Cape Seguridad, Episode One - Zero-Day Threats

We’ve taken it upon ourselves to change tack a little bit and approach some of our warnings against cybersecurity issues a little differently… namely, by using the format of a daytime soap opera. We hope these occasional blogs will help contextualize how dangerous such threats can be. As such, we encourage you to picture the following in the most melodramatic tone possible, while also remembering how serious these issues are in real life.

For decades, the quiet city of Oak Falls has enjoyed a largely peaceful time, hearing the relaxing waves that lap against the nearby coastline. However, new waves are now being created, with cybersecurity threats emerging every day. Come with us and observe how these threats make life more difficult for those who live and love at Cape Seguridad.

Max Cooper inhaled deeply as he prepared for his usual morning rush, the time each day when his regulars would swarm his cafe—Toasty Beans—looking for their morning pick-me-ups and pastries before they wandered to their respective workplaces and offices. Today would be extra crazy, as it was the first day he would use a new online ordering platform.

Despite the stress that the new system was sure to cause, Max was excited about the prospect. With any luck, he could take more orders from his customers and invest in improving his menu to suit the diverse tastes of his loyal patrons.

Bracing himself for a busy day, Max took a deep breath and activated the online ordering system for the first time, posting his announcement and a link to his ordering system on social media. He braced himself for an influx of orders, logging into his administrator account and switching the system on. He couldn’t help but notice that the portal looked slightly different from what he remembered.

“Hmm,” he said to himself. “Looks like they updated things.”

Confident, he switched on the main lights of his little coffee shop and flipped his trusty cardstock sign to signify he was open for business.

After some time, Max served his first online customer. Paloma Cortez, one of his regulars, walked in with a big smile on her face. She held up her phone, gently shaking it over her head.

“Max! I sent in my order!”

Max grinned back, handing Dr. Lukas his usual drink—a cappuccino, but with a mix of steamed oat milk and frothed almond milk, sprinkled with a mix of extra dark cocoa powder and cinnamon. Dr. Lukas smiled, lifting the beverage in a small toast to Max, and left with a big smile on his face.

Paloma stepped forward to take the doctor’s place, presenting Max with her order confirmation. “Good morning, Max! I decided to try your new ordering system out!”

Max grinned, placing a slice of his famous chocolate chip coffee cake on a small plate and handing it to Paloma. He turned and retrieved the beverage he had prepared for her.

“Decided to switch it up, eh? You normally get a latte with praline syrup… what inspired the change?”

Paloma looked at him quizzically as she lifted her cup to her lips. “What change?” She took a sip and couldn’t help but recoil with a disapproving look. She immediately looked sorry, but still couldn’t hide her shock at what she had tasted.

“Ugh…Max, what is this?”

Max, for his part, looked shocked.

“A flat white with a pump of lavender syrup. Isn’t that what you ordered?”

“No, I ordered my usual, the latte with praline. Why did you give me that?”

Max’s shock turned to confusion. He referred back to his order history.

“That’s so strange… your order came in as a flat white with two pumps of lavender syrup. Unless I read something wrong…”

Paloma stood there, awkwardly holding the offending coffee as Max trailed off. He snapped back after a moment.

“I’m so sorry about that, Paloma. Let me get you the right drink. No charge for that one, I’ll process the refund for you, just let me make a note.”

Paloma nodded appreciatively. “Thanks, Max, I’m sorry.”

Max shook his head. “No need to apologize, at all. There are bound to be some hiccups at first; it’s a new system. Here, this should be better.” He passed a fresh cup over to his regular.

She took a sip and smiled. “Much better.”

After Paloma left, Max continued receiving orders through this new system. While it worked quickly and seemed really simple to use, the issues began to pile up. Some orders came in with incorrect names, some were missing items, and others were just incorrect, like Paloma’s had been. Max struggled through the morning, rushing to correct the many mistakes his new system had let through.

