Serious cyber attacks, data breaches, digital scams and ransomware attacks continued apace throughout the first half of this complicated year. With the Covid-19 pandemic, economic instability, geopolitical turmoil and bitter human rights disputes around the world, cybersecurity vulnerabilities and digital attacks have proved deeply connected to all aspects of daily life. Six months from the end of the year, however, many more are to be expected. Here are the most colossal digital security debates to date.
For years, the Russia has launched digital attacks aggressive and reckless against Ukraine, causing blackouts, attempting to fake elections, stealing data and distributing malicious malware that has spread across the country and around the world. Since the war began in February, however, the digital dynamic between the two countries has changed, and Russia struggles to sustain a large-scale and costly kinetic warfare that Ukraine resists on all possible fronts. This means that while Russia continued to hit Ukrainian institutions and infrastructures with cyber attacks, Ukraine responded with surprisingly successful counter-offensives. At the beginning of the war, Ukraine has formed an army of volunteer hackers which focused on DdoS attacks and violations against Russian institutions and services, to cause as much chaos as possible. Hacktivists around the world have also turned their attention and digital firepower towards conflict. Ukraine has launched various types of attacks against Russia, including using custom malware, while Russia has experienced data breaches and service outages on an unprecedented scale.
There gang of digital extortionists Lapsus $ significantly stepped up operations in early 2022. The group emerged in December and began stealing source codes and other valuable data from increasingly important and sensitive companies, including Nvidia, Samsung and Ubisoft, before spreading them behind apparent attempts at extortion. The wave reached its peak in March, when the group announced that it had hacked and leaked portions of the Microsoft Bing and Cortana source code, and compromised the account of a customer support engineer who had access to internal systems of the widespread Okta authentication service. The attackers, which appeared to be based in the UK and South America, relied largely on phishing attacks to gain access to the target systems. In late March, British police arrested seven people believed to be related to the group and charged two in early April. Lapsus $ appears to have continued to operate for a short time after the arrests, only to become inactive.
In one of the most disruptive ransomware attacks ever, the Russian-linked Conti gang of cybercriminals brought Costa Rica to its knees last April with consequences that lasted for months. The group’s attack on the country’s finance ministry paralyzed Costa Rica’s import / export activities, causing losses of tens of millions of dollars a day. The attack was so bad that the president of Costa Rica declared a “national emergency“- the first country to do so due to a ransomware attack – and a security expert described Conti’s campaign as”Without precedentsA second attack in late May, this time on the Costa Rican Social Security Fund, was attributed to Hive ransomware, linked to Conti, and caused vast disruptions to the country’s health system. Although Conti’s attack on Costa Rica is momentous, some believe it was conceived as a diversion put in place to cover a rebranding of the gang, necessary to evade sanctions on Russia triggered by the war with Ukraine.
With the evolution ofcryptocurrency ecosystem, the tools and utilities to store, convert and manage them have developed at breakneck speed. However, this rapid expansion has resulted in a series of oversights and missteps. Cybercriminals, eager to exploit these errors, have stolen large amounts of cryptocurrencies worth tens or hundreds of millions of dollars. At the end of March, for example, the Lazarus Group of North Korea stole $ 540 million worth of Ethereum and USDC stablecoins from Ronin, a popular blockchain bridge. Meanwhile, in February, attackers exploited a breach in the Wormhole Bridge to steal a Wormhole Ethereum variant worth approximately $ 321 million. In April, cybercriminals targeted the Beanstalk stablecoin protocol, taking out a “flash loan” worth about $ 182 million worth of cryptocurrency.
Healthcare providers and hospitals have long been a favorite target of ransomware gangs, who try to create as much panic as possible to force victims to pay in the hopes of being able to restore their digital systems. Health data breaches also persisted into 2022, as cybercriminals collected various data that they can monetize through identity theft and other types of financial fraud. In June, Massachusetts-based service provider Shields Health Care Group revealed that it had experienced a data breach that lasted for much of March, affecting an estimated two million people in the United States. The stolen data included names, social security numbers, dates of birth, addresses and billing information, as well as medical information such as diagnosis and medical record contents. In Texas, patients from the Baptist Health System and Resolute Health Hospital admitted they suffered a similar violation in June, which exposed similar data, including social security numbers and sensitive medical information of patients. Also Kaiser Permanente and Yuma Regional Medical Center in Arizona have disclosed data breaches occurred in June.
In early June, the US Cybersecurity Infrastructure Security Agency (Cisa, the US Cyber and Infrastructure Security Agency) released the news that some Chinese government-backed cybercriminals had been able to breach a number of sensitive targets. around the world, including “important telecommunications company“. According to CISA, known vulnerabilities in routers and bugs in other network equipment have been targeted, including those of multinational companies specializing in the supply of networking equipment such as Cisco and Fortinet. The alarm launched by the US authorities has aiming to push organizations to increase their digital defenses, especially when handling massive amounts of sensitive user data. “The warning details how major telecom companies and network service providers have been targeted and compromised – wrote the Cisa -. In recent years, a number of serious network device vulnerabilities have provided cybercriminals with the opportunity to exploit and gain access to critical vulnerable devices. Furthermore, the protection of these devices is often neglected“.
In a separate action, cybercriminals likely engaged in spying on behalf of China they have hacked the US publishing group News Corp, with an intrusion discovered by the company on January 20. Among other things, the attackers had access to journalists’ e-mails and other documents. News Corp owns a number of high-profile news outlets, including the Wall Street Journal and the New York Post, as well as several publications in Australia.
Honorable mention: the disclosure of gun data in California
A few days after the US Supreme Court’s decision last June overturned restrictions on carrying firearms in public, an unrelated data breach has potentially exposed the personal information of those who applied for the gun license in California between 2011 and 2021. The incident released data such as names, ages, addresses and license types. The breach occurred after a misconfiguration of a dedicated portal, the California Department of Justice Firearms Dashboard, exposed data that was previously not accessible to the public. “This unauthorized disclosure of personal information is unacceptable and falls well below my expectations for this department State Attorney General Rob Bonta said in a statement. The California Department of Justice is tasked with protecting Californians and their data. We recognize the inconvenience this action can cause to individuals whose information has been exposed. I am deeply upset and angry“.