About the first six months of 2022 have felt endless or fleeting – or both – massive hacks, data breaches, digital scams and ransomware attacks continued with rapid strides through the first half of this complicated year. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights conflicts continuing around the world, cybersecurity vulnerabilities and digital attacks have proven to be thoroughly entangled in all aspects of life.
With another six months left of the year, however, there is more to come. Here are the biggest digital security debuts that have unfolded so far.
For years, Russia has aggressively and ruthlessly launched digital attacks on Ukraine, causing blackouts, attempting to distort elections, stealing data and releasing destructive malware to ravage the entire country – and the world. However, after invading Ukraine in February, the digital dynamics between the two countries have changed as Russia struggles to support a massive and costly kinetic war, and Ukraine raises resistance on all fronts imaginable. This has meant that while Russia has continued to beat Ukrainian institutions and infrastructure with cyber attacks, Ukraine has also hacked back with surprising success. Ukraine formed a volunteer “IT army” at the beginning of the war, which has focused on launching DDoS attacks and disruptive hacks against Russian institutions and services in order to create as much chaos as possible. Hacktivists from around the world have also turned their attention – and digital firepower – to the conflict. And as Ukraine launches other types of hacks against Russia, including attacks with custom malware, Russia has suffered data breaches and service disruptions to an unprecedented extent.
The digital extortion gang Lapsus $ went on an extreme hacking bender in the first months of 2022. The group appeared in December and began stealing source code and other valuable data from increasingly prominent and sensitive companies – including Nvidia, Samsung and Ubisoft – before leaked it in blatant extortion attempts. The battle culminated in March when the group announced that it had broken and leaked parts of the Microsoft Bing and Cortana source code and compromised a contractor with access to the internal systems of the ubiquitous authentication service Okta. The attackers, who appeared to be based in the United Kingdom and South America, relied heavily on phishing attacks to gain access to target systems. In late March, British police arrested seven people believed to be linked to the group and charged two in early April. Lapsus $ appeared to briefly continue to operate after the arrests, but then fell asleep.
In one of the most disruptive ransomware attacks to date, the Russian-linked cybercrime gang Conti brought Costa Rica to a screaming halt in April – and the disruption would last for several months. The group’s attack on the country’s Ministry of Finance paralyzed Costa Rica’s import / export companies, causing losses of tens of thousands of dollars a day. So serious was the attack that the president of Costa Rica declared a “national emergency” – the first country to do so due to a ransomware attack – and a security expert described Conti’s campaign as “unprecedented”. Another attack in late May, this one on Costa Rica’s Social Security Fund, was attributed to the Conti-linked HIVE ransomware and caused widespread disruption to the country’s health system. While Conti’s attack on Costa Rica is historic, some believe it was intended as a diversion, while the gang is trying to transform itself to evade sanctions against Russia because of the country’s war with Ukraine.
As the cryptocurrency ecosystem has evolved, tools and tools for storing, converting, and otherwise managing it have evolved at a furious pace. Such rapid expansion, however, has come with its share of omissions and missteps. And cybercriminals have been eager to take advantage of these mistakes, and they often steal huge amounts of cryptocurrency worth tens of thousands or hundreds of millions of dollars. In late March, for example, North Korea’s Lazarus Group memorably stole what was at the time worth $ 540 million of Ethereum and USDC stablecoin from the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers exploited a fault in the Ormehulsbroen to grab what was then about $ 321 million worth of Wormholes Ethereum variant. And in April attackers targeted stablecoin protocol Beanstalk, which granted itself a “flash loan” to steal about $ 182 million in cryptocurrency at the time.
Healthcare providers and hospitals have long been a favorite target of ransomware players who seek to create maximum urgency to entice victims to pay up in the hopes of restoring their digital systems. But data breaches in health care will also continue in 2022, as criminals collect data that they can monetize through identity theft and other forms of financial fraud. In June, Massachusetts-based service provider Shields Health Care Group revealed that it has suffered a data breach through most of March, affecting about 2 million people in the United States. The stolen data included names, CPR numbers, birth dates, addresses and billing information as well as medical information such as diagnoses and medical records. In Texas, patients from Baptist Health System and Resolute Health Hospital announced a similar breach in June, which revealed similar data, including CPR numbers and sensitive patient information. Both Kaiser Permanente and Yuma Regional Medical Center in Arizona as well revealed data breaches in June.
In early June, the U.S. Cybersecurity and Infrastructure Security Agency warned that Chinese government-backed hackers had insulted a number of sensitive victims worldwide, including “major telecommunications companies.” They did so, according to CISA, by targeting known router vulnerabilities and errors in other network equipment, including those made by Cisco and Fortinet among other vendors. The warning did not identify any specific victims, but it did signal alarm over the results and a need for organizations to step up their digital defenses, especially when dealing with huge amounts of sensitive user data. “The advice describes the targeting and compromise of large telecommunications companies and network providers,” CISA wrote. “Over the last few years, a number of serious network device vulnerabilities have allowed cyber actors to regularly exploit and access vulnerable infrastructure devices. In addition, these devices are often overlooked.”
Separately, hackers are likely to carry out Chinese espionage broken News Corp in an intrusion discovered by the company on January 20th. Attackers gained access to journalists’ emails and other documents as part of the breach. News Corp owns a number of high-profile news media, including Wall Street Journal and its parent company, Dow Jones New York Postand several publications in Australia.
Just days after a subsequent U.S. Supreme Court ruling in late June on concealed transportation permits, an unrelated data breach potentially revealed the information of anyone applying for a concealed transportation permit in California between 2011 and 2021. The incident affected data, including names, ages, addresses, and license types. The breach occurred after a misconfiguration in the California Department of Justice 2022 Firearms Dashboard Portal revealed data that should not have been publicly available. “This unauthorized disclosure of personal information is unacceptable and far exceeds my expectations of this department,” State Attorney Rob Bonta said in a statement. “The California Department of Justice is committed to protecting Californians and their data. We recognize the stress this can cause to the individuals whose information was disclosed. I am deeply concerned and angry.”