Introduction
With the pandemic and the geopolitical issues that shaped the previous year, 2022 was a difficult and perplexing year for the digital information security field.
The global cybercrime damages according to multiple reports for 2021 were $6 trillion US dollars and the current estimate for these damages could rise to $11 trillion by 2025.
With more than 22 billion records being exposed in 2021, the figures for 2022 are expected to exceed this figure by 5%.
In this article, we will explore the top hacking incidents that shaped 2022. We will look back on the top hacking attacks, including breaches, ransomware attacks, hacking campaigns, and more. 2022 is a small indication of what 2023’s digital security field could bring, a dose of unpredictability and also new means for attacks from the threat actors, saying that, It will be a good idea to visit the hacking incidents that happened in 2022 to be more prepared and safe for 2023.
Operation Russia – Anonymous attacks
Anonymous is known as an international activist and hacktivist collective that is known for conducting cyberattacks against governments, government agencies, and corporations.
In late 2021, in response to the military build-up near the Russia-Ukraine border, Anonymous defaced various government websites in China, including the United Nations Network on Migration website, in an effort to promote peace in the Donbas region.
In February of 2022, Anonymous launched a campaign called “OpRussia” against the Russian Federation in response to the invasion of Ukraine. This campaign included a series of attacks on Russian infrastructure. They took down RT.com, a Russian TV channel for a couple of hours, while at the same time hacking into the Defense Ministry website.
See Also: So you want to be a hacker?
Offensive Security Courses
Anonymous is also responsible for the hacking and defacing of the Russian Space Research Institute’s website. The attacks continued non-stop as they hacked 400 Russian surveillance cameras and then displayed anti-propaganda messages.
Roskomnadzor (a Russian agency responsible for monitoring and censoring mass media) was another victim as Anonymous leaked 820 GB of internal documents.
DDoSecrets ( a non-profit whistleblower site) also leaked 28GB of data from the Central Bank of Russia exposing bank statements, invoices, etc, the attack was made by an Anonymous affiliate group with the Twitter handle @Thblckrbbtworld. Anonymous also targeted the websites of the Russian Federal Customs Service and the Russian Investigation Committee. In response to the invasion of Ukraine, Ukraine formed a volunteer “IT Army” that has conducted DDoS attacks, disruptive hacks, and data breaches against Russian organizations and services.
Screenshot from the leaked records of Central Bank of Russia. (Image: Hackread.com)
LastPass data breach
LastPass, a password manager service, announced on December 22, 2022, that a data breach had occurred, exposing encrypted password vaults and other user data.
The company experiences a data breach in August that led to further attacks in which hackers compromised the credentials and cloud storage keys of a LastPass employee.
The company has not provided additional information about the breach, including how many password vaults were compromised and how many users were affected, or when the breach occurred. It is also unclear how long the attackers have had the stolen data and how long it will take them to start “cracking” the keys used to encrypt the stolen password vaults.
The company has also not clarified the proprietary binary format it uses to store encrypted and unencrypted vault data.
Other customer data, such as names, email addresses, phone numbers, and billing information, were also compromised. LastPass has been criticized for storing its vault data in a hybrid format where items like passwords are encrypted but other information, like URLs, are not.
LastPass users are advised to enable two-factor authentication on their accounts, particularly high-value accounts, and change the passwords on all of their sensitive and high-value accounts as well as those stored in their LastPass vault. Many security professionals warned users to consider switching to a different password manager service entirely.
Lastpass data breach announcement on their blog – (Image: blog.lastpass.com)
Lapsus$ cyberattacks
Lapsus$ is a hacking group that first made headlines in December 2021 when it launched a ransomware attack against the Brazilian Ministry of Health, compromising the COVID-19 vaccination data of millions of people in the country.
In 2022 the hacking group rose to notoriety as it targeted several high-profile technology companies, including Nvidia, Samsung, Microsoft, T-Mobile, and Vodafone, for stealing data and disrupting services.
Lapsus$ has also been linked to cyberattacks on EA Games, Rockstar, and Uber while also gaining access to an Okta contractor’s laptop.
The group also attempted to blackmail several companies, threatening to leak data online unless their demands were met.
Among the companies affected, Samsung confirmed that there was a security breach to their internal company data, including source code relating to the operation of Galaxy devices without including any personal information of their customers or employees. Microsoft was another company admitting that some parts of source code for some of its products were stolen while reporting that the leaked code was not severe enough to cause an elevation of risk and that their response teams shut down the threat actors mid-operation.
