Cyber Roundup: The Biggest Cyber Security Attacks from 2022
What makes a cyber security story count as newsworthy? Is it the amount of data stolen? The cost of the attack to the organization involved or the sophistication of attack involved? We round up some of the biggest Cyber security attacks from 2022, plus a look ahead to what we might expect to encounter in the world of cyber security in 2023.
What can we learn from 2022 Cyber Attacks?
Key Takeaways:
- Businesses, organisations, charities and even governments departments of all description and size are susceptible to cyber threats.
- Make sure your IT Security keep up with your business growth – never let business growth happen at the expense digital security.
- Detection & Prevention rather than response, should be implemented as policy for your IT Security to stay ahead of cyber-threats.
- Mobile Hacking will be more prevalent than before, ensuring proper mobile device management for remote workers and employees is essential.
7 Cyber Security Stories from 2022
- Microsoft
You might expect a company with the tech savvy and experience of Microsoft to be immune from cyber security issues, but you’d be wrong.
In October of this year, the company confirmed that they had been targeted earlier in the year by an attack which was eventually revealed to have leaked, to quote Microsoft, ‘some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services’. The data in question included names, email addresses, email content, company names and phone numbers, taken from files dating back to 2017, and was alleged to be linked to as many as 65,000 organisations in 111 countries.
- Rockstar
There is doubtless a degree of irony involved in the fact that Rockstar – the development company responsible for the creation of virtual crime behemoth GTA – found themselves being the victim of criminal activity, but that’s what happened in 2022.
In simple terms, a hacker infiltrated the Slack channel used by Rockstar for internal communications and downloaded 50 minutes of footage comprising 90 videos taken from an in-development version of forthcoming video game Grand Theft Auto 6.
At the time of the leak – September 2022 – it was assumed that the hacker would be attempting to extort Rockstar for the return of the material, but if this ever transpires it’s doubtful we’ll hear anything about it.
- Russia and Ukraine
The story of Russia’s invasion of Ukraine dominated the general news coverage throughout 2022, but the digital dimension of the conflict was one of the less publicised aspects.
Russia had been launching digital attacks on Ukraine infrastructure in the years leading up to the invasion, but once the conflict was underway the emphasis switched. Facing problems on virtually every front, the Russians found themselves being pinned back in digital terms by a Ukrainian ‘IT Army’ of volunteers, targeting Russian institutions with DDoS attacks and disruptive hacks.
The Ukrainian hackers were helped in the efforts by activists from across the globe, joining forces to subject Russia to disruptions and data breaches on a scale which no single country has ever had to face before.
- Red Cross
In January 2022, the Red Cross was subjected to a cyber-attack during which hackers targeted servers containing data linked to their Restoring Family Links services. This is an aspect of their work devoted to reconnect individuals who have been separated by things such as war, migration and other forms of violence.
The servers were taken offline, and although nobody has been positively identified as having been behind the attack, the assumption to date is that it was probably the work of a nation state.
- Utility South Staffordshire Water
In August 2022, Cambridge Water and their parent company South Staffordshire Plc were victims of a Ransomware attack, where hackers stole and leaked customer bank details to the dark web. Understandably, their customers were furious when they learned that sensitive information, such as addresses, and bank account numbers was leaked.
Cambridge Water have been investigating the issue and have since sent the customers affected letters of what to do next.
- Ronin
Ronin is a blockchain gaming platform and the cyber-attack on them offers a case study of one of the golden rules of cyber-security; never let business growth happen at the expense digital security. The incident centred upon the Ronin’s Axie Infinity game, which enabled players to win digital currency and NFTs.
As the game grew in popularity, the company took a decision to wind back some security measures in order to enable the servers to handle the growing demand. Unfortunately, letting in more customers also means you risk letting in more criminals, and between November 2021 and March 2022 that’s exactly what happened. The result was the theft of $625 million in cryptocurrency, a crime which the US Treasury Department subsequently blamed on the government of North Korea.
- FlexBooker
In terms of sheer scale the FlexBooker data breach which took place across the end of 2021 and the beginning of 2022 was one of the biggest of the year.
FlexBooker is an appointment management platform used by millions of businesses globally, and the cyber-attack in question involved an exploitation of the company’s AWS configuration.
Once on the system, the criminals installed malware which enabled them to enjoy complete control. In all, the details of more than three million users were stolen to be offered for sale, including ID information, drivers’ licenses, and passwords. In a demonstration of how damaging an attack of this kind can be, many clients responded by leaving the platform, and before too long there was talk of a class-action legal case.
- Costa Rica
Demonstrating the sheer scale of some cyber attacks, 2022 saw the entire country of Costa Rica disrupted by an attack from a cyber gang with links to Russia called Conti. In April 2022, the gang attacked the Ministry of Finance with enough success to cripple imports and exports from Costa Rica and cause a national emergency to be declared. This was the first time a ransomware attack had triggered such a dramatic response, but the criminals came back for more in May, when they targeted Costa Rica’s Social Security Fund.
Cyber Security Trends for 2023
Predicting trends in cybercrime is always tricky as, by definition, the cyber criminals always try to stay several steps ahead of those attempting to deal with the issues. These are a few of the things we can expect to see more of in 2023:
- Automotive hacking – the more automated software that manufacturers pack into digitally connected motor vehicles, the greater the temptation will be for cyber criminals to try everything from eavesdropping on passengers to taking control of self-drive vehicles.
- Mobile hacking – it doesn’t take much tech awareness to figure out that the more central the role of mobile devices in user’s lives become, the more they will be targeted. A virus or malware on a smartphone could be used to target everything from an individual’s photographs to their banking details.
- Internet of Things – the rise of the Internet of Things has been predicted for many years now, but the more interconnected our devices becomes, the more loopholes are likely to open up for cyber criminals to attempt to exploit. This is particularly true of those devices which rely on the relatively new digital architecture of the 5G network.
Stay ahead of your IT Security.
Speak to one of our experts for help with all aspects of cyber security, from email security and anti-virus protection to security awareness training and insights into the dark web.
By taking a joined up approach to protecting the digital infrastructure of your organisation, we’ll make it far less likely that you’ll find your organisation featured in an article like this in 2023.
If you’d like to know more about the cyber security solutions we offer and how we can protect your business from criminal attacks, please contact us on 0800 292 2100 or email contactus@alliancesolutions.co.uk.