Cybersecurity news of 2022: Highlights and lowlights
From unprecedented technological advancements to a massive increase in sophisticated threats. 2022 has been an unforgettable year for the world of Cyber. If we were to reflect on all the events of this year, even a novel might fall short. Instead, here is the most notable cybersecurity news of 2022 that will surely share the footprints of the security industry heading into 2023.
Russia and Ukraine: a war on all fronts
The Russia-Ukraine war has been in the headlines of all news, and it will undoubtedly continue into the new year. It has been a hybrid war fought in both the digital and physical domains.
From the start of the war, Russia has been launching a barrage of cyberattacks targeted at Ukrainian critical national infrastructure. These attacks were disbursed through Russia’s well-coordinated network of illicit state-backed actors. Russian state actors also initiated the use of next-gen data wiper malware to disrupt Ukrainian digital systems and destroy millions of valuable and sensitive data.
However, what was truly notable in this hybrid war was Ukraine’s counter-cyber operations. Ukrainian leaders have been inviting hacktivist and digital experts worldwide to join Ukraine’s ‘IT Army’. Ukrainian leaders and security professionals have been supplying intelligence and training guides to this IT Army to launch a series of DDoS attacks against their Russian counterparts. This wide network of remotely connected cyber collectives have helped Ukraine to gain the edge on the cyber frontier till now.
To learn more about Ukraine’s counter-cyber efforts, read Truswave’s recent research on how the country has effectively developed one of the largest networks of cyber professionals and digital talents.
What was the most dangerous cyber threat in 2022?
2022 has been a year of ransomware, as the number of attacks has exceeded all previous records. In the first half of the year alone, there were 236 million ransomware attacks executed worldwide.
However, ransomware wasn’t the most prominent threat of 2022 according to most security experts. In fact, research by CS Hub showed that 75% of security professionals deemed social engineering to be the “most dangerous” threat in 2022, as such threats are often the root cause of most ransomware, DDoS, and supply chain attacks.
Kaspersky Antivirus might not be as safe as you think
Earlier this year, The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) updated their list of foreign IT vendors that “pose an unacceptable risk to national security or the security and safety of United States persons”. The newly updated list now recognises Kapersky Antivirus software as a potential security risk. Kaspersky was previously named by Gartner as the fifth largest IT products vendor in the world.
“This addition to the list was done to help secure [US] networks against threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.” – said FCC commissioner, Brendan Carr.
The Microsoft Data Breach
On March 20th, 2022, Microsoft was targeted by the infamous ransomware group called Lapsus$. The group posted a screenshot on Telegram indicating they had hacked Microsoft. In the process, they compromised Cortana, Bing, and several other products.
The attackers retrieved some material from Microsoft, but by March 22nd Microsoft announced it had quickly stopped the hacking attempt and only one account was compromised. Microsoft also said that no customer data had been stolen. The Lapsus$ group also targeted other popular companies this year, including Nvidia and Samsung.
The Red Cross Data Breach
One of the biggest cyberattacks of the year took place early in January 2022. Threat actors attacked servers hosting PII of 500,000+ people receiving services from the Red Cross.
The compromised servers contained data related to the organization’s Restoring Family Links services. These services work to reconnect people separated by war, migration, and violence. The Red Cross took servers offline to stop this suspected nation-state attack, although no culprit has definitively been identified.
The state of Ransomware 2022
In the final quarter of the year, BlackFog released an extensive research report on ransomware attacks in 2022. The research outlined the key tactics used by ransomware groups, the number performing these attacks, and common trends.
According to their research, 86% of all attacks leverage the remote functionalities of PowerShell – a task automation and configuration management program from Microsoft. Moreover, nearly 89% of all attacks exfiltrate the victim’s data as a strategy to apply double extortion and increase the chances of a ransom payout.
The report also showed that ransomware targeted the education industry most in 2022, followed by the government sector and healthcare.
To read the detailed findings of the research, access the full report here.
A new TikTok challenge is spreading malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette. But the fact that individuals filming such videos could be undressed has led to a scandalous scheme. The attackers post TikTok videos with links to malicious software dubbed “unfilter” that removes the applied filters.
“Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages,” said Checkmarx researcher Guy Nachshon.
The WASP stealer (aka W4SP Stealer) is a malware that’s designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The TikTok videos posted by the attackers are estimated to have reached over a million views. The accounts have since been suspended.
Uber suffers a network breach, again!
On September 2022, Uber’s internet networks were breached by an 18-year-old attacker using social engineering tactics. The attacker gained access to an employee’s Slack credentials. He then used them to send messages to Uber’s workforce, notifying everyone of the breach.
The company confirmed the attack through Twitter within hours. Seems like they had learned from their previous breach in 2016, where Uber was scrutinised for not publicly disclosing the incident in time. The company also claimed that the attacker was part of the infamous Lapsus$, and no user data was compromised.
The attacker claiming responsibility later told the New York Times that he impersonated a corporate IT executive and sent a malicious message to an Uber employee, who unknowingly handed over his credentials, leading to the breach.
For more critical insights and the latest security news, follow Code Red on Twitter and LinkedIn.