Cybersecurity Yearly Round-up 2022: Most Notable News and Insights of the Year
From unprecedented technological advancements to a massive increase in sophisticated threats. 2022 has been an unforgettable year for the world of Cyber. If we were to reflect on all the events of this year, even a novel might fall short. Instead, here are some of the most notable events and insights of this year that will surely share the footprints of the security industry heading into 2023.
Russia and Ukraine: a war on all fronts
The Russia-Ukraine war has been on the headline of all news this year, and no double, it will continue to be in the limelight of all discussions heading into the new year. However, what’s often left out of the conversation is that it’s been a hybrid war, fought on both the digital and physical domains.
From the start of the war, Russia has been launching a barrage of cyberattacks targeted at Ukrainian critical national infrastructure. These attacks were disbursed through Russia’s well-coordinated network of illicit state-backed actors. Russian state actors also initiated the use of next-gen data wiper malware to disrupt Ukrainian digital systems and destroy millions of valuable and sensitive data.
However, what was truly notable in this hybrid war was Ukraine’s counter-cyber operations. Ukrainian leaders have been inviting hacktivist and digital experts from all over the world to join Ukraine’s ‘IT Army’ – a collective effort to defend and fight against Russia’s cyber operations. Ukrainian leaders and security professionals have been supplying intelligence and training guides to this IT Army to launch a series of DDoS attacks against their Russian counterparts. This wide network of remotely connected cyber collectives have helped Ukraine to gain the edge on the cyber frontier till now.
To learn more about Ukraine’s counter-cyber efforts, read Truswave’s recent research on how the country has effectively developed one of the largest networks of cyber professionals and digital talents.
What was the most dangerous cyber threat in 2022?
2022 has been a year of ransomware, as the number of attacks has exceeded all previous records. In the first half of the year alone, there were 236 million ransomware attacks executed worldwide.
However, ransomware wasn’t the most prominent threat of 2022 according to most security experts. In fact, research by CS Hub showed that 75% of security professionals deemed social engineering to be the “most dangerous” threat in 2022, as such threats are often the root cause of most ransomware, DDoS, and supply chain attacks.
Kaspersky Antivirus might not be as safe as you think
Earlier this year, The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) updated their list of foreign IT vendors that “pose an unacceptable risk to national security or the security and safety of United States persons”. The newly updated list now recognises Kapersky Antivirus software as a potential security risk. Kaspersky was previously named by Gartner as the fifth largest IT products vendor in the world.
“This addition to the list was done to help secure [US] networks against threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.” – said FCC commissioner, Brendan Carr.
The Microsoft Data Breach
On March 20th, 2022, Microsoft was targeted by the infamous ransomware group called Lapsus$. The group posted a screenshot on Telegram indicating they had hacked Microsoft, and in the process, compromised Cortana, Bing, and several other products.
The attackers retrieved some material from Microsoft, but by March 22nd Microsoft announced it had quickly stopped the hacking attempt and only one account was compromised. Microsoft also said that no customer data had been stolen. The Lapsus$ group also targeted other popular companies this year, including Nvidia and Samsung.
The Red Cross Data Breach
One of the biggest cyberattacks of the year took place early on in January 2022. Threat actors carried out an attack on servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement.
The compromised servers contained data related to the organization’s Restoring Family Links services, which work to reconnect people separated by war, migration, and violence. The Red Cross took servers offline to stop this suspected attack by a nation-state, although no culprit has definitively been identified since then.
The state of Ransomware 2022
In the final quarter of the year, BlackFog, the global leader in anti-data exfiltration (ADX) technology released an extensive research report on the state of ransomware attacks in 2022. The comprehensive research outlined the key tactics used by ransomware groups, the number of groups actively carrying out such attacks, as well as the common trends.
According to their research, 86% of all attacks leverage the remote functionalities of PowerShell – a task automation and configuration management program from Microsoft. Moreover, nearly 89% of all attacks exfiltrate the victim’s data as a strategy to apply double extortion and increase the chances of a ransom payout.
The report also showed that the education industry was the most targeted sector by ransomware in 2022, followed by the government sector and healthcare.
To read the detailed findings of the research, access the full report here.
A new TikTok challenge is spreading malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body. But the fact that individuals filming such videos could be undressed has led to a scandalous scheme wherein the attackers post TikTok videos with links to malicious software dubbed “unfilter” that removes the applied filters.
“Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages,” said Checkmarx researcher Guy Nachshon.
The WASP stealer (aka W4SP Stealer) is a malware that’s designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The TikTok videos posted by the attackers are estimated to have reached over a million views. The accounts have since been suspended.
Uber suffers a network breach, again!
On September 2022, Uber’s internet networks were breached by an 18-year-old attacker using social engineering tactics. The attacker gained access to an employee’s Slack credentials and used them to send messages to Uber’s workforce, notifying everyone of the breach.
The company confirmed the attack through Twitter within hours. Seems like they had learned from their previous breach in 2016, where Uber was scrutinised for not publicly disclosing the incident in time. The company also claimed that the attacker was part of the infamous Lapsus$, and no user data was compromised.
The attacker claiming responsibility later told the New York Times that he impersonated a corporate IT executive and sent a malicious message to an Uber employee, who unknowingly handed over his credentials, leading to the breach.
For more critical insights and the latest security news, follow Code Red on Twitter and LinkedIn.