At first glance you might be forgiven for thinking that 2022 wasn't such a bad period for cybersecurity, but the devil is in the detail...
2022 lacked attention-grabbing vulnerabilities such as Log4j. And none of the breaches were on the order of Colonial Pipeline or Kaseya.
And while Russia's war against Ukraine inevitably led to a rise in attacks, the cyber armageddon expected by many has so far failed to materialise. This is, of course, a developing story.
And yet, in spite of what didn't happen in 2022, there was so much that did.
Ransomware: the new normal
We may look back on 2022 as the year when ransomware became normalised, and evolved into a new menace – pseudo-ransomware deployed as file-destroying wiper malware, with Azov being among the most recent.
According to some figures, four-fifths of firms now believe themselves to be at risk from ransomware. And according to the FBI and the US Cybersecurity & Infrastructure Security Agency (CISA), just one ransomware gang, Cuba, claimed more than 100 victims and raked in over $60 million.
Uber, again and again
Uber's relationship with cybersecurity appears to be a particularly tempestuous one. In September, it suffered a breach in which confidential documents were stolen and a Slack server compromised. The social engineering attack appears to have exploited MFA fatigueas a key element.
Then, in December, the firm was again in the news after a threat actor called 'UberLeaks' posted data on a hacking forum – including source code – allegedly stolen from the firm. This time, the attack vector seems to have been via a third-party supplier, Teqtivity.
This was also the year that former Uber CSO Joseph Sullivan was charged with criminal offences following the alleged botched cover-up of Uber's 2016 breach. The fact that Sullivan could be facing jail time is something that is concentrating the minds of security professionals everywhere and could set a major precedent.
Good year for Lapsus$
The two attacks against Uber in 2022 have been linked by some to the Lapsus$ group, which has been exceedingly busy in spite of some notable arrests, including that of a 16 year-old in the UK. The list of victims this year included Okta, Nvidia, Samsung, T-Mobile, Microsoft and Rockstar Games.
Costa Rica hacked
It's not just organisations that are at risk. In April, Costa Rica's finance ministry fell victim to ransomware and, when it refused to pay up, the attackers effectively took 30 government agencies offline. Government workers went unpaid, online tax systems were unusable, healthcare systems were disrupted and the country's exports suffered. And the effects lasted for months, leading to the declaration of a state of emergency. The Russia-based Conti group was blamed. But while this was just one of many ransomware attacks during the year, it is being carefully studied because of the impact it had at the national level.
Crypto theft
It also wasn't a good year for cryptocurrency. Exchanges were raided, scams rose to record levels and FTX Trading collapsed amid charges of fraud at a spectacular level. Among the many horror stories was that of Ronin, the crypto service that supports the blockchain game Axie Infinity. It was relieved of $615 million – a record for attacks against decentralised finance (DeFi) services. The heist was blamed on North Korean state-backed hacking group Lazarus.
Ordinary cybercrime
Against this background, run-of-the-mill cyberattacks – including data breaches and distributed denial of service (DDoS) attacks – can get lost in the noise. But there were some standouts. Australia found itself reeling after a massive data leak by telecom firm Optus. Nearly 10 million customer records were exposed due to poor API security. That equates to about 40 percent of Australia's population.
Meanwhile. Microsoft reported that it saw a rise in DDoS attacks, and that it managed to mitigate what it believes was one of the biggest in five years – a 2.4Tbps assault against AWS.
And when it comes to good, old-fashioned data breaches, there was much to choose from.
For example, streaming platform Plex spilled the details of most of its 20 million users. A social engineering attack led to the Marriott hotel chain having 20GB of data pilfered – an incident it can add to its 2014 and 2018 breaches.
And further mentions go to Medibank, which lost just under 10 million records, and Air Asia, which fell victim to ransomware and had five million customers record stolen.
Text by: Steve Mansfield-Devine