2022 has been a tumultuous year for cyber security, with a number of high-profile breaches and incidents making headlines around the world. From state-sponsored cyber attacks to extortion campaigns, it’s clear that the threat landscape is constantly evolving. In this blog post, we take a look at some of the most reported on incidents of 2022.
The invasion of Ukraine by Russia in February 2022 marked the first time that cyber attacks were used on such a large scale in a full-scale war.
Malware and ransomware were wielded like weapons as both sides sought to destabilise the other. Unfortunately the cyber war spread beyond the borders of the conflict with organisations across the world sometimes being caught in the crossfire. Prior to the start of the war, Ukraine was hit by a large-scale cyber-attack that took down several of its government and ministries websites.
Researchers discovered evidence of malware disguised as ransomware that could render a system inoperable. It worked in the same way that ransomware does, except it essentially throws away the key, making data un-decryptable suggesting that the attacker’s goal was espionage/disruption, rather than financial gain.
The threat from ransomware and destructive malware from the Russian state and Russian backed hacker groups will remain high throughout the conflict and likely beyond.
The Lapsus hacking group made headlines in 2022 with their extortion campaigns targeting companies like Microsoft, Nvidia, Uber and Rockstar Games.
Interestingly, seven of the group’s members were arrested and most were teenagers, highlighting the fact that many hackers are just kids operating from their bedrooms. The activities of the Lapsus$ Group highlight the increasing threat posed by Ransomware as Service (RaaS).
With the number of ransomware variations doubling in the last six months it is clear cyber-criminals know when they’ve found a good thing, and with economic woes looking likely in 2023 we can expect more ransomware attacks to take place next year.
In August, MSP Advanced was hit by a ransomware attack of the Lockbit 3.0 variety. Unfortunately the MSP provides 85% of services to NHS 111.
The attack caused massive disruption to the NHS as the 111 service is used to refer patients for medical care, dispatch ambulances to where they are needed, create appointment bookings, etc. In short, the NHS was virtually crippled and hit with massive disruption.
The incident highlights how MSPs can be valuable targets for threat actors, propagating their attacks’ impacts to multiple victims at the same time.
Perhaps the most impactful cyber attack of 2022 was the ransomware attack against the Costa Rican government in May. In 2021 the Conti Ransomware gang were behind the catastrophic ransomware attack on the Irish Health Service (HSE) among others. That attack put them on the radar of the world’s authorities but it didn’t deter them until they launched a series of attacks that all but crippled Costa Rica. The disruption to the country’s essential services, trade and healthcare system was so severe that the Costa Rican president declared war on the Conti group. It was also the first time a nation has declared a state of emergency in response to a cyber-attack.
In the same month the U.S. Department of State offered a $10 million bounty for information about the groups leaders. As a result the Conti group went underground and ceased operations. Many members joined other ransomware groups or split into smaller cells.
2022 has been a year filled with high profile cyber attacks and incidents and it’s clear that the threat landscape will continue to evolve.