Information security (Vecteezy photo)
In the last year, the world economy seems to be oscillating from one crisis to another. When the corona began to kind of fade in many areas, what replaced it was electricity bills that are getting more expensive, rising inflation and a cost of living crisis, some of these things stemmed from the Russian invasion of Ukraine. These developments have opened the door to new opportunities for both financially motivated and state-sponsored threat actors.
The attackers targeted governments, hospitals, crypto companies and many other organizations. With the cost of a data breach now standing at nearly $4.4 million – and as long as threat actors continue to be successful, we can expect even higher costs in 2023.
At the information security company ESET, we review 10 of the biggest cyber incidents of the year, whether it’s because of the damage they caused, the level of sophistication or the geopolitical angle. The list is in no particular order, but it makes sense to open it with malicious cyber actions that targeted Ukraine and immediately raised concerns about their wider implications.
More in-
Ukraine under cyber attack: Ukraine’s critical infrastructure has found itself, once again, in the crosshairs of threat actors. Early in the invasion of Russia, ESET researchers worked in collaboration with the CERT-UA to handle an attack that targeted the country’s power grid and involved devastating malware. ESET named the malware Industroyer2 (after a notorious piece of malware used by the group to cut off electricity in Ukraine in 2016).
More data erasers. CaddyWiper was far from the only destructive data eraser discovered in Ukraine just before or in the first weeks of the Russian invasion. On February 23, ESER’s telemetry detected HermeticWiper on hundreds of computers in organizations in Ukraine. The next day, a second devastating data wipe attack was launched against a Ukrainian government network, this time using IsaacWiper.
Internet disabled. Barely an hour before the invasion, a major cyber attack against the commercial satellite Internet company Viasat disrupted broadband Internet service for thousands of people in Ukraine and elsewhere in Europe. The attack, which used a VPN device to gain access to the management department of the satellite network, was apparently intended to damage the communication capabilities of the Ukrainian command in the first hours of the invasion and its effects were felt far beyond Ukraine’s borders.
Conti in Costa Rica: A major player in the cybercrime underground this year was ransomware-as-a-service (RaaS) group Conti. One of its most daring attacks was against the South American country of Costa Rica, where a state of national emergency was declared after the government called the attack “an act of ‘cyber terrorism.'” The group has since disappeared, though it’s likely that its members simply moved on to other projects or rebranded themselves to avoid criticism. by law enforcement and governments.
Activity of other players in the field of ransomware: A CISA alert from September revealed that Iran-related threat actors have compromised, among others, an American municipal government and an aerospace company, by exploiting the notorious Log4Shell vulnerability in order to carry out ransomware campaigns.
Ronin Network was created by Vietnamese blockchain game developer Sky Mavis to function as a secondary Ethereum blockchain for her game – Axie Infinity. In March, it became clear that hackers managed to steal private keys to fake withdrawals of 173,600 Ethereum ($592 million) and 25.5 million in another transaction. The $618 million theft, at March prices, was the largest ever from a crypto company. The notorious North Korean group Lazarus has since been linked to the attack. The group was previously linked to thefts worth billions of dollars, which were used to finance its nuclear and missile programs.
Lapsus$ burst into consciousness during 2022, as an extortion group that uses high-profile data thefts to extort payment from its corporate victims. These included Microsoft, Samsung, Nvidia, Okta and others. Among the group’s methods of operation is bribery of insiders in companies and their suppliers. Although the group has been relatively quiet for a while, it resurfaced at the end of the year after hacking Rockstar Games.
International Red Cross: In January, the ICRC reported a serious breach that compromised the personal information of more than 515,000 “highly vulnerable” victims. The data, stolen from a Swiss contractor, included details of people separated from their families due to conflict, migration and disaster, missing people and their families and people in detention.
UBER: The travel giant was hacked already in 2016 when details of 57 million users were stolen. In September, it was reported that a hacker who may be a member of Lapsus$ broke into email and cloud systems, code repositories, an internal Slack account, and HackerOne cards. The actor attacked an Uber outsourcer, apparently obtaining their company password on the dark web.
Medibank: The four million customers of the Australian health insurance giant are victims of a ransomware attack. The attackers gained access to their information and the cost of the attack will probably end up being around $35 million. Those responsible are believed to be linked to the outfit (also known as Sodinokibi) attack group infamous for its ransomware as a service (RaaS). Victims now face a potential barrage of identity fraud tracking attempts.
Comments to the article(0):
Your response has been received and will be published subject to the system policy.
Thanks.
for a new comment
Your response was not sent due to a communication problem, please try again.
Return to comment