Cybercrime has been steadily escalating as we move deeper into the digital age, and Cyberattacks in 2022 were no exception. Worldwide digital transformation of businesses and organizations in every sector has created a riskier cyber environment. And while many modern cloud implementations and database strategies are safer than ever, a knowledge gap exists in IT security.
With many new Vulnerability Management tools available to enhance business intelligence and daily operations, vulnerability patching and software updates are more important than ever. However, many teams may not see the value in taking time to update systems and monitor security features, or they are simply overwhelming with the amount of tooling required to manage vulnerabilities effectively. Unfortunately, this has created a digital environment where hackers and other bad actors can easily take advantage of software vulnerabilities to steal money and data and wreak havoc on organizations. All these problems can be prevented by using a vulnerability management software.
Attackers use many methods to breach a network’s security ecosystem, including phishing, stolen credentials, and insider threats. Even third-party vulnerabilities caused 13% of cyberattacks in 2022, costing organizations over $4.5 million.
This article will look at some of the top cyber attack events of 2022 and the vulnerabilities that caused them.
This summer, an API vulnerability on the popular social media platform allowed anyone to find accounts via the discoverability function. Users could type in any phone number or email address and find all the accounts connected to that data. As a result, 5.4 million accounts had their data scraped by hackers. The consumer data, including handles, account creation dates, user locations, followers, and favorites, was available online for free.
What’s concerning about this cyber attack event is that many news outlets have reported that Twitter was aware of this vulnerability six months before the data breach. Identifying a scam is the key to prevention, but without taking action, Twitter left its users exposed. Security problems related to APIs are a fast-growing attack vector, responsible for 20% of data breaches. The organization has since encouraged users to change their passwords and use MFA to log in to their accounts.
Chrome has come under a number of zero-day attacks this year due to various vulnerabilities. One of the most active attack vectors for Chrome cyberattacks in 2022 was the Animation Component, but the popular tech giant also experienced use-after-free flaws in more than 10 components, including Blink, V8, Portals, and Chrome for Android.
Other Chrome zero-day software vulnerabilities that came under attack were related to remote code execution issues like CVE-2021-21224 in April. A type confusion bug in V8 allowed a remote attacker to execute arbitrary code within a sandbox. All of this is from a carefully crafted HTML page.
The rapid expansion of DeFi exchanges and third-party crypto apps leaves many vulnerabilities for hackers to exploit. One of the largest data breaches of a DeFi network occurred in March this year against Ronin. The Lazarus hacker group attacked a blockchain bridge between Ronin and a popular NFT game called “Axie Infinity.” The bridge is meant to enable users to transfer assets between blockchain networks and use their coins for various applications like blockchain games.
The investigation of this attack is still ongoing, and the vulnerability that Lazarus used has yet to be released. However, experts believe this to be the result of incomplete offboarding. There were some old admin accounts that had not been properly closed still floating around the network. Hackers could then take over 5 nodes and use private keys to authorize fraudulent transactions. In the end, attackers stole over $600 million of ether and USDC tokens.
Ronin wasn’t the only crypto platform to succumb to a data breach. Crypto.com also lost $18 million in bitcoin and $15 million in Ethereum this year. As developers rush to push out new exchanges with various blockchain features in a federally unregulated environment, there is growing concern that more crypto exchanges might fall.
Microsoft Office issued CVE-2022-30190 in May 2022 for a remote code cyberattack execution vulnerability in the Microsoft Support Diagnostic Tool. It uses the URL protocol from a calling application such as Word or Excel. When this software vulnerability is exploited by an attacker, they can run arbitrary code under the privileges of the Microsoft Office application that is called. Once inside, the attacker can install programs, interact with data, and create new accounts.
The Microsoft Office software vulnerability known as Follina was discovered by a researcher when they found a malicious Word document. The compromised document was uploaded to VirusTotal from Belarus so that others could take advantage of the vulnerability. This document allowed hackers to execute an attack using Microsoft’s remote template feature to fetch an HTML. Then, they used the “ms-msdt” scheme to run PowerShell code.
In August, sensitive encrypted information, including the usernames, emails, and passwords of about 30 million users, was exfiltrated. Plex is a media server app with millions of users worldwide. Because the full amount of damage from the Plex attack may not be realized due to their encryption protocols, there is much to learn from it.
