Cybersecurity horror stories that send chills down IT managers’ spines

Cybersecurity teams often emphasize preparedness for the “worst-case scenario.” What that entails varies from a stolen password to a backdoor breach. While human error remains among the top causes behind data breaches and system attacks, employee awareness of digital threats is a high priority for organizations to cultivate.

With Cybersecurity Awareness Month coming to a close and Halloween just around the corner, let’s examine some of the scariest business-related cybersecurity incidents that occurred this past year and see what your organization can do to avoid a horror story of its own.

The breach to end all breaches: MOAB, January 2024

2024 started off with a bang, beating the previous year’s recorded number of breached data in a single day. The breach, aptly named the Mother of All Breaches (MOAB), contained over 26 billion records—about 12 terabytes of data in total.

The timing of the MOAB made it an easy comparison to breach statistics from 2023. Throughout that year, 8.2 billion records were breached—approximately a third of MOAB’s scale.

The full scale of the data impacted by MOAB was not easy to determine due to its size. It was suspected that it was not limited to just credentials and may have included medical and banking records. The data was sourced from various social media platforms, design tools, productivity apps, and other sources, affecting individual and business users alike. Government organizations were also listed among those impacted.

The MOAB was not a singular breach but rather what is considered to be a combination of many breaches, or COMB. It contained nearly 4,000 folders, each corresponding to a different breach. Another significant COMB, containing over 3 billion unique password and email address pairs, was leaked in February 2022.

According to cybersecurity researchers, the data acquired via the MOAB could be used in various attacks and schemes, including identity theft or phishing. Although it’s unlikely all data contained within the MOAB folders was unique, the total scope is enough to pose a serious threat in the future and may have already been used in smaller attacks.

The day the world went dark: CrowdStrike, July 2024

On the morning of July 19, millions of people arrived at their offices for a business-as-usual day, only to be greeted by the blue screen of death en masse. The disruption spread far outside the office spaces into airports, hospitals, government institutions, and online services. Considered one of the largest IT outages in history, the incident was traced back to the cybersecurity firm CrowdStrike.

The culprit was a bugged update that caused Windows computers to crash and forced them into a reboot loop. Although the issue was discovered and fixed the same day, it took weeks for some systems and hardware to be fully restored. It impacted primarily devices running Windows 10 and 11 and using the Microsoft Azure cloud platform. Significantly, it almost exclusively impacted organization-run devices, while personal users were unaffected.

The CrowdStrike outage losses were estimated at around $5.4 billion, although the number may be higher considering indirect damages. It saw mass cancellations of flights and train journeys and disrupted supply chains. Some non-emergency services across the US also reported issues. In total, around 60% of Fortune 500 companies and over 8 million computers worldwide were affected.

The incident revealed the vulnerability of global security networks that was caused by faulty code rather than a direct attack. Although the outage itself did not cause any data breaches, its aftermath saw cybercriminals seizing opportunities to take advantage of the situation. Following the outage, German businesses saw spear phishing attempts to breach corporate data via fake crash reporting software.

The system-breaking job applications: More_eggs malware, August 2024

Job hunting is a scrupulous process for applicants and HR professionals alike. For the former, it’s the effort of crafting the perfect application and showcasing their best qualities. For the latter, it’s narrowing down the right candidates and sifting through thousands of CVs and portfolios. With such a load of documents to review, it can be easy to let security slip through the cracks without even realizing it.

Security oversights led to a successful spread of the More_eggs malware observed in August 2024. Those targeted would download a zipped LNK file, which, when double-clicked, would execute obfuscated commands and create a backdoor access for More_eggs to wreak havoc.

According to insights into More_eggs by Trend Micro, once activated, the malware would detect whether the infected device had admin or user privileges and then siphon credentials and other sensitive data from it.

While Trend Micro analyzed the August 2024 account, they noted that such malware has been used since at least 2017. This particular case targeted a talent search lead in the engineering sector, while a similar malware campaign a week later was aimed at an employee in the hospitality industry.

The More_eggs case revealed multiple gaps that can appear in an organization’s cybersecurity structure. The first was secure file handling practices—file formats like EXE or ZIP can be used to infect devices, and suspicious attachments require investigation before downloading or opening them. Another issue is backdoor entry defenses—specifically, whether the organization’s internal and external devices are sufficient or require reinforcement against potential malware.

Preventing cybersecurity horror scenarios in your company

Cybersecurity incidents can inflict a sense of helplessness on businesses. Sometimes, the situation is out of their hands before it’s noticed—a data breach involving stolen data from other websites, or a system outage caused by a service provider error. Nevertheless, even in the most uncontrollable situations, businesses can take steps to protect themselves and minimize potential losses.

A good way to start is by examining how they handle the most fundamental security tool—corporate passwords. Review your organization’s password policies to ensure all nooks and crannies are covered from unauthorized access attempts. To make this process simple, try NordPass.

NordPass is a top-rated password manager that enables businesses to create strong and secure centralized credential management policies. NordPass comes equipped with a vault that uses cutting-edge XChaCha20 encryption to protect passwords, passkeys, banking information, ID details, and other sensitive data.

IT managers can set up company-wide Password Policies, keep track of breaches on the dark web, and support safer login means with multi-factor authentication. Avoid the digital boogeymen and keep your business secure with NordPass.