Finally, he reached the time that he had scheduled to close for a lunch break. Instead of eating, however, he decided to dig into his new system’s settings to do a bit of troubleshooting. Strangely, he saw nothing out of the ordinary.

“What’s going on?” He asked himself, staring at his screen. With his frustration mounting, Max decided to reach out to customer support and find out what was going on.

As the customer support’s hold music played over the line, Max decided to do a bit of digging on his own. Logging into the manufacturer’s website, he quickly found news that sent his heart plummeting into his stomach: there had been a security breach, only discovered after other customers had complained about similar issues.

Reading the announcement, Max felt sweat form at the back of his neck. It seemed as though the online ordering system had been compromised. He read how the vendor had discovered something called a zero-day vulnerability, and as a result, learned that an attacker could have—and had—infiltrated the platform and stolen all the data it processed.

It appeared that the attacker was able to edit the login page to steal user credentials and, from there, wreak havoc on the settings the business had established, changing where payments were directed, altering orders, and outright rejecting some orders altogether.

An operator on the other end of the line picked up.

“Hello, how can I help you?”

Max could hear the stress buried under the customer service voice the operator had put on.

“Hi, um, yeah, I seem to be having issues with my point-of-...”

The voice cut him off there, confirming that yes, his issue was the result of the issue he had learned about online. Max listened carefully, only growing more anxious as the operator explained.

“Ah, yes. I take it I’m speaking to a Max Cooper?”

“Yes. My POS has been acting up all day, particularly where my online orders are involved.”

“I understand. Max, do you know what a zero-day attack is?”

Max, despite being on the phone, shook his head in response. “No, I saw something about that, but I wasn’t sure what it was talking about? Is that some new virus or something?”

“Not exactly.” Max heard the agent take in a deep breath. “A lot of vulnerabilities—the things that let attacks and stuff like that happen—are generally found by the good guys. The developers of an app, for instance, may realize they made a mistake. When this happens, it’s no big deal. They figure out how to fix it, send out an update, and everyone is all good.

“Sometimes, though, one of the bad guys finds a vulnerability first, and starts using it. This is a zero-day threat… something the good guys have had zero days to try to fix before it’s being exploited. Does that make sense?”

Max rubbed his brow. “I think so, yeah. So it wasn’t anything I did?”

“Not at all. However, I’ll pop in and shut off your system for you so you don’t get any more orders. We’ll reach out once a fix is in place. In the meantime, I recommend that you start calling some of your customers and let them know to keep an eye out for any issues. It’s pretty much guaranteed that they’ve all had their data breached.”

“Yes, yes, I understand… okay, I have to go.”

Max pressed the button to end the call. The rest of his day was spent reaching out to anyone whose contact information he had, to apologize and let them know that he would do everything possible to minimize the damage. While many of his customers were understanding, acknowledging that this simply wasn’t Max’s fault, some still held him personally accountable and started yelling over the phone.

Once everyone had been reached, Max stared blankly at the countertop before him. He placed his hands on the cool surface, lost in thought. So many memories had been made here at Toasty Beans over the years, from first dates to proposals to anniversaries. Just the other day, he witnessed two estranged twins make up over coffee after one of them was hypnotised into being evil. He half-smiled wistfully as the images passed through his head, despite himself.

Toasty Beans, he feared, was toast. Between the losses he had to eat over the morning and the fact that he anticipated one or two lawsuits to come of this mess, he didn’t expect his little cafe to survive… never mind the fact that he doubted anyone would ever trust him again.

TO BE CONTINUED…

***

Don’t miss the next installment of Cape Seguridad for a view into the events of Oak Falls and its residents’ lives. Will Max figure out how to save Toasty Beans? Will Fletcher Bishop manage to reconcile with his chatbot? For now, we must wait and see…

Cape Seguridad is brought to you in part by The Connection, Inc, one of the premier options in New Jersey for business IT services and support. Find out what they can do for you by calling (732) 291-5938 today.