With the cost of living crisis on everyone’s lips in 2022, it should not come as a surprise that the cost of a data breach has also increased to an all-time high in a year marked by significant increases in energy prices and worldwide inflation. This pattern might also help us predict the largest cyberattacks of 2023 since it doesn’t appear to be slowing down.
According to IBM’s Cost of Data Breaches Report 2022, the average overall cost is $4.5 million. A worrying 83% of the 550 businesses IBM contacted who had had a data breach had also experienced multiple breaches over the same time period. According to the report, breaches where remote working was a factor increased the average cost by about $1 million. Consider the typical time needed to detect and contain each form of breach to get a sense of how important it is to prevent these prevalent attacks. The time it takes to find and stop a compromise is an astounding 327 days.
- The Ukraine War
Russia has been attacking Ukrainian banks, electrical grids, and internet infrastructure for a long time. This has affected military and government administrative systems since the start of physical conflicts.
Many people saw the Russian attacks before the conflict as a trial run for their cyber weapons. Similar to traditional combat, cyber wars give observers the chance to watch and evaluate how different tactics, strategies, and how the technical weapons themselves work.
Since the conflict began, Ukraine has launched its own cyberattacks. They established a volunteer “IT Army,” which used a website listing hostnames and/or IP addresses of Russian targets, and has resulted in several data breaches and service outages inside of Russia (often via distributed denial of service) (DDoS attacks).
- Lapsus$ group’s high profile attacks
Each time, information was taken and frequently leaked online. Their strategic plan is extortion, and they frequently use phishing to obtain access before searching for and stealing the most private information they can. They frequently don’t use any encryption software at all.
The Lapsus$ Group appears to be a loose group of participants, unlike many sophisticated cybercrime groups. The organisation may have been “hacked back” by Nvidia, according to rumours. Offensive security professionals will try to compromise the attacker’s machines by hacking back. Given that the attacker machines are frequently compromised by third parties, this can be legally problematic. Investigators quickly realised that Lapsus$ might not even be in it for the money.
They seemed to be looking for recognition given that they used social media to publicise their attacks. They asked users to vote on whose data they should reveal next in polls they ran on Telegram to announce their accomplishments. All of this commotion and attention came to an abrupt end in March when British police detained seven suspects, including two 16 and 17-year-olds. After the arrests, Lapsus$ appeared to continue for a brief while, but they now appear to have disappeared.
- Yet again another Marriott data breach
Nearly 340 million guest records were compromised in 2014 as a result of a breach at Marriott. This breach cost the UK Information Commissioner’s Office £14.4 million and went unreported until September 2018. Marriott experienced another hack in January 2020 that affected 5.2 million guest records.
Hackers claim to have stolen more than 20GB of private information, including guest credit card information, in June 2022. An employee at a Marriott resort in Maryland was tricked by the attackers using social engineering into granting them access to their computer.
- Ex-Amazon worker convicted over Capital One hacking
Paige Thompson, a former employee of Amazon, was found guilty in June of this year for her part in the 2019 Capital One breach. She used her understanding of cloud server vulnerabilities while employed by Amazon Web Services (AWS) to steal the personal data of over 100 million users.
She had in reality boasted about her exploits on hacker forums, pleading that she was an ethical hacker who merely wanted to alert them of vulnerabilities. She was found guilty and could spend the next 45 years behind bars. Capital One settled a class action lawsuit for $190 million after being fined $80 million by the Office of the Comptroller of Currency.
- Conti’s attack against Costa Rica
Costa Rica has been under attack via Conti Ransomware since the beginning of this year. Many of the nation’s critical services were paralysed by two significant ransomware attacks, throwing the administration into disarray as it tried to react. According to officials, as the ransomware spread, tax payments were also hampered, over 30,000 medical appointments had to be postponed, and international trade came to a complete halt.
The Social Security Fund was the target of a second attack that happened in late May 2022. Due to Conti’s involvement in the development of the Hive ransomware, which was employed in this, this has also been linked to Conti. It’s likely that Conti is using this strange activities as a sort of smokescreen as the gang seeks to reinvent itself.
- A constant hit on healthcare providers
A breach at Massachusetts-based medical services company Shields Health Care Group in March resulted in the exposure of almost two million patient records. Shields, which depends on connections with hospitals and medical facilities, was largely affected by this. Additionally, patients at up to 53 different facilities were impacted.
In August, ransomware attacked a managed service provider (MSP) for the UK National Health Service. It significantly disrupted NHS emergency services throughout the UK. For assistance with triage and investigations, Advanced enlisted the aid of Microsoft and Mandiant. While in the US, NetStandard, another MSP, was targeted, prompting it to shut down its cloud services called “MyAppsAnywhere.”
MSPs are enticing targets for ransomware gangs since they have access to the data of numerous organisations and so offer a variety of potential extortion sources. The renowned REvil organisation has previously targeted MSPs.
- Uber’s internal systems compromised
In September 2021, a teenager completely infiltrated the internal systems of the ride-sharing business Uber. It appears that he employed a technique known as an MFA Fatigue attack, in which, if the organisation uses MFA (Multi-Factor Authentication), the attacker floods the employee with authentication requests on their mobile phone after obtaining their credentials.
In this case, the attacker eventually contacted the employee via WhatsApp and pretended to be from Uber IT, warning him that he needed to accept the auth request or they would keep coming if he didn’t. At first, the employee will refuse them because they aren’t logging in, but initially they will be refused because they are not logging in. The worker gave in after becoming sufficiently weary of the constant solicitations. The attacker then could add his own device to the MFA to change it.
The attacker then got in via the company VPN and started digging around. He quickly discovered a Powershell script with administrator login information for the Thycotic privileged access management (PAM) platform used by the business. All necessary credentials were accessible from this point. Given that the attacker appears to have done it out of curiosity rather than for financial gain or other more harmful mischief, Uber may be regarded as fortunate in this case.
So what’s in store for 2023?
This is unfortunately just some of the largest attacks that hit organisations throughout 2022, there were many more reported and many that are yet to be uncovered. Although analysis of trends for 2022 is still ongoing, it appears that many of the common suspicious groups are still active. Even if ransomware isn’t garnering as much attention as it did a year ago, it still poses a serious threat to many businesses. The majority of businesses could perform significantly better with just the most fundamental security best practices such as the protection of mobile devices and the security behind them, according to surveys like the IBM Security Cost of Data Breaches 2022.
As we move towards 2023, cybersecurity and threat detection remain important priorities. For both large and small firms, data breaches and the theft of sensitive information continue to be a concern.
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.