From Wingdings to Warfare: Inside the Wildest Cybersecurity Stories
Introduction
In this episode of Breaking Badness, we explore two fascinating cybersecurity stories. First, we delve into the unusual case of an ex-Disney employee who hacked menu systems, creating chaos in the happiest place on Earth. Next, we discuss Sophos’ five-year-long battle with a determined group of attackers targeting their firewalls. Tune in as we break down the insider threat at Disney, the lessons learned from Sophos’ transparency, and what it all means for the future of cybersecurity. Plus, don’t miss our signature Gold, Guidance, and Grievances segment for unique insights and takeaways.
Hacks in the Happiest Place and Firewall Faceoffs
In this week’s episode of Breaking Badness, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce bring us two captivating cybersecurity stories. From the case of an ex-Disney employee wreaking havoc on restaurant menus to Sophos’s years-long battle against sophisticated attackers, the episode covers insider threats, organizational transparency, and lessons for cybersecurity professionals.
“Get Things Dole Whipped Into Shape” – The Disney Insider Threat
The first story takes us to the happiest place on Earth, where an ex-employee of “Company A” (widely understood to be Disney) was charged under the Computer Fraud and Abuse Act (CFAA). After being laid off, this former menu manager allegedly:
- Changed fonts on digital menus to Wingdings, rendering them unreadable.
- Altered allergen information on menus, posing a potential health risk.
- Tampered with QR codes to redirect users to hacktivist websites.
- Launched denial-of-service attacks on company accounts.
Insider threats often exploit retained credentials or backdoor access, highlighting the importance of robust offboarding procedures. As Taylor aptly noted: “Insider threats start from third base and run home.”
Prevention Strategies:
Organizations must:
- Immediately revoke access to systems for terminated employees.
- Regularly audit systems for backdoor accounts or shadow IT.
- Collaborate with third-party vendors to ensure shared systems are secured.
For further reading, check out the below resource:
Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices
“To the Window, to the Firewall” – Sophos’ Five-Year Cyber Battle
In a stark contrast to the Disney case, the episode dives into a five-year-long cat-and-mouse game between Sophos and advanced persistent threat (APT) groups. Key highlights include:
- Sophos’ acquisition of Cyberoam, which brought inherited vulnerabilities to their firewalls.
- Attackers using sophisticated tools like rootkits and SQL injections, culminating in the Asnarök malware campaign.
- APT actors exploiting exposed WAN-side management interfaces.
- Sophos’ innovative telemetry implant to track attacker behavior, narrowing attribution to a threat actor operating out of Chengdu, China.
“If your management interfaces are open to the Internet, someone’s banging on that door all the time.” – Tim Helming
Sophos set an example of transparency, sharing detailed reports on the vulnerabilities and their remediation. As Tim remarked – “There are two kinds of companies: those who know they’ve been attacked, and those who don’t know it yet.”
For a deeper dive, check out Sophos’ full incident report.
From the quirks of insider threats to the complexities of defending against APT groups, this episode underscores the evolving nature of cybersecurity challenges.
Join us next week for another insightful discussion on Breaking Badness!
Watch on YouTube
That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