Plex discovered abnormal activity in one of its databases and immediately launched an investigation into the suspicious events. The company later said an unauthorized third party accessed a limited subset of data, including encrypted passwords. However, there hasn’t been any specific attack vector disclosed at the time this article was written.
Password discovery method of cyberattacks could take hundreds of years to crack the encrypted passwords breached at Plex, which is almost a positive outcome where cyberattacks are concerned. Companies can follow in Plex’s footsteps by encrypting user data and keeping proprietary information separate in case of a breach.
Another way to protect your business from this type of attack is to maintain thorough log documentation to spot suspicious activity and launch mitigation responses as soon as possible. The damage of this attack could have been much worse if Plex hadn’t acted fast. Third-party vulnerability management is key to preventing this type of attack from happening to you.
Apple grappled with its own software vulnerabilities in 2022. They experienced a series of zero-day attacks that enabled hackers to execute arbitrary code via kernel privileges. Some of the exploitation allowed threat actors to violate users’ privacy in big ways.
Cybercriminals could successfully track users’ browsing activity and identities while actively using their iPhones, iPads, and Macs running Monterrey. These software vulnerabilities also allowed attackers to execute targeted attacks against specific individuals, including journalists, politicians, and activists.
Use-after-free vulnerabilities also plagued Apple this year. These vulnerabilities exploited in the wild also were largely used to execute targeted attacks against specific individuals and organizations. The CVE-2022-22620 was a WebKit use-after-free bug that caused OS crashes and enabled remote code execution on devices that were compromised.
The cybercrime group known as LAPSUS$ carried out several attacks this year against some of the biggest names in tech. Nvidia, Ubisoft, Samsung, and Microsoft all fell victim to the young attack group. Jira, GitLab, and Confluence vulnerabilities were used to escalate privileges after retrieving employee credentials via sophisticated social engineering methods.
The breach in Nvidia was by a group of teenagers using phishing attempts that allowed them to get the credentials of thousands of employees. LAPSUS$ then threatened to leak passwords, schematics, and drivers if the company refused to remove certain paywalls and make their driver’s open source.
The Breach in Microsoft was also via phishing methods, allowing attackers to exfiltrate the source code for multiple projects. The more notable ones include Bing, Cortana, and Bing Maps. They also used extortion against Okta and T-mobile, leaking source code and making threats in exchange for Bitcoin.
This group of teenage cybercriminals has taught us that one of the top vulnerabilities facing organizations today is still weak password credentials and business email phishing. Hackers could access several employee accounts, exfiltrate data, and hold it for ransom without breaking encryption.
The Government of Costa Rica
In April 2022, Costa Rica came under a 5-day-long cyberattack targeting over 30 government agencies, the state’s internet service provider, utility companies, a university, and several municipalities. In the end, they were all taken over by the attack group Conti and held for ransom $10 million. By the end of the lockout and data breach, Conti had leaked 97% of the data exfiltrated from the attack, and the Costa Rican government declared a national emergency.
In June, the country came under a cyberattack again from a ransomware group called Hive. The group of hackers held Costa Rica’s social security system and several hospitals for ransom for $5 million in bitcoin. It started with a third-party payroll vulnerability that allowed them to gain access to hundreds of servers.
These two ransomware groups are suspects of being in connection since many Hive members once belonged to Conti. The Costa Rica attack was actually Conti’s last attack before dissolving into several smaller ransomware organizations. As such, the attacks followed a similar attack flow.
The attackers accessed Costa Rica’s infrastructure systems through a compromised VPN log and installed Cobalt Strike within the country’s sub-network. They then gained local admin access to carry out their data breach operation.
2022 has seen 2.8 billion malware cyberattacks, an increase of 11% from last year. It’s important to remember the attack vectors of past security events to avoid falling victim to a cybercriminal in 2023. There are many techniques that bad actors use to infiltrate an organization’s network and perform malicious actions, but for the most part, they all use a few similar formulas to carry out their attacks.
One of the best ways to protect yourself from a data breach is to understand your network and manage vulnerabilities as a part of your daily tasks and routines. Digital tools for continuous vulnerability monitoring, automatic alerts, automatic updates, mitigation, and recovery tools are all essential for IT teams to keep their organizations safe from malicious attacks.