to have the right technology, like SSL and a web application firewall, to keep away bad actors.

And it’s not only about protecting yourself. When you make it harder to be a bad actor, there are fewer of them online. Then, the internet becomes a safer place for everyone.

Happy Cybersecurity Awareness Month, y’all!

Products Used