We make a consistent point to urge our readers to take their organizational cybersecurity seriously. This is because there are threats out there that are targeting your business, no matter how small it is. This week, we take a break from the itemized list of security tips to present 2022’s most devastating cyberattacks to give you an idea what hackers today can do.
Medibank insures over 3.7 million Australians. This was bad news for those citizens after the insurer was hit with ransomware in October. After detecting some suspicious behavior on the 13th of the month, it was confirmed that their suspicions were correct as their whole system was compromised by ransomware. The hackers then tried to negotiate a potential settlement, which the company scoffed at.
A month later, the details of the hack came out and people were horrified. 9.7 million past, current, and prospective customers had personally identifiable information (PII) stolen from the network. This information included some financial information.
What’s worse, is that due to the company's hardline stance on negotiations, hackers started dumping files onto the dark web. One such dump included the “good-list” and “naughty-list” which exposed the names and information of patient treatment, with the “naughty-list” being people that have drug-related, mental health, or HIV-related treatment. The hackers later published a file folder labeled “abortions” to the REvil site, a well-known Russian ransomware group.
In what was a big time debut, the hacker group Lapsus$ took 2022 by storm with major security breaches of some of the most well-known technology companies in the world. The group, which is said to be made up of younger hackers, breached the likes of T-Mobile, Samsung, and Microsoft. They also carried out one of the most audacious hacks of the year against the Brazilian Ministry of Health, compromising millions of COVID-19 vaccination records.
The hacking collective seems to be experts at data exfiltration as it has stolen proprietary data from a number of high-value technology companies. Data exfiltration is when an unauthorized entity copies data off of an endpoint or server. Fortunately, law enforcement has begun taking down the group. A British teen was arrested in March of 2022 and in October, Brazilian authorities arrested a teen that was said to be the ringleader for the Brazilian ministry attacks.
Around $3.8 billion dollars in cryptocurrency was stolen in 2022, up nearly 20% over 2021’s total. In what was the largest cryptocurrency theft on record, a North Korean-based hacking group called Lazarus defrauded Sky Mavis (which is part of the Ronin Network) of $625 million worth of Ethereum and USDC cryptocurrency.
The group pulled an ingenious long con, basically going through the hiring process (with false identities) at the game developer’s parent company, then hacking into the system as soon as they got an official offer that was sent over through a PDF. They ended up compromising the blockchain by corrupting four of the nine nodes needed to facilitate financial transactions. This has led to a massive decrease in the value of Sky Mavis’ in-game currency.
Normally, when a nation’s federal facilities need to be shut down due to a ransomware attack it would be the biggest hacking attack of the year. This year, it comes in second. On May 8, the Russia-based hacking group Contl infiltrated the Costa Rican Ministry of Finance and set loose ransomware on their servers. They then exfiltrated the data and demanded a $10 million ransom for safe return of the files. These files presumably would have been able to expose specific financial details of many Costa Ricans and Costa Rican businesses.
Instead of paying, the new Costa Rican government sought help from the United States, Spain, Israel, and security experts at Microsoft. After a few weeks of consultation, things started to normalize before the ransomware group Hive started an attack that exacerbated things. They took over the nation’s Social Security system, infecting 9,000 endpoints and 800 servers. The Costa Rican government had no choice but to take the whole system offline. The whole thing is going to cost the Costa Rican people, tens of millions of dollars.
Finally, the worst attacks this year were carried out in the Russian Federation invasion of Ukraine. While many of the military initiatives have been carried out through airstrikes and with troops, the cyberattacks set the groundwork for the invasion as a whole.
During the past year, the Russian Federation has successfully hacked Ukrainian organizations over 2,000 times. 300 of them have been levied against security and defense organizations. This includes a ransomware attack against the Defense Ministry of Ukraine. Another 400 attacks were aimed at utilities and other civil organizations and businesses.
Another 1,000 different attacks targeting Federal institutions have been carried out by Russian agents in just the past 12 months. Unfortunately, it doesn’t seem like the conflict is any closer to a resolution and could see escalation should the politics of the conflict move outside of Ukrainian borders.
These tales of woe aren’t going to look like the one you will tell should you get hacked, but it is still a major disappointment if it were to happen. Give our security professionals a call today at (415) 246-0101 to have a conversation about how to best protect your network and digital resources.