On September 2022, the hacking group leaked 3GB files containing 90 videos of early GTA VI gameplay footage. Rockstar had also confirmed a day after that they suffered a network intrusion in which threat actors stole confidential information on their systems, including early development footage for GTA VI, while also stating that their work on GTA VI will continue as planned.
A Message from Rockstar Games pic.twitter.com/T4Wztu8RW8
— Rockstar Games (@RockstarGames) September 19, 2022
A report identified an England-based teenager as the mastermind behind the group and suggested that another member may be based in Brazil. One member of the group is reportedly so highly skilled at hacking that their work was thought to be automated by researchers.
The London police made seven arrests in connection with Lapsus$ on March 24th, all of whom were teenagers.
On September 2022, the City of London police also arrested a 17-year-old in Oxfordshire on suspicion of hacking and charged him. It’s not clear which specific incident lead to his arrest but it follows the arrest and release of the seven teenagers in connection with the Lapsus$ hacking group earlier in March. The arrest came after the two security breaches at Rockstar, and Uber which both of them believed to be connected to Lapsus$.
Wormhole cryptocurrency platform hack
On February 2022, the decentralized finance (DeFi) platform Wormhole was hacked, with an attacker exploiting a security flaw to steal close to $325 million worth of cryptocurrency.
Wormhole provides a service known as a “bridge” between blockchains, allowing a person or entity with holdings in one cryptocurrency to make trades and purchases using another.
The hack seems to have resulted from an update to the project’s GitHub repository, which revealed a fix to a bug that had not yet been deployed to the project itself.
The attack took place on February 2nd and was noticed when a post from the Wormhole Twitter account announced that the network was being taken “down for maintenance” while a potential exploit was investigated. Shortly after the attack, the Wormhole team offered the hacker a $10 million bounty to return the funds.
The Incident Report is now available.https://t.co/PfBqObjDhT
Here is the tl;dr 🧵
1/
— Wormhole🌪 (@wormholecrypto) February 4, 2022
According to an initial analysis by CertiK, the hackers exploited a vulnerability on the Solana side of the Wormhole bridge and managed to forge valid signatures for transactions that allowed them to freely mint 120,000 “wrapped” Ethereum tokens for themselves. Wrapped Ethereum tokens are pegged to the value of the original coin but are interoperable with other blockchains.
The hackers may have used these tokens to take possession of Ethereum being held on the Ethereum side of the Wormhole bridge. CertiK notes that bridges such as Wormhole, by operating across two or more blockchains, multiply the possible lines of attack for hackers, becoming even more attractive targets.
Vitalik Buterin, the founder of Ethereum, has already argued that bridges are unlikely to exist for much longer in the crypto ecosystem, citing “fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty.'”
CertiK co-founder Ronghui Gu said, “The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchain protocols, This attack is sounding the alarms of growing concern around security on the blockchain.”
Pacific island nation of Vanuatu hack
The Pacific island nation of Vanuatu experienced a serious cybersecurity attack on their government computer systems, affecting email accounts, driver’s licenses, taxes, medical and emergency information, and leaving officials to use 20th-century technology (pen and paper).
A local news outlet announcement calling the cyberattack in Vanuatu “our worst kept secret.” (Image: dailypost.vu)
The outage, which has been since early November, caused major problems for a country where the population of around 320,000 people is distributed across many islands.
The cause and extent of the damage are not known, although some sources suggest it was a ransomware attack in which cybercriminals broke in and took data hostage in exchange for payment.
The attack could be important geopolitically as Vanuatu is officially neutral, and maintains relationships with Western allies such as Australia as well as China, Australia is on-site to help local officials.
As a result of the attack, government officials have been forced to use commercial email systems and manual systems in order to keep government operations continuing. It is reported that many government departments are currently using local computer drives to help store data instead of more secure web servers or the cloud. Attacks like this are not uncommon, and cost governments and private companies billions of dollars through ransomware, extortion, email scams, and lost business.
These kinds of attacks highlight the importance of governments investing in cybersecurity technologies.
For Vanuatu, the increasing geopolitical focus on the region makes cyberattacks especially concerning. It remains to be seen how much investment will be provided to better protect the smaller Pacific states from future attacks.
2022 was a year full of cyber threats
2022 was a year of high-profile cyber security threats, including phishing scams, DDoS attacks, data breaches, and malware attacks.
It emphasizes the importance of vigilance, staying informed about the latest threats, implementing robust security measures, educating employees, and regularly reviewing and updating security practices to protect against them.
Everyone should be proactive in safeguarding their digital assets.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to Information Security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [emailprotected]
