Cyber attacks have been ranked as the fifth most important risk. Cyber attacks have never been more in the news, making headlines and invading our daily lives.
Here are the top attacks of this year 2022, a list obviously not exhaustive, as WatchGuard cybersecurity researchers have identified “80% more (ransomware) compared to last quarter, and three times more than in the first quarter of 2021[1].
A record year for ransomware.
A paralyzed country
For the first time, a group called Conti managed to paralyze the financial operations of an entire country: Costa Rica in April 2022; even leading the country to declare a national emergency.
At the beginning, it was about financial operations but quickly the attacks spread, since at the end of May the group repeated and attacked this time the social security fund via the Hive ransomware.
Insufficiently prepared, despite a security plan put in place in 2017, Costa Rica has not been able to cope.
The estimated cost of this crisis is estimated at $38 million per day.
As a reminder Conti (appeared in 2020), is one of the most prolific groups of the year 2022 with 200 million euros of revenue in 2021[2].
He made the headlines via,
- its numerous attacks:
- JVCKenwood in 2021
- Ireland’s health services in 2021
- Bank Indonesia, December 2021
- Panasonic Canada, 2022
- Ford Trust, 2022
- Wind Turbine, 2022
- …
From November 27, 2021, to February 27, 2022, the Conti gang claims to have compromised more than 50 new victims, and two-thirds of the organizations are based in Europe and the United Kingdom[3]
– and by its afflictions within the group itself: leaking private conversations; splitting, even to the supposed death of the brand…
This is a group that appears to be based in Russia and operates in a RaaS (ransomware as a service) mode where affiliates are paid on a more regular basis than usual in that they get a fixed salary, unlike other RaaS that pay a percentage of operations instead.
There is a lot of talk about the future of this group, and it is unlikely to disappear for good. It might come back under another name, another form, but it should still have a bright future.
Chaos led by teenagers
A 16-year-old and a 17-year-old teenager from the Lapsus$ group (https://tehtris.com/en/blog/who-are-lapsus) made headlines in January 2022. Nvidia, Ubisoft, Samsung and Microsoft (March 2022) shook.
Lapsus$ is a newcomer to the cyber world, based in the UK and South America. The group practices extortion via phishing, without using encryption software.
The group’s members are usually after the most sensitive data and are looking to get people talking about them. They use social media for this, and play with it, including publishing a poll on the Telegram channel to ask what data should be released.
Despite the arrest of the two young people (and seven other compatriots), the group does not stop there and repeats the operations in September 2022. This time it is UBER (57 million of data stolen) and Rockstar Games that are targeted.
For Uber, the attacker gained access to Slack, vulnerability reports and financial data after buying the corporate password of an employee on the dark web.
For Rockstar Games, it was the source code of GTA 6 that was stolen.
The domino effect of the Russo Ukrainian conflict
The list of aggressions would be too long to enumerate, as they were so numerous.
Let’s try to make a small inventory of the situation.
In UKRAINE
Ukraine has been the target of numerous attacks, causing power outages and spreading destructive malware. Institutions and infrastructure have been affected.
WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper are the many wipers that have hit the country: https://tehtris.com/en/blog/ukraine-russia-a-cyber-war-declared
At the end of April, 237 computer attacks against Ukraine were recorded.
But Ukraine has shown resistance on all fronts, including the cyber front.
Accustomed to cyberattacks since the beginning of time, and home to many hackers, it has been able to anticipate, retaliate, with a surprising success of attacks (with DDoS attacks and hacking against Russian institutions and services) and mitigate the threat.
The help of the DSSZZI (State Service of Special Communications and Information Protection of Ukraine) is not for nothing. The Ukrainian Defense was able to achieve its goals, supported by the cyber troops of the IT Army (versus Народная CyberАрмия, the Russian cyber army) as well as other pro-Ukrainian groups like, GhostSec, RedCult, Anonymous…
In RUSSIA
Russia too has suffered many Ukrainian retaliation in its cyber space.
Several very offensive groups, like Fancy Bear or Sandworm, which are based on Russian soil and attached to the GRU, the Russian military intelligence service, or Cozy Bear attached to the SVR, the Russian foreign intelligence service, are still very active in this conflict.
KillNet, RaHDIT, Red Bandits, Stormous, etc. are added to the list.
Among the attacks, many DDoS attacks (denial of service) and data leakage.
Thus, the local railroads, RuTube, were affected.
Attackers have no ethics
The list is unfortunately long.
– In January 2022, the International Red Cross was the victim of a cyber attack. 500,000 people receiving services from the Movement were affected.
Healthcare providers and hospitals have long been a prime target and were again this year.
- In the US, Shields Health Care Group in March 2022: 2 million people affected. Social security numbers, birth dates, addresses and billing and medical information were stolen.
The same misadventure happened to Baptist Health System, Resolute Health Hospital, Kaiser Permanente and Yuma Regional Medical Center.
- In France, on August 22, 2022, the hospital of Corbeil-Essonnes, saw on the darknet a part of its data hacked. The group behind this attack is believed to be the Russian-speaking hacker group Lockbit 3.0, which demands a ransom of $10 million.
- In Spain, the Consorci Sanitari Integral (CSI), which includes several health centers in Barcelona namely Dos de Maig in Barcelona, Moisès Broggi in Sant Joan Despí and the General de l’Hospitalet or CAP Sagrada Familia, Collblanc and La Torrassa were hit by a cyber attack in October 2022.
- British hospitals were also the main target of the attackers. “Advanced, the main provider of IT services to the British health system (NHS). The attack impacted online appointment booking and ambulance dispatch operations.”
INCREASE IN STATE THREATS
Nation-states are now using their cyber skills to infiltrate other governments and conduct attacks on critical infrastructure. In 2022, so-called state-sponsored attacks increased.
– The U.S. Cybersecurity Agency has issued numerous vigilance bulletins against hackers from Beijing. Espionage is the number one threat.
New Corp was a victim on January 20, 2022. Units such as the Wall Street Journal, the New York Post were affected.
In addition, China is opposed to NATO and threatens to reproduce the Ukrainian scenario with Taiwan. Beijing does not recognize the independence of the island and imposes itself through interference in American politics and extends its influence in the world.
– The Iranian threat has also been put forward this year 2022.
On July 15, all government sites were hit in Albania, an attack attributed to the Iranian state in retaliation for its support to the United States and Israel. As a reminder, Albania is the home of the PMOI (People’s Mojahedin Organization of Iran), initially considered a terrorist organization. In 2004, the US government granted them protection under the Geneva Convention.
Cyber crime has broken all records again this year. This top 5 list is just the tip of the iceberg and shows that cyber risk is now a part of everyday business life.
This is why companies need solutions that are easy to operate and that preserve the time and added value of the security staff.
The TEHTRIS XDR platform driven by AI and hyperautomation offers predictive threat prevention, detection and response.
TEHTRIS aims to facilitate detection and response beyond computers and servers: smartphones, tablets, networks, cloud…
If you would like to see how TEHTRIS can help protect your organization from all kinds of malicious actors, contact us.
[1] https://www.watchguard.com/fr/wgrd-resource-center/security-report-q1-2022
[2] Données Sophos 2022
[3] LeThreat Response Unit (TRU) de eSentire