As we transition into the new year, it’s essential to be aware of the cyberattacks that have taken place in the past 12 months. And as technology evolves, so must the need for increased cybersecurity measures.
Here are the most significant cyberattacks of 2022 and companies’ actions to protect data from future threats.
On December 06, 2022, Rackspace Technology® reported a ransomware incident that affected their Hosted Exchange environment. It led to service disruptions for some of their customers.
The company quickly responded by assembling an internal security team and contracting a leading cyber defense firm. They investigate the incident and limit the impact of potential loss of data or revenue and any incremental costs.
Rackspace has taken proactive measures to isolate and contain the incident to protect its customers. However, the investigation believes the ransomware was in isolation from other products and that the other products remain operational.
Rackspace posted a cautionary banner updated live via its website. It is actively taking additional security measures to monitor any suspicious communication. In addition, they are providing consumer guidance for migrating away from the potentially impacted services. It also includes helping limit the impact of customers’ operations.
2. Okta, and Okta Again
On March 22, 2022, screenshots taken from an Okta third-party customer support engineer were posted online by LAPSUS$. As a result, Okta released a statement explaining the situation and reassuring that the Okta service was still secure. They stated that customers did not need to take any corrective actions.
Sitel is a sub-processor of Okta’s workforce who helps with its customer support organization. Following an unsuccessful attempt of a new password addition to one of Sitel’s engineers’ accounts, out of caution, it got reset, and Sitel engaged with a forensic firm to investigate further.
To understand the potential impact of the security incident, Okta analyzed the actions of Sitel employees on the SuperUser application for five days. As a result, they determined that about 2.5% of customers had their Okta tenant accessed by Sitel.
To be transparent, the customers will receive a report showing Sitel’s actions on their Okta tenant during that period so they can assess the situation themselves.
GitHub Source Code
Okta recently suffered a security breach in which someone stole their source code from their GitHub repositories. Okta’s chief security officer, David Bradbury, sent out an email notification to their security contacts revealing what had happened. The attacker didn’t gain access to any customer data or services. Users of Okta’s different services were unaffected by the incident.
Crypto, a cryptocurrency exchange, experienced a hack earlier this year on January 17, 2022. It resulted in the unauthorized withdrawal of bitcoin and Ether worth around $35 million (originally estimated to be $15 million).
To investigate and address the issue, Crypto suspended withdrawals for 14 hours to address the issue. Overall no customers experienced a loss of funds as Crypto prevented almost all unauthorized withdrawals. All other cases got reimbursed.
They also implemented their Worldwide Account Protection Program (WAPP), which promises to restore funds up to $250,000 for qualifying users.
4. Small Change Next to the $620 Million Stolen From Axie Infinity
Chainalysis, a crypto analytics firm, recently helped the U.S. government recover about $30 million of the stolen funds taken from Axie Infinity, an online video game. The entity responsible for the theft is North Korean hackers known as Lazarus Group, linked to multiple crypto thefts in recent years.
Thanks to Chainalysis and law enforcement officials, they were able to retrieve some of these stolen funds, which marks the first time that the U.S. ever seized cryptocurrency stolen by North Korean hackers.
The total amount stolen was over $600 million, but with their help, they recovered at least some of it while going down in the history books.
5. Russia’s Invasion of Ukraine and the IT Army
A group of hackers in Ukraine has been disrupting Russian web services in retaliation for the Russian invasion of their country. The group, called “IT Army of Ukraine,” has successfully taken down the websites of the Kremlin, the Duma, state-owned media services, several banks, and the energy giant Gazprom.
Russia has attempted to stop the cyberattacks by filtering access to certain websites, but this has only caused more disruption.
6. Conti Ransomware Leak
A Ukrainian security researcher leaked damaging data, including source code and over 1000,000 internal messages about the Conti ransomware operation. The leak happened just after they sided with Russia over the invasion of Ukraine on February 27, 2022.
The researcher leaked the messages associated with a log server for the Jabber communication system used by the hacker group. The data contains information about the hackers’ activities, including:
- Previously unreported victims
- Private data leak URLs
- Bitcoin addresses
- Discussions about their operations
These leaked messages seriously undermined the operation while giving researchers and law enforcement crucial information about their internal workings.
7. Montenegro Cyberattacks: Russia to Blame
Experts from several countries rushed to investigate and restore the Montenegro government’s computer system after coordinated cyberattacks starting around August 20, 2022, leaving the state’s infrastructure at risk. The attack was carried out partly by a Russian-speaking ransomware gang known as Cuba ransomware and called Zerodate.
Some suspect the Kremlin or even state intelligence services were behind it. And it could be due to Montenegro joining NATO despite Russian opposition and taking part in Western sanctions against Moscow regarding Ukraine, which led Russia to label them an enemy.
Log4j is a standardized Java utility and has been around for 20 years. However, in December 2021, a critical vulnerability called Log4Shell was found, which allowed unauthenticated and untrained threat actors to gain control over applications, resulting in costly breaches.
Despite numerous attempts to fix the problem, many organizations remain vulnerable to the risk of Log4Shell, with 2.5% of assets remaining exposed as of October 2022. Additionally, 29% of assets showed recurrences despite previously achieving complete remediation.
9. Honorable Mention: The Year of LAPSUS$
LAPSUS$ first made headlines in December 2021 with Brazil’s Ministry of Health attack and gained global attention the following March for large-scale cyberattacks on companies like Okta, Microsoft, Samsung, and Vodafone.
Following this attention in April 2022, authorities arrested and charged two teenagers under 18 with connections to LAPSUS$. Despite getting served with several offenses, activity continued, and the hacker group released hacked source code for apps belonging to major companies such as Facebook and DHL shortly after.
While it is uncertain if LAPSUS$ was also behind an Uber data breach and the Rockstar Games hack, some are concerned about the lack of cybersecurity protocols from these big firms and those young individuals can target these massive corporations.
10. Twitter: 5.4 Million User Accounts Stolen From a Social Engineering Attack
On August 5, 2022, Twitter revealed that a hacker going by the alias “devil” exploited a zero-day bug to link personal identifiers such as phone numbers and emails to user accounts on the social media platform.
The hacker took advantage of the flaw and released a significantly large dataset for $30,000 on online forums. The bug became known in June 2021 and affected over 5 million users.
As a result, Twitter quickly contacted account owners impacted by the problem directly and advised users to use two-factor authentication to protect against unauthorized logins.
As we move into 2023, we must be aware of the most critical cyberattacks of the previous year and what we can learn from them. Rackspace, Okta, and Crypto.com were all significant targets in 2022, and each one offers lessons for businesses of all sizes.
The Axie Infinity hack was one of the largest ever, and Russia’s involvement in the Montenegro cyberattacks shows that no country is immune from these threats. In addition, the Log4j leak highlights the importance of keeping all software up to date, and the Twitter hack demonstrates the power of social engineering attacks.
While it’s important to stay informed about these events, it’s also essential to protect yourself before something happens.
Don’t make the hacked news in 2023! Agile IT is here to help — we specialize in providing cybersecurity in Microsoft 365 and Azure, so don’t wait until it’s too late.