2022 was a banner year for cyberattacks, with several significant attacks targeting businesses and governments. To better understand cyber-criminals' strategies and intentions, it is important to analyze some of these attacks.
This year has seen the emergence of new Ransomware-as-a-Service gangs and the return of one of the world's most dangerous ransomware operations - REvil. Ransomware protection is essential for all organizations, regardless of size or industry. Phishing emails remain the most common form of attack and can lead to severe implications such as data compromise, encrypted files and offline systems. It is, therefore, imperative that organizations take appropriate measures to protect their data from ransomware attacks.
With that said, here are 10 of the most consequential cyber-attacks of 2022.
Table of Contents
Nvidia was struck by a ransomware attack in February 2022, with the hackers (Lapsus$) claiming to have 1TB of exfiltrated data and demanding payment. Although it was speculated that Nvidia's operations had been disrupted, the company stated otherwise and managed to contain the situation. It is also claimed that they allegedly hacked the hacker, though this has not been confirmed.
Nvidia's internal systems were compromised and its response to the threat included hardening security and engaging cyber incident response experts. It also appears that they were able to track the responsible individuals, although this has not been confirmed.
The attack highlighted the need for organizations to stay vigilant regarding cybersecurity and have robust systems in place. Companies like Nvidia must take proactive measures to ensure they are prepared, as these types of infiltrations will continue into the future.
The Costa Rican government experienced two major ransomware attacks in 2022. The first attack was carried out by the group Conti and resulted in a ransom demand of $10 million, which was later increased to $20 million.
The second attack occurred on May 31 and was linked to HIVE, crippling the country's healthcare system and directly impacting the social security fund. These attacks demonstrate the immense damage that can be done when adequate resources are not invested in protection solutions and employee cyber security training. Governments need to recognize this risk and take steps to mitigate it.
Ukraine had been subjected to cyber attacks from Russia for many years before the physical conflict started in 2014. These attempts have mainly targeted infrastructure such as power grids, internet systems and banks.
One particularly destructive strain of malware, HermeticWiper, has been erasing data from windows based computers in the Ukraine, as well as Latvia and Lithuania.
In response, Ukraine developed a volunteer 'IT Army', which launched its own retaliatory cyber attacks against Russian targets to cause data breaches and service disruptions. Such actions allow observers to assess different strategies and technical weapons used during a cyber war.
Cryptocurrency transactions have become increasingly popular, and as a result, the market for tools to manage crypto assets has increased. Unfortunately, this rapid expansion has allowed hackers to exploit security flaws in these applications.
The most notable incidents include North Korea's Lazarus Group stealing $540 million worth of Ethereum and USDC stablecoin from the Ronin blockchain bridge in March, $321 million of Wormhole Ethereum variant stolen in February, and attackers exploiting Beanstalk's stablecoin protocol to make away with $182 million worth of cryptocurrency in April.
Despite these thefts, many people still trust cryptocurrencies as a safer option than traditional currency. It is up to developers and users alike to ensure that their systems are secure by following safe practices.
The Red Cross experienced a ransomware attack in January of 2022, which resulted in over half a million people's records classified as "highly vulnerable" being compromised. The data included those records for individuals who have been separated from loved ones due to conflict, migration and disaster, as well as those in detention.
According to researchers at FireEye, “This operation (Red Cross Hacking) is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests. These narratives include anti-Saudi, anti-Israeli, and pro-Palestinian themes, as well as support for specific U.S. policies favorable to Iran.”
As a result of the attack, the Red Cross took its servers offline for an investigation but could not identify any culprits. This incident highlights the importance of cyber security measures for organizations that handle sensitive data.
In June, Shoprite Holdings, Africa's largest supermarket chain, suffered a ransomware attack. The threat actor RansomHouse claimed responsibility and criticized the company for storing personal data in plain text with no security measures.
The attackers claimed to have obtained 600GB of data from Shoprite, which was stored "in plain text/raw photos packed in archived files" which were left unprotected. This affected over 3,000 stores across multiple countries, 150,000 employees and an annual revenue of $5.8 billion.
Toyota experienced a series of cyber-attacks between February and March 2022, resulting in the shutdown of 14 Japanese plants and computer networks and production facilities in the Middle and North America.
Two suppliers, Kojima Industries, Denso, and Bridgestone, were targeted by hackers with ransomware attacks. This serves as an eye-opener for businesses of any size to invest more resources into security measures to protect themselves from such threats.
It also highlights the increasing sophistication of cybercriminals who can bypass even the most secure organizations. Thus, organizations must remain vigilant against potential cyber threats and implement effective countermeasures to mitigate their impact.
Hensoldt, a leading defense contractor, confirmed on 12 January 2022 that some of its subsidiaries in the UK were hit with a ransomware attack. Lorenz claimed credit for it and listed their ransom as "paid".
Hensoldt provides sensor solutions for several organizations such as the US army, Marine Corps and National Guard. The exact details surrounding the security breach have not been disclosed nor is it known if Hensoldt paid the ransom or if another party purchased the stolen data. Despite this incident, Hensoldt remains committed to providing top-tier solutions for defense, aerospace and security software.
SpiceJet, a major Indian airline, faced an attempted ransomware attack earlier this year. The incident exposed serious cybersecurity gaps in one of the world's largest aviation markets. It highlighted how important it is for Indian airlines and those across the globe to evaluate their ransomware readiness.
Hundreds of passengers were left stranded due to the attack, which lasted over 6 hours and affected SpiceJet's brand reputation. Good Incident Response Planning would have helped prevent this situation, emphasizing the need for emergency response and timely communication in industries like aviation.
One of the year's first attacks took place in Bernalillo County, New Mexico, as the government faced a crippling ransomware attack on January 5, 2022, that caused several county departments and offices to go offline.
The attack caused particular alarm when the Metropolitan Detention Center was taken offline, resulting in inmates being confined to their cells without the standard electronic locking systems.
An emergency notice had to be filed in federal court to comply with a 25-year-old settlement agreement over inmate confinement due to the malware attack. This incident serves as a reminder of how ransomware attacks can undermine citizen welfare, operations and the health of businesses or governments.
In conclusion, the year 2022 has already featured some major cybersecurity incidents that have had far-reaching consequences. From data breaches to ransomware attacks, it's clear that organizations of all sizes need to take cyber security seriously to protect their customers and operations. This should include investing in effective countermeasures, incident response plans and timely communication strategies to mitigate potential impacts.