The Russian invasion of Ukraine drew the trajectory of 2022 cybersecurity. Learn how the war affected the cyber environment over the passing year
2022 has been a rough year when it comes to cybersecurity. It started with Russia’s cyber attacks on Ukraine and continued with multiple data breaches and other disruptions worldwide. Let’s take a look back at the most significant cyberattacks, threats, and data breaches that rocked the world in 2022.
Russian aggression against Ukraine showed the importance of cyber power in modern hybrid wars. As tanks invaded Ukraine, so did cyberattacks. Hours before Russian troops crossed the borders of a sovereign country, Ukrainian government agencies and banks were hit by a powerful malware designed to wipe critical data. Russian hackers targeted Ukraine through various channels, including manipulating information, attacks on infrastructure services, and election influence. Ukrainian forces have fought back using disruptive attacks against their invaders.
The war that Russia brought to Ukraine activated debates on other state-affiliated cyber threats. Officials have started to articulate the issues of latent cyber aggression of some states against others.
Experts admitted the role of China in national cybersecurity architecture, reminding of its increasingly aggressive cyber attacks against US-based targets. Particularly, China stays behind HAFNIUM attacks against Microsoft Exchange servers. The attack is believed to have affected over 21,000 organizations worldwide and entailed significant national security risks for each nation-state where the attack occurred.
The way how Russia and China use cyber technologies demonstrates the vulnerability of national cyber security systems. With the help of state-affiliated attacks, aggressors achieve economic and military advantage, instill panic and instability, increase control over cyberspace content and achieve other strategic goals.
Deep awareness of the need to combat these threats has shown the trajectory of the global 2022 cybersecurity strategy.
The abovementioned events accelerated the need for strengthening national data security and triggered mandatory incident reporting processes. For this purpose, two important events occurred in the U.S. regulatory environment.
First, Cyber Incident Reporting for Critical Infrastructure Act, or simply CIRCIA, was passed into law in March 2022. The Act targets organizations in 16 critical infrastructure sectors and obligates them to report significant cyber incidents to Cybersecurity & Infrastructure Security Agency (CISA). The document’s main message is more than clear – businesses must cooperate with the government to minimize the impact of cyber attacks on critical infrastructure.
Second, a bipartisan draft bill titled the American Data Privacy and Protection Act (ADPPA) was released on June 3, 2022. Although the law is expected to be enforced, it is still a significant event in the US cybersecurity environment. Trying to reach a consensus for years, the government has made an essential step in data security by following the world’s best practices of data protection – Canadian PIPEDA and the EU’s GDPR.
We have already analyzed the above documents in our blog. Read the CIRCIA: Cyber Incident Reporting for Critical Infrastructure and Congress Released ADPPA – Draft Federal Privacy Law for more information.
Ransomware caused 41% more breaches in 2022 than it was in the year before. There were two key factors affecting ransomware proliferation. First, ransomware actors were often reemerging as new groups with the same experienced players after an arrest or major attack. Second, the ransomware groups were growing more powerful by selling ransomware as a service.
One of the most active ransomware crime groups of the passing year is Lapsus$. It is the Lapsus$ that attacked the global technology giant Microsoft and accessed cloud services provider Okta Inc. in 2022. Lapsus$ is especially interesting due to their sophisticated use of social engineering as one of the main attack methods. Understanding the interconnected nature of identities and trust relationships in modern technology ecosystems, it targeted security solutions and other companies to leverage connections with their customers, partners, and suppliers.
Another “famous” ransomware of 2022 was Zeppelin RaaS. The ransomware developers offered codes to the affiliates in exchange for a revenue share. Their attacks generally included luring users into enabling Visual Basic Application (VBA) macros that trigger the infection process. Zeppelin attacks start as phishing emails with Microsoft Word attachments labeled as medical invoices. When the attachment is opened, it allows the hidden malicious macros to infect the computer. The proliferation of Zeppelin provoked heightened attention from governmental bodies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security alert about the Zeppelin RaaS operations. Read our blog post CISA And FBI Warn On Zeppelin Ransomware to learn more about this ransomware.
Social engineering appeared to be one of 2022’s biggest cybersecurity concerns. It targets people, not machines, so the attackers use the tactic of intimidation, playing on emotions and installing a sense of urgency to manipulate organizations’ decision-makers. The widespread social engineering technique is phishing. Usually, hackers register a domain similar to an official one and send messages to their victims, hoping they will not notice the misspelling. Criminals also used piggybacking, vishing, smishing, quid-pro-quo, biting, CEO fraud, and many other attack techniques to find their victims.
In March 2022, social engineering became a part of a well-planned Lapsus$ cyberattack on Microsoft and Okta Inc. To compromise user accounts, various techniques are used, from Redline password stealers and public repositories to purchasing login credentials and recruiting insiders. The criminals used account credentials to access their victims’ networks. They monitored the environment to uncover additional credentials to hack higher privileged accounts. Finally, being able to avoid sophisticated detection techniques by using special VPN access points, Lapsus$ exfiltrates sensitive data for the purpose of extortion.
The Uber incident is also a well-discussed 2022 data breach with social engineering involved in the overall attack scenario. The ridesharing company disclosed that hackers had stolen the personal information of about 57 million customers and drivers. Having obtained the contractor’s password, a 17-year-old hacker sent repeated log-in requests to the contractor’s account and then was able to bypass Uber’s two-factor log-in authentication.
More on these attacks read in our post Social Engineering as the Art of Deceiving.
Healthcare continues to be a top target among hackers and 2022 is not an exception. Criminals target healthcare due to the variety of valuable data these organizations usually handle. Subsequently, hackers have become dedicated to exploiting vulnerabilities in a healthcare network’s security. The list of 2022 security incidents involving healthcare was extensive.
On Oct. 2022, a data breach at Advocate Aurora Health – the most extensive healthcare system in Wisconsin and Illinois – exposed up to 3 million patients’ ePHI. The reason is using tracking technologies – “pixels” utilized by Google and Facebook data analytic tools. The consequences of such an incident are, at a minimum, financial and reputational losses. At least 2 million individuals were affected in the cyberattack on Shields Health Care Group in March 2022. Shields provides ambulatory surgical center management and medical imaging services to 56 companies throughout New England. the Shields data incident is a classic example of a supply chain attack where the Shields serves as a springboard to accessing data held by 56 other organizations.
Texas Tech University Health Science Center (TTUHSC) suffered a data breach that affected more than 1.3 million patients in June 2022. The data breach resulted from a security incident at Eye Care Leaders, a third-party vendor providing Electronic Health Record (EHR) management services to TTUHSC. The TTUHSC is not the only organization that experienced leaked patient information due to the Eye Care Leaders breach. The vendor provides services to more than 20 covered entities, so there are others that the attackers compromised.
We analyzed these data breaches in the articles Supply Chain Attacks In Healthcare. The Case Of Shields, Eye Care Leaders, And MCG Health, and Using Data Analytics may not be HIPAA Compliant.
Thus, 2022 was rich in cybersecurity events. And these events have defined the trajectory of how the industry will develop over the next several years. Russian hybrid war against Ukraine, the proliferation of ransomware, social engineering, and massive data breaches in critical infrastructure have prompted nation-states to review their national security strategies and strengthen national cybersecurity. Businesses, in turn, have entered a turbulent zone with intensifying cyberattacks on one side and heightened governmental control on the other.
Stay with Planet 9 to get out of this zone softly.