2021 witnessed some devasting cybersecurity attacks on numerous brands worldwide. Unfortunately, 2022 is no different.
As Ransomware attacks continue from where they left off, and even more sophisticated attacks such as Drone Intrusions, Cryptocurrency thefts, attacks on industries, and many more are the key highlights of the year.
To add insult to injury resulting from global inflation and enormous energy costs, data breaches have escalated to mount Everest’s height in 2022.
According to IBM’s 2022 cost of a data breach report, this figure has hit a shocking US$4.35 million.
This article will give insight into 15 of these biggest cybersecurity attacks in 2022. So, without further ado, let’s explore them in detail.
According to Mandiant, a leading Cybersecurity firm claims that a spy agency working on behalf of the Chinese Government has launched this attack on the networks of six state government systems.
This agency, known as APT41, initially attacked between May 2021 and February this year.
APT41 started manipulating software flaws in these state government firms and gained entry into their network. Furthermore, APT41 also took advantage of the organizations’ vulnerabilities that researchers made publically available.
Mandiant asserts that the motives behind this attack are unclear, and the company remains undeterred by this charge.
In September 2020, Chinese nationals who belong to APT41 were also arrested for computer intrusions involving significant firms in the US and abroad.
Russia has targeted Ukrainian infrastructure, including banking, power grids, and internet facilities, for a certain period. It has also manipulated election results, released violent malware, and stolen data across organizations vital to Ukraine.
With the outbreak of the war in February 2022, Ukraine escalated its resistance as Russia Struggled to quest for support for the war. Thus it was Ukraine’s turn for revenge, and it created a volunteer IT army at the commencement of the war.
This IT army attacked crucial Russian websites through DDoS (Distributed Denial of Service) attacks, causing chaos and data breaches. They used Malware attacks, too, causing severe data breaches and financial losses.
Again, the hotel Marriott in the UK suffered a data breach after its initial breach in 2014. On that occasion, hackers stole 340 million guest records, and the Mariot didn’t realize it until September 2018.
It also resulted in a £14.4m fine by the UK Information Commissioner’s Office.
In January 2022, hackers stole 20 gigabytes of sensitive data, including customers’ credit card information. Interestingly, hackers have used social engineering attacks to lure an employee into providing access to this employee’s computer.
The group that took responsibility for the attack claims that they have acquired the credit card information of guests and employees of Marriot.
This group has presented samples of breach data to Databreach.net, including reservation log files of crew members and credit card details used for booking.
However, the hotel has a different story stating that the information the hackers stole was irrelevant to the business.
The hotel has also declined to answer the question posed by the media on the defense techniques they implement to preserve their data.
Investigations are underway at the time of writing.
Many consider cryptocurrency safe, but you may feel otherwise after hearing about this theft in which the Blockchain company Ronin lost almost $615 million worth of cryptocurrency this March.
The Ronin provides the Axie infinity game that enables its players to earn money when they play as the network is connected to decentralized finance or Defi.
Hackers attacked Ronin’s network blockchain bridge, which enables users to transfer their digital acquisitions from one crypto network to another.
Hence the company lost 173,600 Ethereum cryptocurrency and 25.5 million USDC in just two transactions by hackers.
The Block website reports that hackers use Phishing techniques with fake LinkedIn job offers. According to the same webpage, the North Korean group Lazarus was responsible for the attack.
Currently, the game’s developers are transferring the lost money in Ethereum back to their exchangers.
For some time, there have been talks about using drones for Cyber intrusions. According to a tweet by a prominent security researcher Greg Linares recently, an anonymous financial company discovered odd behavior on its internal confluence network.
They encountered a malicious device connected to their WiFi network. The Signal trackers led them to the roof of their building, where there were two drones.
These two drones were as follows:
They suspected a potential WiFi spoofing attack had gained entry into the internal network by acquiring internal credentials.
However, according to Linares, the security team of this company identified the threat and minimized a disaster. In the meantime, drones crashed while attempting to flee from the building premises.
Later Linares claims that the attackers target the network due to the recent changes in the company’s setup, including a new network setup in a new building.
Two leading steel companies in Iran halted their production after Cyberattacks on them on 27th June this year.
One of the victims, Khuzestan Steel Company, is a state-owned and leading provider of steel in the country.
Due to the attack, one of its machines malfunctioned and sprayed molten steel and flames across the industrial floor. The other victim was Moborakeh Steel company.
A Hacking gang called Gonjeshke Darande, which has links with Isreal, posted a video on Twitter claiming responsibility for the attacks.
The primary reason they have stated for the attack is that despite these companies being subject to international boycotts, they continue to function under restrictions.
They further stated that their objective is to protect innocent civilians from the oppressive Iranian regime.
On the other hand, Khuzestan Steel Company had reported to the local media that the damage’s impact was not so severe as the hackers executed at a time when the plant’s operations were non-functional due to the power cut of the attack.
This August, threat actors attacked a leading UK software company, an Advanced managed service provider (MSP), with Ransomware.
This company operates software for the Uk’s health sector, including UK National Health Service (NHS) and many other prominent businesses.
As a result of this attack, it disrupted the primary emergency health services throughout the UK, including NHS, affecting more than 25,000 health customers.
For assistance with screening and investigations, MSP has called upon Microsoft and Mandiant.
Also, in the US, threat actors have attacked another MSP service provider NetStandard with Ransomeware, which caused a shutdown of its MyAppsAnywhere cloud services.
MSP has become a good target for Ransomware attacks as they manage data and software of numerous lucrative businesses.
In September, a teenager gained access to Uber’s internal network by using MFA (Multi-Factor Authentication) attack. With these attacks, the attacker bombards the victim’s authentication requests via mobile phones.
Initially, a victim refuses as the requests emerge from unknown people.
However, in this situation, the attacker first used a social engineering attack by gaining the Whatsapp number of the Uber employee.
Henceforth, the attacker claimed that he was from Uber IT services demanding the employee accept the auth request, and failure to do so would keep them coming. Ultimately the employee got fed up after subsequent requests, and he obliged.
Afterward, the attacker used his device to alter the MFA. From then onwards, the attacker gained access to the company VPN and began looking around for valuable information.
He quickly discovered a Powershell script with administrator login information for the business’s Thycotic privileged access management (PAM) platform.
All necessary credentials were accessible from this point. Given that the attacker appears to have done it out of curiosity rather than for financial gain or another harmful mischief, Uber is fortunate in this fiasco.
A threat actor in Vietnam by the phony name TeaPea attempted to access InterContinental Hotels’ (IHG) database at the commencement of September for a Ransomware attack.
IHG initially blocked these attempts, after which TeaPea turned to plan B and erased a significant portion of internal data, which the hackers described as “having some fun” as it was carried out just for fun.
However, this breach took the booking system of the hotels offline for the entire IHG network, crippling internal communications.
The primary security loop that contributed to this attack was the Database’s weaker password, ‘Qwerty1234’.
Afterward, when the media interviewed the hackers, they said they didn’t regret the act and preferred having a legal job over a wage of $300. Further, the hackers say that their actions won’t hurt the company much.
In April this year, a famous Russian affiliated Cyber gang called Conti caused significant upheavals in financial operations throughout Costa Rica.
They broke into the Ministry of Finance and decimated Costa Rica’s import and export industry. It was the first ransomware attack to result in a national emergency declaration.
The Social Security Fund was the target of the second attack string in late May. The victim suspects Conti because Hive Ransomewre was used for this attack, which was linked to Conti for its initial release.
It’s clear that Conti employs such strange activities as they try to reinvent themselves. Also, they fear Russia’s sanctions due to the Ukraine war.
On September 3rd this year, hackers broke into Russia’s favorite Taxi company Yandex and sent them to the same location resulting in a massive traffic jam.
IT Company Yandex, similar to Google, operates the Russian Yandex taxi service.
Cyber experts claim that the hackers bypassed Yandex’s security system and directed the drivers to drive into the same location, Kutuzovsky Prospekt, a primary road in Moscow. It’s where the hotel Ukraine is located.
An unidentified hacking group called Anonymous tweeted on their anonymous TV page that they were responsible for the attack while not stating any reasons.
Akasa, India’s latest airline, has announced that hackers have gained assess to the sensitive personal data of passengers by breaking into their security system on 25th August.
These sensitive data include name, gender, email addresses, and phone numbers.
A technical officer from Akasa Airlines has announced that this security breach was due to an HTTP request generating these customer data in JSO format n the customer log-in and sign-up process.
The technical team has fixed this issue and reports that the hackers could not access their customers’ payment details.
One of the most significant Malware attacks occurred in January this year, where threat actors gained access to more than 60 global red cross and crescent agencies.
Since this was an attack against a non-profit organization, the attack’s motive was questionable. Later the investigations revealed that the motive was to gather data on war refugees and displaced people due to immigration, war, and other natural disasters.
Furthermore, the issue’s real cause was a third-party vulnerability. As per the Red Cross, the third party had scheduled anti-malware updates in rotation to provide the patching process.
However, a late patch in one of the authentication modules enabled threat actors to exploit a security flaw. Then the intruders installed web shells allowing them to access registries, compromise administrator credentials and develop harmful security tools.
They disguised themselves as genuine users and then stole users’ data.
OpenSea in New York, USA, which people consider the world’s leading NFT Marketplace, suffered phishing attacks by hackers in June this year.
The malicious actor was able to phish out a sizeable amount of Ethereum (ETH) in less than three hours by taking advantage of the company’s announcement regarding the transfer to a new contract system.
One of the workers of a third party, email delivery vendor Customer.io, used the company’s email address list in the attack.
Then this user approached 32 platforms by showing contracts to the employees that they needed to sign. Of the 32 employees, 17 provided their signatures which led the company to lose money in Cryptocurrency.
The company is yet to disclose the complete details of the attack.
Fast company is a business publication whose audience reads and experiences harsh reader correspondence.
It is due to a hacker called “Thrax,” who gained access to Fast’s CMS ( Content Management System) and caused havoc (posting racist remarks and using offensive language to its readers) after boasting online about how easy it is to crack the Fast CMS.
Thrax also gained administrator privileges to various company assets, such as Apple News API keys, Auth0 tokens, Amazon SES secrets, and employees’ personally identifiable information.
The experts claim that the primary cause of the attack was weak passwords.
Now it’s clear some attacks, including Social Engineering attacks, do occur due to users’ negligence, while others occur because of mediocre passwords that are easy to guess.
On the other hand, some other attacks are out of your control, mainly when there are loopholes in the source code.
However, if you follow best security practices, you can avoid most attacks. So below, we have included some FAQs to assist you in staying away from cyberattacks.
In a nutshell, social engineering attack includes tempting users or employees to commit a security mistake so that a hacker can gain access to the internal network to launch a cyberattack.
A prominent example of a social engineering attack is the one on Uber above (point 8).
Never share your username, password, or other sensitive data with anyone, including your colleagues.
As IT administrators, they must educate the employees that, as a practice, IT technicians or administrators never request passwords or other sensitive data over the phone or online chats.
In addition, you must also use strong passwords with a combination of uppercase and lowercase passwords, along with numbers and special characters.
As a Developer, you need to ensure that there are no SQL Injections, particularly where you have to capture user input through forms. The other significant points include the following: